Did a sexy Russian spy nerf the o.com auction?

It’s been over three years since Verisign won the right to auction off the domain name o.com for charity, and so far there’s no sign of a sale. Could a pro-Trump conspiracy theorist’s affair with a Russian spy be the reason?

The .com registry operator received permission from ICANN for a one-off auction — a unique exception to the decades-old convention that single-character .com domains are reserved — in March 2019, and that was the last we heard of it.

There’s been no announcement of an auction date, and neither ICANN nor Verisign have mentioned it since.

I asked Verisign a couple of weeks ago what the company’s plans were and at the weekend received the reply: “Thanks for reaching out and your interest is noted. Once there is an update, we will reach back out to you.”

I don’t think I’m getting into conspiracy theory territory to suggest that the reason for the lack of movement is that the domain’s most likely buyer, the man most likely behind Verisign asking ICANN’s permission in the first place, lost his job a few months after the auction was approved.

When in 2017 Verisign filed its request with ICANN it was widely believed to be primarily the result of a pressure campaign by Patrick Byrne, then-CEO of online retailer Overstock.com, that had gone on for over a decade.

Byrne had been nagging Verisign and ICANN to let him register the domain since at least 2004, as this published correspondence (pdf) illustrates.

Former senior ICANN staffer Kurt Pritz later recounted how Byrne “slid a check for $1,000,000 payable to ICANN across my desk” to persuade a then-broke ICANN to release the name, around the same time. The offer was rebuffed.

Byrne’s obsession with o.com continued, but in 2010 he seemed to throw in the towel briefly when Overstock paid relaunching Colombian ccTLD operator .CO Internet a whopping $350,000 for the domain o.co, which Overstock promptly rebranded around.

Overstock even purchased the naming rights to the Oakland Coliseum baseball stadium, which was known as the O.co Coliseum from 2011 to 2016.

But rebranding is always a risk, not least when it’s to an unfamiliar TLD, and Byrne admitted in 2012 that the move had been a huge mistake.

“O.co was my bad call,” Byrne said at the time, adding that “about eight out of 13 people who were trying to visit us through O.co, eight were typing O.com”.

So when Verisign got the nod to sell o.com, you might have expected Byrne to be champing at the bit.

But in August 2019, Byrne quit Overstock after it emerged he had been in a sexual relationship — according to him encouraged by shadowy FBI agents — with a Russian woman half his age convicted in the US of being a spy in 2018.

Byrne admitted the reportedly three-year relationship with Maria Butina, who after her release from US prison became a member of Russia’s parliament with Putin’s United Russia party, in August 2019. It’s a pretty wild story.

He quit his job at Overstock, the company he had founded, at the same time and a month later sold all his stock in the company.

Byrne has since gone on to be a full-time conspiracy theorist, including reportedly being one of several people who, in December 2020, had a bizarre White House meeting in which they attempted to explain to then-President Trump how the 2020 election had been stolen — the birth of the “Big Lie”.

That was reportedly the first time he had met Trump. There’s no evidence I’m aware of that he had the president’s ear while Verisign was asking his administration to lift the price freeze on .com domains, which it did in 2018.

Conspiracies aside, it’s undoubtedly true that Byrne’s resignation means Verisign has lost its most motivated bidder for o.com, so an auction would likely prove disappointing, unless Oprah Winfrey is feeling particularly frivolous.

Verisign to crack down on Chinese domains

Verisign has asked for permission to implement a more stringent regime for denying or suspending .com and .net domain names registered in China, to comply with the country’s strict licensing rules.

The changes appear to mean that customers of Chinese registrars who have not verified their identities, which Verisign says is a “very small percentage”, will be prevented from registering new domains and may lose their existing domains.

The company has filed a Registry Services Evaluation Process request with ICANN, proposing to tweak the registrant verification system it has had in place for the last five years in a few significant ways.

China has a system called Real Name Verification, whereby Chinese citizens have to provide government-issued ID when they register domains. Local, third-party Verification Service Providers such as ZDNS typically carry out the verification function for Verisign and other foreign registries.

The big change is that Verisign will no longer allow names to be registered without a valid code.

The RSEP says that attempts by China-based registrars to register domains without the required government verification code will result in the EPP create command failing, meaning the domain will not be registered.

Under the current system, outlined in a 2016 RSEP (pdf), the name is registered and Verisign presumably takes the money, but the domain is placed on serverHold status, meaning it is not published in the zone and will not resolve.

The new system will also allow Verisign to retroactively demand codes for already-registered names, when they come up for renewal or transfer, with the option to suspend or delete the names if the codes are not provided. The RSEP (pdf) states:

With regard existing domain names without the required verification codes, which currently comprise a very small percentage of domain name registrations from registrars licensed to operate in the People’s Republic of China, Verisign intends to address compliance issues with these domain names directly with registrars. Verisign reserves the right to deny, cancel, redirect or transfer any domain name registration or transaction, or place any domain name(s) on registry lock, hold or similar status

It’s not clear what a “very small percentage” means in hard numbers. A small slice of a big pie is still a mouthful.

Verisign has substantial exposure to the Chinese market. On the odd occasion when .com shrinks, it’s largely due to speculative registrations from China not being renewed, such as in the second quarter this year.

The RSEP names the service the Domain Name Registration Validation Per Applicable Law service. While it’s in theory applicable to any jurisdiction’s laws, in practice it’s all about addressing the demands of the Chinese government.

Verisign announces ANOTHER price increase as regs slide

Verisign posted a rare decrease in its .com/.net registered name base in the second quarter, but said it is going to raise its .net prices next year anyway.

The company also massively slashed its growth outlook for domain sales this year.

The annual cost of a .net name will go up 10%, the maximum permissible under its contract with ICANN, to $9.92 from February 1 next year, the registry said

Registrants will as usual be able to lock-in the current renewal fee of $9.02 for up to 10 years if they renew before the hike kicks in.

It’s the first .net price increase since 2018. The TLD has been stagnating in volume terms for several years, due no doubt in part to behavioral changes following the introduction of new gTLDs starting in late 2013.

The news came as Verisign reported that its domain base shrunk during Q2.

The company ended June with 174.3 million names under management, up 2.2% over a year earlier but down 350,000 domains compared to the end of Q1.

The split was 161.1 million for .com and 13.2 million for .net — that’s a sequential decrease of 200,000 for .com and a decrease of 200,000 for .net. Both rounded, of course.

CEO Jim Bidzos told analysts tonight that renewals were affected by a great many first-time registrations from China not renewing. General post-pandemic and macro-economic factors also played a role, he said.

The preliminary renewal rate was 75.9% compared to 76.0% a year earlier, but the number of new regs was down to 10.1 million from 11.7 million over the same period.

Verisign reported Q2 revenue up 6.8% on a year ago at $352 million, with net income of $167 million compared to $148 million. Its operating margin swelled to 67.1% percent from 64.7%.

Bidzos told analysts that the company is cutting its registered name growth prediction for the year to between 0.5% and 1.5%, a huge decrease from the already-downgraded estimate of 1.75% and 3.5% it made after the first quarter.

He said that he expects Q3 and Q4 to go much the same way as Q2.

Bidzos said he thinks the current factors affecting regs are a bump in the road and he expects things to stabilize over time.

UPDATE 2148 UTC — The article was updated to correct the comparison of the decrease in .com/.net regs.

Verisign to mandate 2FA for .com registrars

Over 2,000 registrars are likely to be affected by a new Verisign policy making two-factor authentication mandatory when logging into the company’s registrar portal.

ICANN has given the preliminary nod to a Verisign proposal to make 2FA, which has been available on an optional basis for over a decade, mandatory.

Voluntary adoption of the security feature has been light since it was first introduced in 2009. According to Verisign’s Registry Services Evaluation Process request (pdf) only around 200 registrars currently use it.

There were 2,446 active .com registrars at the last count. The RSEP also applies to .net and .name.

The 2FA system requires registrars to enter a one-time password, in addition to their usual credentials, whenever they log in to their accounts.

The change only applies to registrars logging into Verisign’s web site to manage their accounts, not to registrants who have .com domains. It does not apply to under-the-hood EPP transactions.

The company is hoping to implement the change pretty damn quick — its June 30 RSEP states that it will start to give registrars a 30-day noticed period the following day, before ICANN had even formally approved the change.

ICANN approval (pdf) came yesterday, so presumably 2FA will become mandatory in a matter of days.

.xyz kicks France out of the top 10 TLDs — Verisign

Verisign is reporting that the total number of registered domains worldwide topped 350 million in the first quarter, under its new reporting methodology.

The company’s latest Domain Name Industry Brief states that there were 350.5 million names across (almost) all TLDs, up by 8.8 million or 2.6% compared to the end of 2021 or 13.2 million (3.9%).

It’s sequential growth well beyond the 3.3 million increase reported in Q4, but the first quarter of any year is usually seasonally strong.

It’s the second DNIB that excludes Freenom’s collection of free TLDs, notably .tk, making comparisons beyond what Verisign itself calculates challenging.

Verisign’s own .com was up from 160 million to 161.3 million domains over the period, while .net was flat at 13.4 million.

Total ccTLD names were up 6 million or 4.7% sequentially to 133.4 million and up 3.1 million or 2.4% year over year.

The top 10 TLDs saw a new entry, with XYZ.com’s .xyz taking the tenth position with 4 million names, kicking out French ccTLD .fr, which has 3.9 million.

After 10 months, ICANN board “promptly” publishes its own minutes

ICANN’s board of directors has approved a huge batch of its own meeting minutes, covering the period from July 15 last year to March 10 this year, raising questions about its commitment to timely transparency.

The board approved the minutes of its last 14 full-board meetings in one huge batch of 14 separate resolutions at its May 12 meeting, and they’ve all now been published on the ICANN web site, along with redacted briefing papers for said meetings.

The period includes decisions on planning for the next new gTLD round and Whois reform, the legal fight with Afilias over the contested .web gTLD, and apparently divisive discussions about the timing of a post-pandemic return to face-to-face meetings.

No explanation has been given for why it’s taken so long for these documents to appear, the timing of which appears to go against ICANN’s bylaws, which state that minutes are supposed to be approved and published “promptly”:

All minutes of meetings of the Board, the Advisory Committees and Supporting Organizations (and any councils thereof) shall be approved promptly by the originating body and provided to the ICANN Secretary (“Secretary”) for posting on the Website.

ICANN almost always published its board’s resolutions within a few days of approval, and a preliminary report — which also includes the number of votes yay or nay, without naming the directors — within a couple of weeks.

The minutes, which are published only after the board rubber-stamps them, typically include a further vote breakdown and a little bit of color on how the discussion went down.

In the newly published batch, some of the documents are somewhat illuminating, while others barely nudge the dimmer switch.

For example, the preliminary report for the July 15, 2021 meeting, published 11 days later, notes that three of the 16 voting directors rebelled on a resolution about making the October annual general meeting in Seattle a virtual-only event, but the just-published minutes name those directors and flesh out some of their reasons for dissenting.

It turns out the directors had a “robust discussion”, with some arguing that it would be safe to go ahead with a “hybrid” meeting comprising both face-to-face and remote participation options.

The dissenting directors were Ron da Silva, Avri Doria, and Ihab Osman, it turns out. Osman and da Silva had voted a similar way a year earlier.

Directors could not reasonably have been expected to know about the impact the Delta variant of Covid-19 would have on world health in the latter half of the year. It had been identified and named by scientists but had yet to spread to the extent it was making headlines.

But they were aware of concerns from the Asia-Pacific members of the community, worried that a hybrid meeting in Seattle would disadvantage those unable to attend due to pandemic travel restrictions. This appears to have been raised during the discussion:

Some Board members expressed desire to see more work done to have ICANN72 as a hybrid meeting. They noted that Seattle has protocols in place to ensure the health and safety of ICANN staff and the community, and ICANN should use this opportunity to begin to return to its normal meeting standards as much as possible. Others noted that the concerns about travel inequities or restrictions for certain parts of the world should not prevent moving forward with an in-person component for ICANN72 because such inequities and restrictions exist with or without the pandemic.

The return to in-person meetings was discussed again in November, when the board decided to junk plans, secured by the dissenting directors in July, for a hybrid meeting in San Juan, Puerto Rico.

Ron da Silva had left the board by this point, but the new minutes show that Doria and Osman were joined by León Sánchez in advocating for a hybrid meeting with an in-person component.

While the July minutes contains a few paragraphs summarizing discussions, the November minutes simply notes that the board “reviewed the proposed resolution and rationale to confirm that it reflects the Board’s discussion and edits”.

And that’s pretty typical for most of the documents published this week — time and again the substantive discussion appears to have either happened off-camera, during non-minuted sessions of the board at unspecified times, or was simply not minuted.

Interested in the talks leading to the approval of the new gTLDs Operational Design Phase? The minutes shed no light.

Interested in how the board reacted to ICANN losing its Independent Review Process case with Afilias about .web? The minutes merely note that the resolution was approved “after discussion”.

There’s also a glaring hole in one set of minutes, raising questions about whether these documents are a reliable record of what happened at all.

We know for a fact that on September 12 the ICANN board approved a resolution naming the new chair and vice chair of its influential Nominating Committee, only to reconvene two weeks later to scrap that decision and name a different chair instead.

But if you read the September 12 minutes, you’ll find no record of NomCom even being discussed, let alone a resolution being passed appointing a chair.

The newly published batch of documents cover several resolutions related to executive pay, but none of the minutes contain the same level of transparency as ICANN displayed in February 2021, when it revealed that three directors voted against CEO Göran Marby’s pay rise.

In terms of transparency, that now appears to fully confirmed as an isolated incident.

A sign of things to come? Verisign slashes outlook in post-pandemic slowdown

Verisign is warning that its business is going to grow slower than expected in 2022, due to the after-effects of the pandemic and general economic conditions.

The registry tonight reported first-quarter revenue of $347 million, up 7% on the comparable period a year ago, after raising its .com prices 7% last year.

But the company has slashed its sales estimates for the year.

CEO Jim Bidzos told analysts this evening that the company and its registrars have started to see a post-pandemic slowdown in sales, exacerbated by other unspecified “macro-economic factors”.

“Incremental demand for new registrations that grew during the pandemic is subsiding,” Bidzos said.

Many domain companies, including Verisign, saw growth spikes during the pre-vaccine pandemic, when many small businesses moved to online sales to stay afloat during recurring lockdown restrictions.

But that’s all over now, and the economic fallout most of us are feeling seems to also be affecting domain sales.

The company said its net income for the first quarter was $158 million, up from $150 a year ago. Its operating margin slipped a little, however, from an enormous 65% to an enormous 64.8%.

Verisign ended the quarter with 161.3 million .com domains and 13.4 million .net domains under management, up 4% combined at 174.7 million.

The renewal rate for .com and .net domains was estimated at 74.8%, up from 73.5% a year ago.

The company expects its domain base to grow between 1.75% and 3.5% this year. That’s down quite significantly from its February estimate of growth between 2.5% and 4.5%.

It added 10.1 million new names in the quarter, compared to 10.6 million in Q4 and 11.1 million in Q1 last year.

While Bidzos did not drill very deep into the other factors contributing to his pessimistic outlook, he did say that the war in Ukraine was not a factor. Sales in Ukraine, Russia and Belarus are “not material”, he said.

I suspect what we’re looking at here is probably related to what the media here in the UK is calling the “cost of living crisis”, which is seeing the price of staples such as food and energy skyrocket and many people cut back on luxuries as a result.

UPDATE: This article was updated July 28, 2022 to correct the number of .net registrations from 13.1 million to 13.4 million.

Verisign wipes free TLDs from the world stats

The number of domain names registered globally dropped by over 25 million in the first quarter, but only because Verisign has stopped tracking .tk and its free sister ccTLDs in its quarterly estimates.

The latest Domain Name Industry Brief says that 2021 ended with 341.7 million registrations across all TLDs, substantially fewer that the 367.3 million it reported at the end of the third quarter.

But this is only because Verisign has decided to no longer count the six Pacific and African ccTLDs managed by Freenom, notably .tk, which had contributed 24.7 million names to the Q3 tally.

The report says: “the .tk, .cf, .ga, .gq and .ml ccTLDs have been excluded from all applicable calculations, due to an unexplained change in estimates for the .tk zone size and lack of verification from the registry operator for these TLDs.”

It sounds rather like there’s been another weird fluctuation in .tk’s numbers that threw off the overall trend picture again, and Verisign’s basically said “to hell with it” and decided to exclude Freenom from its reports from now on.

This means the normalized numbers for Q4 2021 — ignoring Freenom in all applicable quarters — are 341.7 million, up 3.3 million or 1.0% sequentially and up 1.6 million or 0.5% year over year, the DNIB states.

The Freenom business model is to give domains away for free, mostly, in the first instance. It makes its money by retaining and monetizing domains that either expire or, frequently, which it suspends for abuse.

.tk domains never get deleted, in other words, so counting them alongside TLDs with the industry-standard business model could give a misleading impression of the global demand for domain names.

It’s not so much that counting spam domains is bad — every TLD has a spam problem to a greater or lesser extent — but the lack of deletions can create faulty assumptions.

It’s also never been clear how Verisign and its third-party researcher, ZookNic, acquires its data on Freenom TLDs. Its .tk figure would often remain static for quarters on end, suggesting the data was only sporadically available.

I also tracked .tk’s published numbers independently for many years, and the last figure I have, from March 2019, is 41.3 million. It’s never been clear to me why the Verisign/ZookNic number has always been so much lower.

Verisign has always flagged up any oddities caused by .tk in its DNIB, and every edition has contained a footnote describing Freenom’s unusual practices.

The latest DNIB (pdf) says that .com had 160 million names, up 1.2 million, and .net had 13.4 million, down about 100,000, compared to Q3.

ccTLDs overall had 127.4 million, up about 700,000, a 0.6% sequential increase.

The ccTLD number was down by 5.3 million, or 4.0%, compared to the end of 2020, but that was due to a 9.4 million-name deletion by China’s .cn, which I noted in the second quarter and which Verisign calls a “registry-implemented zone reduction”.

Ignoring China, ccTLD names were up 4.1 million or 3.8%, the DNIB says.

Verisign only breaks out the top 10 ccTLDs separately, so the removal of .tk means that Australia’s .au is now in the top 10 list in tenth place with 3.4 million at the end of Q4. It will likely move up the ranks in the first quarter due to the release of second-level names, which has sped up its growth rate.

France’s .fr, with 3.9 million names, has now entered the overall top 10 TLDs due to .tk’s removal.

New gTLDs grew by 1.2 million names or 5.1% sequentially, but were down by pretty much the same amount annually, ending 2021 with 24.7 million names.

GoDaddy formally signs .tv registry contract

GoDaddy has formally taken on the contract to run .tv, the ccTLD for the Pacific island nation of Tuvalu, according to the company.

GoDaddy Registry said that the deal was signed with the Tuvalu government at the Dubai Expo 2020 trade show on March 30.

The company won a tender process last December in which incumbent Versigin, which has been running .tv for 20 years, did not participate.

Tuvalu is expected to get a much bigger share of the revenue than it did under Verisign, which paid $5 million a year, but terms have not been disclosed.

GoDaddy senior director of business development George Pongas said in a press release that the parties are “convinced that together we can position the .tv ccTLD for significant worldwide growth and a new era of brand awareness and community engagement”.

GoDaddy is substantially more customer-facing than Verisign, and controls the registration path, so it’s not difficult to see how this could boost .tv’s sales.

The deal comes at an opportune time, as user-created video content is experiencing something of a boom.

Mutually assured destruction? Now Afilias faces .web disqualification probe

Afilias’ ongoing quest to have Verisign’s winning bid for the .web gTLD thrown out may have backfired, with ICANN now launching a probe into whether Afilias’ own bid should be disqualified.

Afilias and Verisign could now BOTH be kicked out of the .web fight, delivering the coveted gTLD into the hands of the third-placed bidder for a knock-down price.

There’s even the possibility that Verisign’s winning $135 million bid could be more than cut in half, taking tens of millions out of ICANN’s coffers.

ICANN’s board of directors on Thursday said it will investigate not only whether Verisign broke new gTLD program rules by using a Nu Dot Co as proxy to bid, but also whether Afilias broke the rules when an executive texted NDC during a pre-auction comms blackout period.

It’s the first time board has resolved to take a look at the allegations against Afilias, which so far have only come up in letters and arbitration filings from Verisign and NDC.

The .web auction in 2016 resulted in a winning bid of $135 million from NDC. It quickly emerged that its bid was bankrolled by Verisign, which had not directly applied for .web.

Afilias’ applicant subsidiary (now called Altanovo Domains, but we’re sticking with “Afilias” for this story) has been trying to use Verisign’s sleight-of-hand to get the auction overturned for years, on the basis that ICANN should have forced NDC to show its cards before the auction took place.

An Independent Review Process panel last year ruled that ICANN broke its own bylaws by failing to rule on Afilias’ allegations when they were first made, and told ICANN to put .web on hold while it finally formally decides whether Verisign broke the rules or not.

What the IRP panel did NOT do was ask ICANN to rule on Verisign’s counter-allegations about Afilias violating the auction blackout period. ICANN’s decided to do that all by itself, which must piss off Afilias no end.

The board resolved last week, with my emphasis:

Resolved (2022.03.10.06), the Board hereby: (a) asks the [Board Accountability Mechanisms Committee] to review, consider and evaluate the allegations relating to the Domain Acquisition Agreement (DAA) between NDC and Verisign and the allegations relating to Afilias’ conduct during the Auction Blackout Period; (b) asks the BAMC to provide the Board with its findings and recommendations as to whether the alleged actions of NDC and/or Afilias warrant disqualification or other consequences, if any, related to any relevant .WEB application; and (c) directs ICANN org to continue refraining from contracting for or delegation of the .WEB gTLD until ICANN has made its determination regarding the .WEB application(s).

I see four possible outcomes here.

• Nobody gets disqualified. Verisign wins .web and ICANN gets to keep its $135 million. Afilias will probably file another IRP or lawsuit.
• Verisign gets disqualified. Afilias gets .web and ICANN probably gets paid no more than $79.1 million, which was its maximum bid before the auction became a two-horse race. Verisign will probably file an IRP or lawsuit.
• Afilias gets disqualified. Verisign wins .web and then it has to be figured out how much it pays. I believe the high bid before the third-place bidder pulled out was around $54 million, so it could be in that ball-park. Afilias will probably file another IRP or lawsuit.
• Both Afilias and Verisign get disqualified. The third-placed bidder — and I don’t thinks its identity has ever been made public — wins .web and pays whatever their high bid was, possibly around $54 million. Everyone sues everyone else and all the lawyers get to buy themselves a new summer home.

The other remaining applicants are Donuts, Google, Radix and Schlund. Web.com has withdrawn its application.

The people who will decide whether to disqualify anyone are the six members of the Board Accountability Mechanisms Committee who are not recusing themselves due to conflicts of interest (Edmon Chung has a relationship with Afilias).

Given that the board has already ruled that it has a fiduciary duty to dip into the new gTLD auction proceeds pretty much whenever it pleases, can’t we also assume that it has a fiduciary duty to make sure that auction proceeds pool is as large as possible?