Latest news of the domain name industry

Recent Posts

Did XYZ.com pay NetSol $3m to bloat .xyz?

Kevin Murphy, August 25, 2015, Domain Registries

Evidence of a possibly dodgy deal between XYZ.com and Network Solutions has emerged.

Court documents filed last week by Verisign suggest that the .xyz registry may have purchased $3 million in advertising in exchange for $3 million of .xyz domain names.

Verisign, which is suing .xyz and CEO Daniel Negari over its allegedly “false” advertising, submitted to the court a list of hundreds of exhibits (pdf) that it proposes to use at trial.

Among them are these two:

  • Email from Negari to Andrew Gorrin re EPP Feed and billing directly for $3,000,000 in domains
  • Credit Memo to Andrew from Negari “We have elected to pay for our $3MM Q2 advertising insertion order, which was dated May 20th with a credit…….” (5/31/14)

Gorrin is Web.com’s senior VP of marketing and Negari is Daniel Negari, XYZ.com’s CEO.

The documents these headings refer to are not public information, and are not likely to be any time soon, but they appear to refer to on the one hand XYZ billing NetSol for $3 million in domain names and on the other NetSol billing XYZ for $3 million in advertising.

Only one of the two document headings is dated, so we don’t know how closely they coincided.

Other headings, among the 446 documents Verisign wants to use at trial, suggest that they happened at pretty much the same time:

  • Email from Andrew Gorrin to Ashley Henning (web.com) re Bulk Purchase of .xyz domains (5/29/14)
  • Email from Andrew Gorrin to Negari re XYZ.Com Advertising IO and Marketing Agreement attaching signed agreements (5/20/14)
  • Email string Ashley Henning to Christine Nagey, Andrew Gorrin, Edward Angstadt re Bulk Purchase of .XYZ Domains (5/30/14)

The emails Verisign cites were dated May 2014, shortly before .xyz went into general availability June 2.

What we seem to be looking at here — and I’m getting into speculative territory here — are references to two more or less simultaneous transactions, both valued at exactly $3 million, between the two parties.

Both companies have consistently refused to address the nature of their deal, citing NDAs.

As you recall, the vast majority of .xyz’s early registrations were provided by NetSol, which pushed hundreds of thousands of free .xyz domains into its customers’ accounts without their explicit consent.

The number of freebies is believed to be about 350,000, based on comments Negari recently made to The Telegraph, in which he stated that .xyz, which had about 850,000 domains in its zone at the time, would have 500,000 registrations if the freebies were excluded.

With a registry fee roughly equivalent to .com’s (.xyz’s is believed to be a little lower), 350,000 names would work out to roughly $3 million.

Negari has stated previously that every .xyz registration was revenue-generating, even the freebies.

Is it possible that NetSol paid XYZ’s registry fees using money XYZ paid it for advertising? Is it possible no money changed hands at all?

I’m not saying either company has done anything illegal, and it’s completely possible I’m completely misunderstanding the situation, but it does rather put me in mind of the old “round-trip” deals that tech firms used to dishonestly prop up their tumbling revenue at the turn of the century.

Back in 2000, the dot-com bubble was on the verge of popping, taking the US economy with it, and companies facing the decline of their businesses came up with “creative” ways to show investors that they were still growing.

AOL Time Warner, for example, “effectively funded its own online advertising revenue by giving the counterparties the means to pay for advertising that they would not otherwise have purchased”.

Regulators exercised their legal options in these cases only where there appeared to be dishonest accounting, and I’ve seen no evidence to suggest that XYZ or Web.com unit NetSol have failed to adhere to anything but the highest accounting standards.

Again, I’m not saying we’re looking at a “round-trip” deal here, and there’s not a great deal of evidence to go on, but it sure smells familiar.

Certainly, questions have been raised that Verisign did not raise in its initial complaint.

Anyway.

On a personal note, I’d like to disclose that among the documents Verisign demanded from XYZ are dozens of pages of previously confidential emails exchanged between myself and Negari.

I’ve read them, and they’re mostly heated arguments about a) his refusal to give details about the NetSol deal and b) my purported lack of journalistic integrity whenever I published a post about .xyz with an even slightly negative angle.

XYZ had no choice but to supply these emails. I can’t blame it for complying with its legal requirements.

I wasn’t the only affected blogger. Mike Berkens, Konstantinos Zournas, Rick Schwartz and Morgan Linton also had their private correspondence compromised by Verisign.

I don’t know how they feel about this violation, but in my view this shows Verisign’s contempt for the media and its disregard for the sanctity of off-the-record conversations between reporters and their sources.

And that’s what I have to say about that.

After abc.xyz, will Google now switch to .google?

Kevin Murphy, August 12, 2015, Domain Registries

Google provided the new gTLD industry with one of its most prominent endorsements to date when it revealed this week that its new parent company, Alphabet, will use a .xyz domain name.

But it could just be the first move away from traditional TLDs such as .com — its new gTLD .google entered its “general availability” phase today.

Alphabet will be the holding company for Google the search engine provider, as well as many other subsidiaries focused on non-core areas of its business, and will replace Google as the publicly traded entity.

The new company will use abc.xyz as its primary domain.

XYZ.com CEO Daniel Negari told Wired that the move is “the ultimate validation”, and it’s hard to disagree.

Despite this, almost all the coverage in the tech and mainstream media over the last 24 hours has been about the fact that it does not own alphabet.com.

A Google News search for “alphabet.com” today returns over 67,000 results. Refine the search to include “abc.xyz” and you’re left with fewer than 2,700.

This is perhaps to be expected; BMW owns alphabet.com and has told the New York Times it does not intend to sell it. Journalists naturally gravitate towards conflict, or potential conflict.

Some reporters even suggested, with mind-boggling naivety, that Google hadn’t even done the most cursory research into its new brand before embarking on the biggest restructuring in its history as a public company.

But perhaps the reality is a little simpler: owning a .com that exactly matches your brand just isn’t that important any more.

If any company has insight into the truth of that hypothesis, it’s Google.

It should hardly be surprising that Google digs the possibilities offered by new gTLDs — remember, it applied for 101 strings and has 42 of them already delegated.

Its senior engineers have also blogged repeatedly that all gTLDs, including .com, are treated equally by its search algorithms.

Now that it has made the decision to brand its holding company on a new gTLD domain, could we expect it be similarly nonchalant about a switch to .google?

The dot-brand today came out of its pre-launch phase and entered “general availability”, meaning that the gTLD is now free for it to use.

The .google zone file only has a few domains in it at present, so we’re probably not going to see anything deployed there overnight, but I’d be surprised if we have to wait a long time before .google is put to use in one way or another.

The company set up a fleeting April Fool’s Day website at com.google earlier this year.

Google’s application for .google states:

The mission of the proposed gTLD, .google is to make the worldʹs information universally accessible and useful through the streamlined provision of Google services. The purpose of the proposed gTLD is to provide a dedicated Internet space in which Google can continue to innovate on its Internet offerings. The proposed gTLD will augment Googleʹs online presence in other registries, provide Google with greater ability to categorize its present online locations around the world, and in turn, deliver a more recognizable, branded, trusted web space to both the general Internet population and Google employees. It will also generate efficiencies and increase security by reducing Google’s current dependence on third-party infrastructure.

The company has also stated on its Google Registry web site that it intends to use .google, .youtube and .plus “for Google products”.

XYZ buys .security and .protection from Symantec

XYZ.com has added .security and .protection to its portfolio of new gTLDs under a private deal with security software maker Symantec.

Symantec originally applied for both as closed generics, but changed its plans when ICANN changed its tune about exclusive access gTLDs.

The company won .security in an auction against Donuts and Defender Security late last year; .protection was uncontested. It lost auctions for .cloud and .antivirus.

Symantec’s .symantec and .norton, both dot-brands, are currently in pre-delegation testing.

XYZ already owns .college, .rent and of course .xyz.

In other news, Afilias has acquired .promo, which was in PDT with applicant Play.Promo Oy, in a private auction.

UPDATE: A couple of hours after this post was published, XYZ announced it has also acquired .theatre, which will compete with Donuts’ .theater, from KBE gTLD Holding Inc.

.xyz starts to plummet — NetSol freebies to blame?

XYZ.com has been seeing its .xyz zone file shrink rapidly over the last five days, likely as a result of free domains pushed out to Network Solutions customers starting to expire.

DI PRO stats show that .xyz has shrunk by 49,658 domains this week — today at 888,413 names compared to a June 4 peak of 942,927.

It was June 4 last year when the industry become aware that NetSol was automatically pushing .xyz names into the accounts of its existing customers without their explicit consent.

Renewal rates usually do not become clear for 45 days after expiration, due to grace periods, but domains can delete earlier.

On June 9, 2014, one year ago today, .xyz had 87,073 domains in its zone file. It’s difficult to see where a loss of almost 50,000 names this week could come from if not the NetSol freebies deleting.

It is believed that the NetSol giveaway contributed about 350,000 names to .xyz’s zone over the period of its offer.

NetSol has been bundling .xyz renewals — which along with the free year of email and privacy comes to a whopping $57 — when it asks its customers to renewal their matching .com/.net/.org domains.

.xyz likely hasn’t seen the worst of its total shrinkage yet.

When eNom pushed free .info domains into its customers’ accounts about 10 years ago the renewal rate on those names was virtually zero.

New gTLD phishing still tiny, but .xyz sees most of it

New gTLDs are not yet being widely used to carry out phishing runs, but most such attacks are concentrated in .xyz.

That’s one of the conclusions of the Anti-Phishing Working Group, which today published its report for the second half of 2014.

Phishing was basically flat in the second half of the year, with 123,972 recorded attacks.

The number of domains used to phish was 95,321, up 8.4% from the first half of the year.

However, the number of domains that were registered maliciously in order to phish (as opposed to compromised domains) was up sharply — by 20% to 27,253 names.

In the period, 272 TLDs were used, but almost 54% of the attacks used .com domains. In terms of maliciously registered domains, .com fared worse, with over 62% share.

According to APWG, 75% of maliciously registered domains were in .com, .tk, .pw, .cf and .net.

Both .tk and .cf are Freenom-administered free ccTLDs (for Tokelau and the Central African Republic) while low-cost .pw — “plagued” by Chinese phishers — is run by Radix for Palau.

New gTLDs accounted for just 335 of the maliciously registered domains — 1.2% of the total.

That’s about half of what you’d expect given new gTLDs’ share of the overall domain name industry.

Twenty-four new gTLDs had malicious registrations, but .xyz saw most of them. APWG said:

Almost two-thirds of the phishing in the new gTLDs — 288 domains — was concentrated in the .XYZ registry. (Of the 335 maliciously registered domains, 274 were in .XYZ.) This is the first example of malicious registrations clustering in one new gTLD, and we are seeing more examples in early 2015.

XYZ.com aggressively promoted cheap or free .xyz names during the period, but APWG said that only four .xyz phishing names were registered via freebie partner Network Solutions.

In fact, APWG found that most of its phishing names were registered via Xin Net and used to attack Chinese brands.

But, normalizing the numbers to take account of different market shares, .xyz shapes up poorly when compared to .com and other TLDs, in terms of maliciously registered domains. APWG said:

XYZ had a phishing-per-10,000-domains score of 3.6, which was just slightly above the average of 3.4 for all TLDs, and lower than .COM’s score of 4.7. Since most phishing domains in .XYZ were fraudulently registered and most in .COM compromised, .XYZ had a significantly higher incidence of malicious domain registrations per 10,000 coming in at 3.4 versus 1.4 for .COM.

APWG said that it expects the amount of phishing to increase in new gTLDs as registries, finding themselves in a crowded marketplace, compete aggressively on price.

It also noted that the amount of non-phishing abuse in new gTLDs is “much higher” than the phishing numbers would suggest:

Tens of thousands of domains in the new gTLDs are being consumed by spammers, and are being blocklisted by providers such as Spamhaus and SURBL. So while relatively few new gTLD domains have been used for phishing, the total number of them being used maliciously is much higher.

The number of maliciously registered domains containing a variation on the targeted brand was more or less flat, up from 6.6% to 6.8%.

APWG found that 84% of all phishing attacks target Chinese brands and Chinese internet users.

The APWG report can be downloaded here.

UPDATE: XYZ.com CEO Daniel Negari responded to the report by pointing out that phishing attacks using .xyz have a much shorter duration compared to other TLDs, including .com.

According to the APWG report, the average uptime of an attack using .xyz is just shy of 12 hours, compared to almost 28 hours in .com. The median uptime was a little over six hours in .xyz, compared to 10 hours in .com.

Negari said that this was due to the registry’s “aggressive detection and takedowns”. He said XYZ has three full-time employees devoted to handling abuse.

XYZ and Uniregistry acquire .car from Google, launch joint venture

XYZ.com and Uniregistry have launched a joint venture to operate a trio of car-related new gTLDs, after acquiring .car from Google.

Cars Registry Ltd is a new company. It will launch .cars, .car and .auto later this year.

Uniregistry won .cars and .auto at auction last year. Google was the only applicant for .car.

It signed its ICANN contract in January but transferred it to Cars Registry a little under a month ago.

The newly formed venture plans to launch all three TLDs simultaneously in the fourth quarter this year.

.car is currently in pre-delegation testing. The other two are already in the root.

Cars Registry does not have the the car-related domain space completely sewn up, however.

Dominion Enterprises runs .autos, albeit with a plan to launch the TLD with restrictions that may well mean it does not directly compete with the other three TLDs.

Launch details for .cars, .car and .auto have not yet been released.

Judging by the gTLDs’ web site, they will run on the Uniregistry back-end.

.xyz dismisses own ads as “puffery”

Kevin Murphy, April 30, 2015, Domain Registries

XYZ.com has dismissed its own claim that .xyz is the “next .com” as “mere opinion or puffery”, in an attempt to resolve a false advertising lawsuit filed by Verisign.

Attempting to get the lawsuit resolved without going to the expense of a full trial, the registry has filed with the court a lengthy, rather self-deprecating deconstruction of its own marketing.

It says among other things that the blog posts and videos at issue are “not statements of fact but rather mere puffery, hyperbole, predictive, or assertions of opinion”.

Verisign sued XYZ and its CEO, Daniel Negari, in December, claiming that the video embedded below reflects “a strategy to create a deceptive message to the public that companies and individuals cannot get the .COM domain names they want from Verisign, and that XYZ is quickly becoming the preferred alternative.”

Last week XYZ filed a motion asking the court to rule on the pleadings only, meaning it would not go to trial. It appears to be an effort by the smaller company to avoid any more unnecessary legal fees.

“Verisign is attempting to litigate XYZ out of business complaining about a vanity video, website blog posts, and opinions stated to a reporter,” the motion says.

The document goes to great lengths to argue that the video, blog posts and interviews given by Negari are not “statements of fact”, but rather mere “hyperbole”.

It even goes to the extent of arguing that its ads make Verisign look good:

XYZ’s claim to be “the next .com” could not plausibly harm Verisign’s commercial interest because the claim reinforces that Verisign’s .COM is the most-popular, most-successful domain. Perhaps consumers think that since .XYZ is the next .COM, they should not buy other new domains. Perhaps consumers buy more .COM domains because XYZ has promoted Verisign as the market leader. But Verisign suffering any injury as a result of XYZ’s statements is implausible.

Some might view the old Honda in the video with the “COM” license plate as trusty and reliable, and the Audi sports car with “XYZ” as high maintenance, impracticable, and too trendy.

Verisign may or may not win the lawsuit, but it does seem to have succeeded in getting XYZ to cut the balls off of its own marketing.

Verisign has not yet filed a response to XYZ’s motion, which will be heard in court May 8.

You can download the PDF of the motion here.

.xyz helps CentralNic double its revenue

Kevin Murphy, April 28, 2015, Domain Registries

CentralNic’s revenue almost doubled in 2014, helped by the launch of new gTLDs.

The UK-based registry today reported annual operating profit of £497,000 ($759,000), down from £694,000 ($1.05 million) in 2013, on the back of revenue up 99% at £6.06 million ($9.25 million).

Billings– money taken but not yet recorded as revenue — was up a whopping 154% at £9.89 million ($15.1 million).

Part of the reason for the growth was the launch of new gTLDs last year.

CentralNic acts as the registry back-end for eight TLDs that launched last year, including runaway volume leader .xyz, which has about 880,000 domains in its zone file today.

Another big contributor was Internet.bs, the Bahamas-based registrar that CentralNic acquired for $7.5 million last year.

The registrar had about 400,000 legacy gTLD domains under management at the end of the year, according to DI’s records.

Both new gTLDs and Internet.bs started contributing to revenue in the second half of the year.

CentralNic also said that its new “enterprise” division, which sells premium domains and offers consulting and software, was a growth factor.

CEO Ben Crawford told the markets that the new gTLD opportunity has so far been “softer” than expected.

Only a small number of retailers received their accreditations from ICANN to sell domains under the new TLDs in 2014, and a lack of public awareness pending the launches of the “superbrand TLDs” such as .google, .apple and .sony, meant that the market for new TLDs in 2014 was softer than had been projected by ICANN and other industry experts. It was essentially limited to domain investors and other early adopters.

Opinion in split in the industry on how much reliance can be put on what Crawford calls “super-brands” to do the heavy lifting when it comes to public awareness of new gTLDs.

NetSol’s free .xyz bundle renews at $57

Kevin Murphy, April 13, 2015, Domain Registrars

Network Solutions is charging a total of $57.17 for renewing the .xyz domain names and associated services it gave away for free as part of .xyz’s controversial launch last year.

A little over a year ago, NetSol found controversy when it pushed hundreds of thousands of .xyz domain names into its customers’ accounts without their explicit consent.

The offer, which required customers to opt out if they didn’t want it, included a year of private registration and a year of email.

The move allowed XYZ.com, the .xyz registry, to report itself as the largest new gTLD registry.

It’s been the subject of some speculation how renewals would be treated by NetSol, but now we know.

Customers, at least in cases reported by DI readers, are being sent renewal notices for their .xyz bundles in the same mailshots as for their .com domains.

Clicking the “Renew” button in these emails takes registrants to a NetSol page on which they can select which of their products they would like to renew.

All, including the .xyz products, are pre-selected for renewal but may be deselected.

Pricing is set at $15.99 for the .xyz domain, $15.99 for the private registration and $25.19 for the email service. That’s a total of $57.17.

Here’s a screenshot of the shopping cart with the pricing (I’ve redacted the domain). Click to enlarge.

The original email sent by NetSol to customers last June, said:

We want to show you how much we appreciate your loyalty by rewarding you with complimentary access to a 1-year registration of a .XYZ domain, one of the hottest new domain extensions. .XYZ domains are proving to have broad appeal and also be extremely memorable. In addition to your complimentary domain, you’ll also receive Professional Email and Private Registration for your .XYZ domain – free of charge.

If you choose not to keep this domain no action is needed and you will not be charged any fees in the future. Should you decide to keep the domain after your complementary first year, simply renew it like any other domain in your account.

The fine print read:

Offer applies to first year of new registrations only. The offer is not transferable and is only available to the recipient. After the complimentary first year the .XYZ domain name and its related services shall expire unless you actively renew the .XYZ domain name and its related services at the then-current rates.

Please note that your use of this .XYZ domain name and/or your refusal to decline the domain shall indicate acceptance of the domain into your account, your continued acceptance of our Service Agreement located online at http://www.networksolutions.com/legal/static-service-agreement.jsp, and its application to the domain.

There’s concern from some registrants that customers may renew their .xyz services without really understanding how they ended up in their account in the first place.

.xyz currently has over 857,000 domains in its zone file.

XYZ.com CEO Daniel Negari was recently quoted as saying that roughly 500,000 of those were not freebies.

The company is being sued by .com registry Verisign for using its reg numbers in “false advertising” that seeks to compare .xyz to .com.

Adware dominating popular new gTLD ranks

Kevin Murphy, March 11, 2015, Domain Registries

Afilias’ .kim has become the latest victim (beneficiary?) of adware, as robo-registrations boost the gTLD’s zone file and apparent popularity.

It’s the latest new gTLD, after .xyz and .country, to see its rankings soar after hundreds of gibberish, bulk-registered domains started being used to serve ads by potentially unwanted software.

.kim is today the 4th most-popular new gTLD, with 85 domains in the top 100,000 on the internet and 264 in the top one million.

A month ago, it had a rank of 223, with just 16 domains in the top one million.

The domain names involved — gems such as oatmealsmoke.kim, vegetableladybug.kim and tubhaircut.kim — have seen a boat-load of traffic and rocketing Alexa rank.

The reason for the boost seems to be a one-off bulk registration of about 1,000 meaningless .kim domain names in early February, which now appear to be being used to serve ads via adware.

In this chart (click to enlarge), we see .kim’s zone file growth since the start of 2015.

The spike on February 5, which represents over 1,000 names, is the date almost all of the .kim names with Alexa rank were first registered.

They all appear to be using Uniregistry as the registrar and its free privacy service to mask their Whois details.

These domains often do not resolve if you type them into your browser. They’re also using robots.txt to hide themselves from search engines.

But they’ve been leaving traces of their activity elsewhere on the web, strongly suggesting their involvement in adware campaigns.

It seems that the current (ab?)use of .kim domains is merely the latest in a series of possibly linked campaigns.

I noted in January that gibberish .country domains — at the time priced at just $1 at Uniregistry — were suddenly taking over from .xyz in the popularity charts.

The following three charts, captured from DI PRO’s TLD Health Check, show how the three TLDs’ Alexa popularity rose and fell during what I suspect were related adware campaigns..

First, .xyz, which was the first new gTLD to show evidence of having robo-registrations used in adware campaigns, saw its popularity spike at the end of 2014 and start of 2015:

Next, Minds + Machines’ .country, which saw its zone file spike by 1,500 names around January 6, starts to see its Alexa-ranked total rocket almost immediately.

.country peaks around February 9, just a few days after the .kim robo-registrations were made.

Finally, as .country’s use declines, .kim takes over. Its popularity has been growing day by day since around February 13.

I think what we’re looking at here is one shadowy outfit cycling through bulk-registered, throwaway domain names to serve ads via unwanted adware programs.

It seems possible that domains are retired when they become sufficiently blocked by security countermeasures, and other domains in other TLDs are then brought online to take over.

None of this necessarily reflects badly on any of the new gTLDs in question, or even new gTLDs as a whole, of course.

For starters, I’ve reason to believe that TLDs such as .eu and .biz have previously been targeted by the same people.

The “attacks”, for want of a better word, are only really noticeable because the new gTLDs being targeted are young and still quite small.

It takes much longer to build up genuine popularity for a newly launched web site than it does to merely redirect exist captive traffic to a newly registered domain.

What it may mean, however, is that .kim and .country are going to be in for statistically significant junk drops about a year from now, when the first-year registrations expire.

For .kim, 1,000 names is about 14% of its current zone file. For .country, it’s more like a quarter.

The daily-updated list of new gTLD domains with Alexa rank can be explored by DI PRO subscribers here. The charts in this post were all captured from the respective TLD’s page on TLD Health Check.