Latest news of the domain name industry

Recent Posts

Verisign’s silly .xyz lawsuit thrown out

Kevin Murphy, October 28, 2015, Domain Registries

Verisign has had its false advertising lawsuit against the .xyz gTLD registry thrown out of court.

XYZ.com this week won a summary judgement, ahead of a trial that was due to start next Monday.

“By granting XYZ a victory on summary judgement, the court found that XYZ won the case as a matter of law because there were no triable issues for a jury,” the company said in a statement.

The judge’s ruling does not go into details about the court’s rationale. XYZ’s motion to dismiss has also not been published.

So it’s difficult to know for sure exactly why the case has been thrown out.

Verisign sued in December, claiming XYZ and CEO Daniel Negari had lied in advertising and media interviews by saying there are no good .com domain names left.

Many of its claims centered on this video:

XYZ said its ads were merely hyperbolic “puffery” rather than lies.

Verisign also claimed that XYZ had massively inflated its purported registration numbers by making a shady $3 million reciprocal domains-for-advertising deal with Network Solutions.

XYZ general counsel Grant Carpenter said in a statement: “These tactics appear to be part of a coordinated anti-competitive scheme by Verisign to stunt competition and maintain its competitive advantage in the industry.”

While Verisign has lost the case, it could be seen to have succeeded in some respects.

XYZ had to pay legal fees in “the seven-figure range”, as well as disclose hundreds of internal company documents — including emails between Negari and me — during the discovery phase.

Through discovery, Verisign has obtained unprecedented insight into how its newest large competitor conducts its business.

While I’ve always thought the lawsuit was silly, I’m now a little disappointed that more details about the XYZ-NetSol deal are now unlikely to emerge in court.

XYZ to put global block on domains banned in China

Kevin Murphy, October 12, 2015, Domain Registries

XYZ.com plans to slap a global ban on domain names censored by the Chinese government.

Chinese words meaning things such as “human rights” and “democracy” are believed to be on the block list, which an industry source says could contain as many as 40,000 words, names and phrases.

(UPDATE: Gavin Brown, CTO of XYZ back-end CentralNic, tweeted that the list is nowhere near 40,000 names long.)

The registry seems to be planning to allow the Chinese government to censor its new gTLDs, which include .xyz, .college, .rent, .protection and .security, in every country of the world.

And it might not be the last non-Chinese registry to implement such a ban.

The surprising revelation came in a fresh Registry Services Evaluation Process request (pdf), filed with ICANN on Friday.

The RSEP asks ICANN to approve the use of a gateway service on the Chinese mainland, which the company says it needs in order to comply with Chinese law.

As previously reported, Chinese citizens are allowed to register domains in non-Chinese registries, but they may not activate them unless the registry complies with the law.

That law requires the registry to be located on the Chinese mainland. XYZ plans to comply by hiring local player ZDNS to proxy its EPP systems and mirror its Whois.

But the Chinese government also bans certain strings — which I gather are mostly but not exclusively in Chinese script — from being registered in domain names.

Rather than block them at the ZDNS proxy, where only Chinese users would be affected, XYZ has decided to ban them internationally.

Registrants in North America or Europe, for example, will not be able to register domains that are banned in China. XYZ said in its RSEP:

XYZ will reserve names prohibited for registration by the Chinese government at the registry level internationally, so the Gateway itself will not need to be used to block the registration of of any names. Therefore, a registrant in China will be able to register the same domain names as anyone else in the world.

It seems that XYZ plans to keep its banned domain list updated as China adds more strings to its own list, which I gather it does regularly.

Customers outside of China who have already registered banned domains will not be affected, XYZ says.

If China subsequently bans more strings, international customers who already own matching domains will also not be affected, it says.

CEO Daniel Negari told DI: “To be clear, we will not be taking action against names registered outside of China based on Chinese government requests.”

But Chinese registrants do face the prospect losing their domains, if China subsequently bans the words and XYZ receives a complaint from Chinese authorities.

“We treat requests from the Chinese government just like we treat requests from the US government or any other government,” Negari said.

“When we receive a valid government or court order to take action against a name and the government has jurisdiction over the registration, we will take action the registration,” he said.

Up to a third of the .xyz zone — about three hundred thousand names — is believed to be owned by Chinese registrants who are currently unable to actually use their names.

The company clearly has compelling business reasons to comply with Chinese law.

But is giving the Chinese government the ongoing right to ban tens of thousands of domain names internationally a step too far?

ICANN allows anyone to file public comments on RSEP requests. I expect we’ll see a few this time.

XYZ to rethink China gateway plans

Kevin Murphy, September 16, 2015, Domain Registries

XYZ.com has withdrawn its request to start selling .xyz and .college domains into China via a local gateway service provider.

The company has said it will amend and resubmit its plan to ICANN, which had told it the idea “might raise significant Stability or Security issues”.

The registry wants to be one of the first non-Chinese registries to be able to comply with government regulations, which require all domain firms to have an official license.

As we reported last week, it had signed up with local registrar ZDNS, which would proxy for registrations made by Chinese registrants.

However, it has now withdrawn its Registry Services Evaluation Process request after ICANN said it would have to refer it up the chain to a special technical committee for review.

XYZ said in a letter to ICANN:

We are withdrawing this request because our gateway model is changed since the submission of the registry request and so the request is no longer accurate. We will shortly submit a new registry request to cover the updated gateway model.

It’s not clear what the specific “security and stability” concerns were.

Did XYZ.com pay NetSol $3m to bloat .xyz?

Kevin Murphy, August 25, 2015, Domain Registries

Evidence of a possibly dodgy deal between XYZ.com and Network Solutions has emerged.

Court documents filed last week by Verisign suggest that the .xyz registry may have purchased $3 million in advertising in exchange for $3 million of .xyz domain names.

Verisign, which is suing .xyz and CEO Daniel Negari over its allegedly “false” advertising, submitted to the court a list of hundreds of exhibits (pdf) that it proposes to use at trial.

Among them are these two:

  • Email from Negari to Andrew Gorrin re EPP Feed and billing directly for $3,000,000 in domains
  • Credit Memo to Andrew from Negari “We have elected to pay for our $3MM Q2 advertising insertion order, which was dated May 20th with a credit…….” (5/31/14)

Gorrin is Web.com’s senior VP of marketing and Negari is Daniel Negari, XYZ.com’s CEO.

The documents these headings refer to are not public information, and are not likely to be any time soon, but they appear to refer to on the one hand XYZ billing NetSol for $3 million in domain names and on the other NetSol billing XYZ for $3 million in advertising.

Only one of the two document headings is dated, so we don’t know how closely they coincided.

Other headings, among the 446 documents Verisign wants to use at trial, suggest that they happened at pretty much the same time:

  • Email from Andrew Gorrin to Ashley Henning (web.com) re Bulk Purchase of .xyz domains (5/29/14)
  • Email from Andrew Gorrin to Negari re XYZ.Com Advertising IO and Marketing Agreement attaching signed agreements (5/20/14)
  • Email string Ashley Henning to Christine Nagey, Andrew Gorrin, Edward Angstadt re Bulk Purchase of .XYZ Domains (5/30/14)

The emails Verisign cites were dated May 2014, shortly before .xyz went into general availability June 2.

What we seem to be looking at here — and I’m getting into speculative territory here — are references to two more or less simultaneous transactions, both valued at exactly $3 million, between the two parties.

Both companies have consistently refused to address the nature of their deal, citing NDAs.

As you recall, the vast majority of .xyz’s early registrations were provided by NetSol, which pushed hundreds of thousands of free .xyz domains into its customers’ accounts without their explicit consent.

The number of freebies is believed to be about 350,000, based on comments Negari recently made to The Telegraph, in which he stated that .xyz, which had about 850,000 domains in its zone at the time, would have 500,000 registrations if the freebies were excluded.

With a registry fee roughly equivalent to .com’s (.xyz’s is believed to be a little lower), 350,000 names would work out to roughly $3 million.

Negari has stated previously that every .xyz registration was revenue-generating, even the freebies.

Is it possible that NetSol paid XYZ’s registry fees using money XYZ paid it for advertising? Is it possible no money changed hands at all?

I’m not saying either company has done anything illegal, and it’s completely possible I’m completely misunderstanding the situation, but it does rather put me in mind of the old “round-trip” deals that tech firms used to dishonestly prop up their tumbling revenue at the turn of the century.

Back in 2000, the dot-com bubble was on the verge of popping, taking the US economy with it, and companies facing the decline of their businesses came up with “creative” ways to show investors that they were still growing.

AOL Time Warner, for example, “effectively funded its own online advertising revenue by giving the counterparties the means to pay for advertising that they would not otherwise have purchased”.

Regulators exercised their legal options in these cases only where there appeared to be dishonest accounting, and I’ve seen no evidence to suggest that XYZ or Web.com unit NetSol have failed to adhere to anything but the highest accounting standards.

Again, I’m not saying we’re looking at a “round-trip” deal here, and there’s not a great deal of evidence to go on, but it sure smells familiar.

Certainly, questions have been raised that Verisign did not raise in its initial complaint.

Anyway.

On a personal note, I’d like to disclose that among the documents Verisign demanded from XYZ are dozens of pages of previously confidential emails exchanged between myself and Negari.

I’ve read them, and they’re mostly heated arguments about a) his refusal to give details about the NetSol deal and b) my purported lack of journalistic integrity whenever I published a post about .xyz with an even slightly negative angle.

XYZ had no choice but to supply these emails. I can’t blame it for complying with its legal requirements.

I wasn’t the only affected blogger. Mike Berkens, Konstantinos Zournas, Rick Schwartz and Morgan Linton also had their private correspondence compromised by Verisign.

I don’t know how they feel about this violation, but in my view this shows Verisign’s contempt for the media and its disregard for the sanctity of off-the-record conversations between reporters and their sources.

And that’s what I have to say about that.

After abc.xyz, will Google now switch to .google?

Kevin Murphy, August 12, 2015, Domain Registries

Google provided the new gTLD industry with one of its most prominent endorsements to date when it revealed this week that its new parent company, Alphabet, will use a .xyz domain name.

But it could just be the first move away from traditional TLDs such as .com — its new gTLD .google entered its “general availability” phase today.

Alphabet will be the holding company for Google the search engine provider, as well as many other subsidiaries focused on non-core areas of its business, and will replace Google as the publicly traded entity.

The new company will use abc.xyz as its primary domain.

XYZ.com CEO Daniel Negari told Wired that the move is “the ultimate validation”, and it’s hard to disagree.

Despite this, almost all the coverage in the tech and mainstream media over the last 24 hours has been about the fact that it does not own alphabet.com.

A Google News search for “alphabet.com” today returns over 67,000 results. Refine the search to include “abc.xyz” and you’re left with fewer than 2,700.

This is perhaps to be expected; BMW owns alphabet.com and has told the New York Times it does not intend to sell it. Journalists naturally gravitate towards conflict, or potential conflict.

Some reporters even suggested, with mind-boggling naivety, that Google hadn’t even done the most cursory research into its new brand before embarking on the biggest restructuring in its history as a public company.

But perhaps the reality is a little simpler: owning a .com that exactly matches your brand just isn’t that important any more.

If any company has insight into the truth of that hypothesis, it’s Google.

It should hardly be surprising that Google digs the possibilities offered by new gTLDs — remember, it applied for 101 strings and has 42 of them already delegated.

Its senior engineers have also blogged repeatedly that all gTLDs, including .com, are treated equally by its search algorithms.

Now that it has made the decision to brand its holding company on a new gTLD domain, could we expect it be similarly nonchalant about a switch to .google?

The dot-brand today came out of its pre-launch phase and entered “general availability”, meaning that the gTLD is now free for it to use.

The .google zone file only has a few domains in it at present, so we’re probably not going to see anything deployed there overnight, but I’d be surprised if we have to wait a long time before .google is put to use in one way or another.

The company set up a fleeting April Fool’s Day website at com.google earlier this year.

Google’s application for .google states:

The mission of the proposed gTLD, .google is to make the worldʹs information universally accessible and useful through the streamlined provision of Google services. The purpose of the proposed gTLD is to provide a dedicated Internet space in which Google can continue to innovate on its Internet offerings. The proposed gTLD will augment Googleʹs online presence in other registries, provide Google with greater ability to categorize its present online locations around the world, and in turn, deliver a more recognizable, branded, trusted web space to both the general Internet population and Google employees. It will also generate efficiencies and increase security by reducing Google’s current dependence on third-party infrastructure.

The company has also stated on its Google Registry web site that it intends to use .google, .youtube and .plus “for Google products”.

XYZ buys .security and .protection from Symantec

XYZ.com has added .security and .protection to its portfolio of new gTLDs under a private deal with security software maker Symantec.

Symantec originally applied for both as closed generics, but changed its plans when ICANN changed its tune about exclusive access gTLDs.

The company won .security in an auction against Donuts and Defender Security late last year; .protection was uncontested. It lost auctions for .cloud and .antivirus.

Symantec’s .symantec and .norton, both dot-brands, are currently in pre-delegation testing.

XYZ already owns .college, .rent and of course .xyz.

In other news, Afilias has acquired .promo, which was in PDT with applicant Play.Promo Oy, in a private auction.

UPDATE: A couple of hours after this post was published, XYZ announced it has also acquired .theatre, which will compete with Donuts’ .theater, from KBE gTLD Holding Inc.

.xyz starts to plummet — NetSol freebies to blame?

XYZ.com has been seeing its .xyz zone file shrink rapidly over the last five days, likely as a result of free domains pushed out to Network Solutions customers starting to expire.

DI PRO stats show that .xyz has shrunk by 49,658 domains this week — today at 888,413 names compared to a June 4 peak of 942,927.

It was June 4 last year when the industry become aware that NetSol was automatically pushing .xyz names into the accounts of its existing customers without their explicit consent.

Renewal rates usually do not become clear for 45 days after expiration, due to grace periods, but domains can delete earlier.

On June 9, 2014, one year ago today, .xyz had 87,073 domains in its zone file. It’s difficult to see where a loss of almost 50,000 names this week could come from if not the NetSol freebies deleting.

It is believed that the NetSol giveaway contributed about 350,000 names to .xyz’s zone over the period of its offer.

NetSol has been bundling .xyz renewals — which along with the free year of email and privacy comes to a whopping $57 — when it asks its customers to renewal their matching .com/.net/.org domains.

.xyz likely hasn’t seen the worst of its total shrinkage yet.

When eNom pushed free .info domains into its customers’ accounts about 10 years ago the renewal rate on those names was virtually zero.

New gTLD phishing still tiny, but .xyz sees most of it

New gTLDs are not yet being widely used to carry out phishing runs, but most such attacks are concentrated in .xyz.

That’s one of the conclusions of the Anti-Phishing Working Group, which today published its report for the second half of 2014.

Phishing was basically flat in the second half of the year, with 123,972 recorded attacks.

The number of domains used to phish was 95,321, up 8.4% from the first half of the year.

However, the number of domains that were registered maliciously in order to phish (as opposed to compromised domains) was up sharply — by 20% to 27,253 names.

In the period, 272 TLDs were used, but almost 54% of the attacks used .com domains. In terms of maliciously registered domains, .com fared worse, with over 62% share.

According to APWG, 75% of maliciously registered domains were in .com, .tk, .pw, .cf and .net.

Both .tk and .cf are Freenom-administered free ccTLDs (for Tokelau and the Central African Republic) while low-cost .pw — “plagued” by Chinese phishers — is run by Radix for Palau.

New gTLDs accounted for just 335 of the maliciously registered domains — 1.2% of the total.

That’s about half of what you’d expect given new gTLDs’ share of the overall domain name industry.

Twenty-four new gTLDs had malicious registrations, but .xyz saw most of them. APWG said:

Almost two-thirds of the phishing in the new gTLDs — 288 domains — was concentrated in the .XYZ registry. (Of the 335 maliciously registered domains, 274 were in .XYZ.) This is the first example of malicious registrations clustering in one new gTLD, and we are seeing more examples in early 2015.

XYZ.com aggressively promoted cheap or free .xyz names during the period, but APWG said that only four .xyz phishing names were registered via freebie partner Network Solutions.

In fact, APWG found that most of its phishing names were registered via Xin Net and used to attack Chinese brands.

But, normalizing the numbers to take account of different market shares, .xyz shapes up poorly when compared to .com and other TLDs, in terms of maliciously registered domains. APWG said:

XYZ had a phishing-per-10,000-domains score of 3.6, which was just slightly above the average of 3.4 for all TLDs, and lower than .COM’s score of 4.7. Since most phishing domains in .XYZ were fraudulently registered and most in .COM compromised, .XYZ had a significantly higher incidence of malicious domain registrations per 10,000 coming in at 3.4 versus 1.4 for .COM.

APWG said that it expects the amount of phishing to increase in new gTLDs as registries, finding themselves in a crowded marketplace, compete aggressively on price.

It also noted that the amount of non-phishing abuse in new gTLDs is “much higher” than the phishing numbers would suggest:

Tens of thousands of domains in the new gTLDs are being consumed by spammers, and are being blocklisted by providers such as Spamhaus and SURBL. So while relatively few new gTLD domains have been used for phishing, the total number of them being used maliciously is much higher.

The number of maliciously registered domains containing a variation on the targeted brand was more or less flat, up from 6.6% to 6.8%.

APWG found that 84% of all phishing attacks target Chinese brands and Chinese internet users.

The APWG report can be downloaded here.

UPDATE: XYZ.com CEO Daniel Negari responded to the report by pointing out that phishing attacks using .xyz have a much shorter duration compared to other TLDs, including .com.

According to the APWG report, the average uptime of an attack using .xyz is just shy of 12 hours, compared to almost 28 hours in .com. The median uptime was a little over six hours in .xyz, compared to 10 hours in .com.

Negari said that this was due to the registry’s “aggressive detection and takedowns”. He said XYZ has three full-time employees devoted to handling abuse.

XYZ and Uniregistry acquire .car from Google, launch joint venture

XYZ.com and Uniregistry have launched a joint venture to operate a trio of car-related new gTLDs, after acquiring .car from Google.

Cars Registry Ltd is a new company. It will launch .cars, .car and .auto later this year.

Uniregistry won .cars and .auto at auction last year. Google was the only applicant for .car.

It signed its ICANN contract in January but transferred it to Cars Registry a little under a month ago.

The newly formed venture plans to launch all three TLDs simultaneously in the fourth quarter this year.

.car is currently in pre-delegation testing. The other two are already in the root.

Cars Registry does not have the the car-related domain space completely sewn up, however.

Dominion Enterprises runs .autos, albeit with a plan to launch the TLD with restrictions that may well mean it does not directly compete with the other three TLDs.

Launch details for .cars, .car and .auto have not yet been released.

Judging by the gTLDs’ web site, they will run on the Uniregistry back-end.

.xyz dismisses own ads as “puffery”

Kevin Murphy, April 30, 2015, Domain Registries

XYZ.com has dismissed its own claim that .xyz is the “next .com” as “mere opinion or puffery”, in an attempt to resolve a false advertising lawsuit filed by Verisign.

Attempting to get the lawsuit resolved without going to the expense of a full trial, the registry has filed with the court a lengthy, rather self-deprecating deconstruction of its own marketing.

It says among other things that the blog posts and videos at issue are “not statements of fact but rather mere puffery, hyperbole, predictive, or assertions of opinion”.

Verisign sued XYZ and its CEO, Daniel Negari, in December, claiming that the video embedded below reflects “a strategy to create a deceptive message to the public that companies and individuals cannot get the .COM domain names they want from Verisign, and that XYZ is quickly becoming the preferred alternative.”

Last week XYZ filed a motion asking the court to rule on the pleadings only, meaning it would not go to trial. It appears to be an effort by the smaller company to avoid any more unnecessary legal fees.

“Verisign is attempting to litigate XYZ out of business complaining about a vanity video, website blog posts, and opinions stated to a reporter,” the motion says.

The document goes to great lengths to argue that the video, blog posts and interviews given by Negari are not “statements of fact”, but rather mere “hyperbole”.

It even goes to the extent of arguing that its ads make Verisign look good:

XYZ’s claim to be “the next .com” could not plausibly harm Verisign’s commercial interest because the claim reinforces that Verisign’s .COM is the most-popular, most-successful domain. Perhaps consumers think that since .XYZ is the next .COM, they should not buy other new domains. Perhaps consumers buy more .COM domains because XYZ has promoted Verisign as the market leader. But Verisign suffering any injury as a result of XYZ’s statements is implausible.

Some might view the old Honda in the video with the “COM” license plate as trusty and reliable, and the Audi sports car with “XYZ” as high maintenance, impracticable, and too trendy.

Verisign may or may not win the lawsuit, but it does seem to have succeeded in getting XYZ to cut the balls off of its own marketing.

Verisign has not yet filed a response to XYZ’s motion, which will be heard in court May 8.

You can download the PDF of the motion here.