Latest news of the domain name industry

Recent Posts

XYZ bosses agree to pay $1.5 million to settle Fed’s loan scam claims

Kevin Murphy, January 14, 2022, Domain Registries

Some of XYZ’s top executives have agreed to pay $1.5 million to settle a US Federal Trade Commission lawsuit alleging they “deceptively” harvested vast amounts of personal data on millions of people and sold it “indiscriminately” to third parties including potential scammers and identity thieves.

The FTC says that the execs, through a network of interlinked companies, deceptively collected loan applications through at least 200 web sites, promising to connect the applicant with verified lenders, but instead sold the personal data willy-nilly to the highest bidder through a lead-generation marketplace.

The data was bought by companies that in the vast majority of cases were not in the business of providing loans, the FTC said. The buyers were not checked out by the XYZ execs and exposed consumers to identity theft and fraud, it added.

The allegations cover activities starting in 2012 and carrying on until recently, the FTC said.

“[They] tricked millions of people into giving up sensitive financial information and then sold it to companies that were not making loans,” Samuel Levine, director of the FTC’s Bureau of Consumer Protection said in a press release. “The company’s extraction and misuse of this data broke the law in several ways.”

“The FTC’s allegations were wholly without merit,” the defendants’ lawyer, Derek Newman, told DI in an email. “But litigation against the FTC is expensive and resource draining. For that reason, my clients chose to settle the case and move on with their business.”

“In fact, the FTC did not require any changes to my clients’ business practices that they had not already implemented before the case was filed,” he added.

The suit (pdf) named as defendants XYZ.com CEO Daniel Negari, COO Michael Abrose, business development manager Jason Ramin, and general counsel Grant Carpenter. Two other named defendants, Anisha Hancock and Sione Kaufusi, do not appear at first glance to be connected to the domains business.

The settlement (pdf) sees the defendants pay $1.5 million and agree to certain restrictions on their collection and use of data, but they did not admit or deny any liability.

The lead generation business was carried out via at least 17 named companies, including XYZ LLC (which appears to be a different company to the .xyz registry, XYZ.com LLC), Team.xyz LLC and Dev.xyz LLC. The FTC complaint groups them together under the name ITMedia.

Some of the companies are successors to Cyber2Media, the FTC said, a company that in 2011 had to settle a massive typosquatting lawsuit filed by Facebook.

Despite the personnel crossover, nothing in the complaint relates directly to the .xyz domains business, and the only domains listed in the complaint are some pretty nice .coms, including badcreditloans.com, personalloans.com, badcredit.com, fastmoney.com and cashadvance.com.

The complaint alleged deceptive representations and unfair distribution of sensitive information as well as violations of the Fair Credit Reporting Act. It reads:

In numerous instances, Defendants, through ITMedia’s actions, have shared and sold sensitive personal and financial information from consumers’ loan forms — including consumers’ full names, addresses, email addresses, phone numbers, birthdates, Social Security numbers, bank routing and account numbers, driver’s license and state identification numbers, income, status and place of employment, military status, homeownership status, and approximate credit scores—without consumers’ knowledge or consent and without regard for whether the recipients are lenders or otherwise had a legitimate need for the information.

Essentially, the complaint alleged that the defendants bullshitted consumers into handing over personal info thinking they were applying for a legitimate loan, when in fact the info was just being harvested for resale to sometimes dodgy buyers.

The complaint reads:

ITMedia’s practice of broadly disseminating consumer information, including to entities that share information with others whose identities and use of the information are unknown to ITMedia, exposes consumers to the risk of substantial harm from identity theft, imposter scams, unauthorized billing, phantom debt collection, and other misuse of the consumers’ information. Some consumers have complained that, shortly after submitting loan applications to ITMedia, they have received communications using the names of ITMedia websites to present sham loan offers or demands for repayment of counterfeit debt.

The $1.5 million settlement will be paid by “Individual Defendants and Corporate Defendants, jointly and severally”, according to court documents.

UPDATE: This article was updated shortly after publication with a statement from XYZ’s lawyer.

XYZ counting standard sales as “premiums” because its fees are so expensive

Kevin Murphy, November 19, 2021, Domain Registries

Portfolio gTLD registry XYZ appears to be counting regular sales of domains in certain TLDs as “premium” wins, because the base reg fee is so high.

The company said in a recent blog post that it sold over 270 “premium” names in October, but it added the following caveat:

Premium XYZ Registry domains refer to premium domains for extensions with standard and premium domains, and XYZ’s premium namespaces such as .Cars, .Storage, .Tickets, .Security, etc.

So if a name in a .com-equivalent priced TLD such as .xyz had been flagged as a premium by the registry and sold for a few thousands bucks, that counts as a premium sale, but any sale at all in .cars, where all domains cost a few thousand bucks regardless of the second-level string, also counts as a premium.

This reporting practice appears to bring in .security, .storage, .protection, .car, .auto, and .theatre, which all retail for four figures as standard. It also includes .tickets, where you won’t get much change out of a grand. It doesn’t include the fourth member of the cars family, .autos, where domains are priced as .com-equivalent.

I’m not sure how I feel about this.

You can’t accuse the registry of being misleading — it’s disclosing what it’s doing pretty prominently mid-post, not even reducing the font size.

And you can’t reasonably argue that a standard $3,000 .cars domain, which renews at $3,000 a year, for example, has less claim to the adjective “premium” than a domain in .hair that has a premium-tier EPP code selling for $3,000 but renewing at $20.

It just feels weird to see the word used in this way for what appears to be the first time.

XYZ scraps .tickets rules but won’t lower the price

XYZ.com has just formally announced the acquisition of the new gTLD .tickets, which we reported on in April.

The company said it plans to keep the domains at the current high price of $500 retail per year, in contrast to its recent practice of dropping its fees on some of its recent acquisitions.

But it is going to remove “complicated registration restrictions” and make .tickets names available according to the rules for gTLDs in the rest of its portfolio, which should broaden its channel appeal.

The company argues that, in the absence of stringent registration rules, the high prices make it “cost prohibitive” for bad actors to cybersquat.

.tickets was being managed by original applicant Accent Media until earlier this year.

.autos priced waaay below its XYZ rivals

When XYZ.com tied up the automotive gTLD market by bringing .car, .cars, .auto and .autos into its portfolio last year, I speculated that a big price increase may be on the cards for .autos. I was wrong.

The registry has in fact dropped its wholesale prices by quite a lot, keeping .autos domains a fraction of the cost of their stable-brothers and competitive with .com.

XYZ said yesterday that the recommended retail price for .autos will be around $20 per year, compared to the $100 under previous owner Dominion.

The new pricing comes into effect June 14.

By contrast, .auto, .cars and .car continue to be priced at around $2,000 per year at the cheaper registrars. At others your renewal fee could be as high as $4,000.

The pricing makes .autos a much more affordable choice for the likes of smaller car dealerships and garages, as well as an option for domain investors not scared away by the risky world of new gTLDs.

Under Dominion, .autos never broke through the 500 domains under management mark. Its three siblings all have roughly 300 names in their zones, with a leaning towards corporate registrar sales.

XYZ adds .tickets to its gTLD stable

XYZ.com has taken over the ICANN registry agreement for the gTLD .tickets, according to records.

It looks to be the registry’s 23rd TLD, the latest of XYZ’s acquisitions of unused or floundering new gTLDs.

In the case of .tickets, it’s picking up a low-volume, high-price TLD with some rather onerous registration restrictions.

The TLD was originally set up by UK-based Accent Media to provide a space where people going to music, theater and sporting events, for examples, could buy tickets in the assurance that the sellers were legit.

Would-be .tickets registrants have a five-day waiting period before their domains go live, while the registry manually verifies their identities from paper records such as passports or driving licenses.

That high-friction reg process is one reason the shelf price for a .tickets domain is well over $500 a year.

It’s also a reason why very few .tickets domains have been sold. The registry peaked at fewer than 1,200 names in its zone file in 2018 and has been on the decline ever since.

It had 769 names in its zone at the end of March this year.

Registry reports show that the majority of its names are registered via brand-protection registrars and are likely unused. Searches for active .tickets sites return fewer than 100 results.

XYZ might be able to turn this around by smoothing out the reg friction and lowering the price.

But even just 1,000 names at $500 a year could be considered a nice little earner as part of a portfolio with low overheads from economies of scale. XYZ already runs even higher-priced, lower-volume zones such as .cars and .auto.

XYZ launches its beauty-themed gTLDs with slashed prices

Kevin Murphy, December 1, 2020, Domain Registries

XYZ.com is readying the launch of its four recently acquired beauty-themed gTLDs, along with one other.

.skin, .hair .makeup and .beauty entered their sunrise periods today, where they will stay until February 10.

All four were acquired from L’Oreal earlier this year, but .makeup was the only one that had launched and gone through its mandatory sunrise.

Despite this, XYZ is putting .makeup through what it calls a “trademark owner landrush”, where domains will cost IP owners about a grand.

That’s actually a lot cheaper than the price L’Oreal had the domains at during general availability — deterrent pricing of around $5,500 wholesale per year.

It looks like all four domains in this mini-portfolio will be priced around the $20 mark at registrars during general availability, which is due to begin March 2.

There’s also going to be an Early Access Period for seven days from February 10.

All of the above also applies to .quest, which XYZ acquired from a Hong Kong multilevel marketing firm a year ago. XYZ is marketing it as a TLD for “gurus, knowledgeable experts, and authorities in any field”.

.spa registry relocates to .xyz

Kevin Murphy, November 16, 2020, Domain Registries

Newly installed .spa registry Asia Spa and Wellness Promotion Council has started using a .xyz domain for its official registry web site.

The organization last week had its IANA records updated to change its “URL for registration services” from aswpc.org to dotspa.xyz.

It currently resolves to a placeholder “Coming Soon” page.

Choosing a TLD other than its own, which entered the DNS root in September, is pretty unusual.

Most new gTLD registries activate nic.example pretty quickly after delegation, even if they ultimately use a domain such as get.example or register.example for their primary marketing sites.

Activating nic.example is actually an obligation under ICANN contracts. ASWPC has registered that domain, but only whois.nic.spa currently resolves.

The dotspa.xyz domain was registered about a year ago, about a month after ASWPC’s former business partner, DotAsia, washed its hands of its stake in the TLD.

Both the .com and .org versions have been registered for well over a decade, so perhaps .xyz was picked as the default third-choice generic.

But that still doesn’t explain why a registry would select a domain outside its own TLD for its primary site.

Are 25x price increases on the cards as XYZ corners the cars market?

Kevin Murphy, October 14, 2020, Domain Registries

Grab-happy registry XYZ.com has expanded its stable of strings to 22 after buying five little-used gTLDs from Dominion Registries.

It recently came into control of .autos, .motorcycles, .homes, .yachts, and .boats, CEO Daniel Negari confirmed earlier this week.

Following XYZ’s buyout of .auto, .car and .cars from former joint venture partner UNR a couple months back, it seems the company now pretty much has a lock on the English-language automotive domain market.

This raises the question, so far unanswered by the registry, about whether .autos registrants could be about to face some of the steepest price increases the new gTLD market has seen to date.

XYZ’s .auto, .car and .cars currently command among the highest base prices in the market — about $2,500 at retail for a basic, non-premium name — while .autos has been chugging along at $100 per domain per year.

It would make perfect sense for the registry to give its new acquisition a 25x price increase to align it with the rest of the automotive portfolio, but so far the company is tight-lipped on the subject.

Fortunately, the current pool of .autos registrants is quite small — a little over 400 names, about the same as .auto but a couple hundred ahead of .cars and .car — so there would not be many customers to piss off.

Indeed, three of the other TLDs XYZ just bought have what you might generously call “growth potential”.

The only one of the five gTLDs to have more than 500 domains under management is .homes, which has more than 13,000.

With XYZ’s broader channel reach and superior marketing prowess, there’s certainly upside on the horizon.

XYZ buys dormant gTLD from “pyramid scheme” operator

Kevin Murphy, November 19, 2019, Domain Registries

XYZ.com has bought another unused dot-brand to add to its portfolio.
It’s taken over the contract for .quest from original registry Quest ION Ltd, a subsidiary of a Hong Kong-based multi-level marketing company called QNet, according to ICANN records.
The gTLD will become the 13th that XYZ has a stake in, and the second dormant dot-brand that it’s acquired, after .monster.
.quest has been delegated for a few years, but its owner had no live domains beyond the mandatory NIC site.
I have to say I was unfamiliar with the company until today, but QNet’s Wikipedia page makes it sound sufficiently dodgy that I’m surprised nobody raised questions about its suitability to be a registry during the ICANN application process.
Its multi-level marketing business model has been described as a “pyramid scheme” or “Ponzi scheme” by various governments and has seen QNet hit by serious legal challenges in many countries on at least four continents.
Loads of its executives, including at least one listed on the gTLD application, have been arrested over the years.
But I guess that’s water under the bridge now, because XYZ has taken control of .quest.
There’s no word yet on a launch date.

Cloudflare “bug” reveals hundreds of secret domain prices

The secret wholesale prices for hundreds of TLDs have been leaked, due to an alleged “bug” at a registrar.
The registry fees for some 259 TLDs, including those managed by Donuts, Verisign and Afilias, are currently publicly available online, after a programmer used what they called a “bug” in Cloudflare’s API to scrape together price lists without actually buying anything.
Cloudflare famously busted into the domain registrar market last September by announcing that it would sell domains at cost, thumbing its nose at other registrars by suggesting that all they’re doing is “pinging an API”.
But because most TLD registries have confidentiality clauses in their Registry-Registrar Agreements, accredited registrars are not actually allowed to reveal the wholesale prices.
That’s kind of a problem if you’re a registrar that has announced that you will never charge a markup, ever.
Cloudflare has tried to get around this by not listing its prices publicly.
Currently, it does not sell new registrations, instead only accepting inbound transfers from other registrars. Registry transaction reports reveal that it has had tens of thousands of names transferred in, but has not created a significant number of new domains.
(As an aside, it’s difficult to see how it could ever sell a new reg without first revealing its price and therefore breaking its NDAs.).
It appears that the only way to manually ascertain the wholesale prices of all of the TLDs it supports would be to buy one of each at a different registrar, then transfer them to Cloudflare, thereby revealing the “at cost” price.
This would cost over $9,500, at Cloudflare’s prices, and it’s difficult to see what the ROI would be.
However, one enterprising individual discovered via the Cloudflare API that the registrar was not actually checking whether they owned a domain before revealing its price.
They were therefore able to compile a list of Cloudflare’s prices and therefore the wholesale prices registries charge.
The list, and the script used to compile it, are both currently available on code repository Github.
The bulk of the list comprises Donuts’ vast portfolio, but most TLDs belonging to Afilias (including the ccTLD .io), XYZ.com and Radix are also on there.
It’s not possible for me to verify that all of the prices are correct, but the ones that are comparable to already public information (such as .com and .net) match, and the rest are all in the ballpark of what I’ve always assumed or have been privately told they were.
The data was last refreshed in April, so without updates its shelf life is likely limited. Donuts, for example, is introducing price increases across most of its portfolio this year.