Latest news of the domain name industry

Recent Posts

Cloudflare “bug” reveals hundreds of secret domain prices

The secret wholesale prices for hundreds of TLDs have been leaked, due to an alleged “bug” at a registrar.

The registry fees for some 259 TLDs, including those managed by Donuts, Verisign and Afilias, are currently publicly available online, after a programmer used what they called a “bug” in Cloudflare’s API to scrape together price lists without actually buying anything.

Cloudflare famously busted into the domain registrar market last September by announcing that it would sell domains at cost, thumbing its nose at other registrars by suggesting that all they’re doing is “pinging an API”.

But because most TLD registries have confidentiality clauses in their Registry-Registrar Agreements, accredited registrars are not actually allowed to reveal the wholesale prices.

That’s kind of a problem if you’re a registrar that has announced that you will never charge a markup, ever.

Cloudflare has tried to get around this by not listing its prices publicly.

Currently, it does not sell new registrations, instead only accepting inbound transfers from other registrars. Registry transaction reports reveal that it has had tens of thousands of names transferred in, but has not created a significant number of new domains.

(As an aside, it’s difficult to see how it could ever sell a new reg without first revealing its price and therefore breaking its NDAs.).

It appears that the only way to manually ascertain the wholesale prices of all of the TLDs it supports would be to buy one of each at a different registrar, then transfer them to Cloudflare, thereby revealing the “at cost” price.

This would cost over $9,500, at Cloudflare’s prices, and it’s difficult to see what the ROI would be.

However, one enterprising individual discovered via the Cloudflare API that the registrar was not actually checking whether they owned a domain before revealing its price.

They were therefore able to compile a list of Cloudflare’s prices and therefore the wholesale prices registries charge.

The list, and the script used to compile it, are both currently available on code repository Github.

The bulk of the list comprises Donuts’ vast portfolio, but most TLDs belonging to Afilias (including the ccTLD .io), XYZ.com and Radix are also on there.

It’s not possible for me to verify that all of the prices are correct, but the ones that are comparable to already public information (such as .com and .net) match, and the rest are all in the ballpark of what I’ve always assumed or have been privately told they were.

The data was last refreshed in April, so without updates its shelf life is likely limited. Donuts, for example, is introducing price increases across most of its portfolio this year.

XYZ weighs into Epik controversy with .monster fundraising domain

Kevin Murphy, March 21, 2019, Domain Registries

New gTLD registry XYZ.com has set up a domain to help raise money for victims of the terrorist attack in Christchurch, New Zealand last week.

The domain is give.monster. It redirects to a page on Givealittle.co.nz, a Kiwi crowdfunding site, that has so far raised almost NZD 7.8 million ($5.3 million) for the victims of the attack, which killed 50 and injured many more last Friday.

Given the amount of coverage in the New Zealand press, it appears that the fundraising page is legit.

The domain is obviously a reference to Epik.com CEO Rob Monster, who has come in for criticism this week for hosting and sharing the terrorist’s video of the attack, and then suggesting it might be a hoax, as I blogged earlier today.

XYZ is able to create this domain because it is the registry for .monster, a gTLD it acquired last year that is currently slap-bang in the middle of its early access launch period.

Whois records show that the domain was created a little over an hour ago and belongs to XYZ.com LLC.

I learned about it through this comment on DI:

We are sorry to see this in our industry… Please visit http://www.Give.Monster and donate to support victims of the horrific Christchurch shootings. Thank you for your support.

XYZ.com is the registry for .xyz, .college, .rent and other gTLDs. .monster previously belonged to recruitment web site Monster.com.

XYZ reveals .monster gTLD launch dates

Kevin Murphy, February 4, 2019, Domain Registries

XYZ.com has quietly unveiled its launch plan for its recently acquired gTLD, .monster.

General availability, with no eligibility requirements, is due to begin April 1.

The 30-day sunrise period is due to begin in just a couple of weeks — February 18.

.monster was acquired late last year from recruitment web site Monster.com, which had intended to operate it as a dot-brand, for an undisclosed sum.

Before the acquisition closed, Monster and ICANN amended the registry contract to cut the special dot-brand terms that would have removed the need for a sunrise period and would have prevented the domain being sold to regular registrants.

XYZ also intends to run a week-long Early Access Period — where premium prices apply — starting March 21.

I quite like the idea of .monster as an open gTLD.

While it’s certainly not going to perform as well volume-wise as .xyz, say, I can see it fitting nicely into the “quirky” niche occupied currently but the likes of Donuts’ .guru and .ninja — not really viable as standalone TLDs, but decent enough as part of a portfolio.

The company is pitching the TLD as “a domain for creative thinkers, masters of their craft, and modern-day renegades.”

Another bundle of joy for XYZ as Johnson & Johnson throws out the .baby

Kevin Murphy, December 18, 2018, Domain Services

XYZ.com seems to have acquired the .baby gTLD from Johnson & Johnson.

ICANN records show that the .baby registry contract was assigned to the growing portfolio registry November 19.

The news, which has yet to be announced by buyer or seller, arrives four years after J&J paid $3,088,888 for .baby at an ICANN last-resort auction, beating off five other applicants.

.baby is not what you’d call a roaring success. It has about 600 domains under management after almost two years of general availability.

It typically retails for about $80.

While the plan for .baby was to keep it quite tightly controlled, with J&J giving itself broad rights to refuse registration of any domain that did not appear to fit within its family-friendly mission, it does not seem that regime was strictly enforced.

Explain realdonaldtrump.baby

I would expect XYZ, with its come-all attitude to domains, to be even more relaxed about the namespace.

IANA records show that the gTLD under J&J was (and still is) managed by FairWinds, with a Neustar back-end. Neither are typical partners for XYZ, which tends to use CentralNic.

I think this makes it 12 gTLDs for the XYZ stable, including those it runs in partnership. It has 10 listed on its web site and it picked up former dot-brand .monster from Monster.com a couple months back.

J&J also owns the dot-brand .jnj, which has about 100 domains in its zone but no publicly facing web sites to speak of.

Numeric .xyz names plummet despite dollar deal

Kevin Murphy, December 7, 2017, Domain Registries

XYZ.com’s effort to sell over a billion numeric .xyz domains at just $0.65 each does not appear to be gaining traction.

The number of qualifying domains in the .xyz zone file has plummeted by almost 200,000 since the deal was introduced and dipped by over 4,000 since the blanket discount went live.

The $0.65 registry fee applies to what XYZ calls the “1.111B Class” of domains — all 1.111 billion possible six, seven, eight and nine-digit numeric .xyz domains.

These domains carry a recommended retail price of $0.99.

It’s not a promotional price. It’s permanent and also applies to renewals.

Some registrars opted to start offering the lower price from June 1, but it did not come into effect automatically for all .xyz registrars until November 11

The number of domains in this class seems to be on a downward trend, regardless.

There were 272,589 such domains May 31, according to my analysis of .xyz zone files, but that was down to 74,864 on December 5.

On November 10, the day before the pricing became uniform, there were 78,256 such domains. That shows a decline of over 4,000 domains over the last four weeks.

It’s possible that the 1.111B offer is attracting registrants, but that their positive impact on the numbers is being drowned out by unrelated negative factors.

The period of the 200,000-name decline coincides with the massive mid-July junk drop, in which .xyz lost over half of its total active domains due to the expiration of domains registered for just a penny or two in mid-2015.

Many of those penny domains were numeric, due to interest from speculators from China, where such names have currency.

The period also coincides with a time in which XYZ was prohibited from selling via Chinese registrars, due to a problem changing its Real Names Verification provider.

In recent marketing, XYZ has highlighted some interesting uses of 1.111B domains, including a partnership with blockchain cryptocurrency Ethereum.

Other registrants are using the domains to match important dates and autonomous system numbers.