Latest news of the domain name industry

Recent Posts

Adware dominating popular new gTLD ranks

Kevin Murphy, March 11, 2015, Domain Registries

Afilias’ .kim has become the latest victim (beneficiary?) of adware, as robo-registrations boost the gTLD’s zone file and apparent popularity.

It’s the latest new gTLD, after .xyz and .country, to see its rankings soar after hundreds of gibberish, bulk-registered domains started being used to serve ads by potentially unwanted software.

.kim is today the 4th most-popular new gTLD, with 85 domains in the top 100,000 on the internet and 264 in the top one million.

A month ago, it had a rank of 223, with just 16 domains in the top one million.

The domain names involved — gems such as oatmealsmoke.kim, vegetableladybug.kim and tubhaircut.kim — have seen a boat-load of traffic and rocketing Alexa rank.

The reason for the boost seems to be a one-off bulk registration of about 1,000 meaningless .kim domain names in early February, which now appear to be being used to serve ads via adware.

In this chart (click to enlarge), we see .kim’s zone file growth since the start of 2015.

The spike on February 5, which represents over 1,000 names, is the date almost all of the .kim names with Alexa rank were first registered.

They all appear to be using Uniregistry as the registrar and its free privacy service to mask their Whois details.

These domains often do not resolve if you type them into your browser. They’re also using robots.txt to hide themselves from search engines.

But they’ve been leaving traces of their activity elsewhere on the web, strongly suggesting their involvement in adware campaigns.

It seems that the current (ab?)use of .kim domains is merely the latest in a series of possibly linked campaigns.

I noted in January that gibberish .country domains — at the time priced at just $1 at Uniregistry — were suddenly taking over from .xyz in the popularity charts.

The following three charts, captured from DI PRO’s TLD Health Check, show how the three TLDs’ Alexa popularity rose and fell during what I suspect were related adware campaigns..

First, .xyz, which was the first new gTLD to show evidence of having robo-registrations used in adware campaigns, saw its popularity spike at the end of 2014 and start of 2015:

Next, Minds + Machines’ .country, which saw its zone file spike by 1,500 names around January 6, starts to see its Alexa-ranked total rocket almost immediately.

.country peaks around February 9, just a few days after the .kim robo-registrations were made.

Finally, as .country’s use declines, .kim takes over. Its popularity has been growing day by day since around February 13.

I think what we’re looking at here is one shadowy outfit cycling through bulk-registered, throwaway domain names to serve ads via unwanted adware programs.

It seems possible that domains are retired when they become sufficiently blocked by security countermeasures, and other domains in other TLDs are then brought online to take over.

None of this necessarily reflects badly on any of the new gTLDs in question, or even new gTLDs as a whole, of course.

For starters, I’ve reason to believe that TLDs such as .eu and .biz have previously been targeted by the same people.

The “attacks”, for want of a better word, are only really noticeable because the new gTLDs being targeted are young and still quite small.

It takes much longer to build up genuine popularity for a newly launched web site than it does to merely redirect exist captive traffic to a newly registered domain.

What it may mean, however, is that .kim and .country are going to be in for statistically significant junk drops about a year from now, when the first-year registrations expire.

For .kim, 1,000 names is about 14% of its current zone file. For .country, it’s more like a quarter.

The daily-updated list of new gTLD domains with Alexa rank can be explored by DI PRO subscribers here. The charts in this post were all captured from the respective TLD’s page on TLD Health Check.

Verisign sues .xyz and Negari for “false advertising”

Kevin Murphy, February 24, 2015, Domain Registries

Handbags at dawn!

Verisign, the $7.5 billion .com domain gorilla, has sued upstart XYZ.com and CEO Daniel Negari for disparaging .com and allegedly misrepresenting how well .xyz is doing.

It’s the biggest legacy gTLD versus the biggest (allegedly) new gTLD.

The lawsuit focuses on some registrars’ habit of giving .xyz names to registrants of .com and other domains without their consent, enabling XYZ.com and Negari to use inflated numbers as a marketing tool.

The Lanham Act false advertising lawsuit was filed in Virginia last December, but I don’t believe it’s been reported before now.

Verisign’s beef is first with this video, which is published on the front page of xyz.com:

Verisign said that the claim that it’s “impossible” to find a .com domain (which isn’t quite what the ad says) is false.

The complaint goes on to say that interviews Negari did with NPR and VentureBeat last year have been twisted to characterize .xyz as “the next .com”, whereas neither outlet made such an endorsement. It states:

XYZ’s promotional statements, when viewed together and in context, reflect a strategy to create a deceptive message to the public that companies and individuals cannot get the .COM domain names they want from Verisign, and that XYZ is quickly becoming the preferred alternative.

As regular readers will be aware, .xyz’s zone file, which had almost 785,000 names in it yesterday, has been massively inflated by a campaign last year by Network Solutions to push free .xyz domains into customers’ accounts without their consent.

It turns out Verisign became the unwilling recipient of gtld-servers.xyz, due to it owning the equivalent .com.

According to Verisign, Negari has used these inflated numbers to falsely make it look like .xyz is a viable and thriving alternative to .com. The company claims:

Verisign is being injured as a result of XYZ and Negari’s false and/or misleading statements of fact including because XYZ and Negari’s statements undermine the equity and good will Verisign has developed in the .COM registry.

XYZ and Negari should be ordered to disgorge their profits and other ill-gotten gains received as a result of this deception on the consuming public.

The complaint makes reference to typosquatting lawsuits Negari’s old company, Cyber2Media, settled with Facebook and Goodwill Industries a few years ago, presumably just in order to frame Negari as a bad guy.

Verisign wants not only for XYZ to pay up, but also for the court to force the company to disclose its robo-registration numbers whenever it makes a claim about how successful .xyz is.

XYZ denies everything. Answering Verisign’s complaint in January, it also makes nine affirmative defenses citing among other things its first amendment rights and Verisign’s “unclean hands”.

While many of Verisign’s allegations appear to be factually true, I of course cannot comment on whether its legal case holds water.

But I do think the lawsuit makes the company looks rather petty — a former monopolist running to the courts on trivial grounds as soon as it sees a little competition.

I also wonder how the company is going to demonstrate harm, given that by its own admission .com continues to sell millions of new domains every quarter.

But the lesson here is for all new gTLD registries — if you’re going to compare yourselves to .com, you might want to get your facts straight first if you want to keep your legal fees down.

And perhaps that’s the point.

Read the complaint here and the answer here, both in PDF format.

.xyz press release yanked for “encouraging cybersquatting”

Kevin Murphy, January 13, 2015, Domain Registries

XYZ.com has withdrawn a month-old press release following allegations that it encouraged cybersquatting in .xyz.

The December 3 release concerned the release of 18,000 .xyz domains that were previously blocked due to ICANN’s policy on name collisions.

The release highlighted “trademarked names such as Nike, Hulu, Netflix, Skype, Pepsi, Audi and Deloitte” that were becoming available, according to World Trademark Review, which reported the story yesterday.

Five of the seven brands highlighted have since been registered by apparent cybersquatters, WTR reported.

The .xyz press release has since been withdrawn from the web sites on which it appeared, and registry production manager Shayan Rostam told WTR that the intention was to encourage brand owners to register, rather than cybersquatters.

“Cybersquatting has a negative effect on our business and we would never take any action to encourage cybersquatting,” he reportedly said.

Read the WTR article here.

.xyz tops 500,000 names

Kevin Murphy, September 16, 2014, Domain Registries

XYZ.com’s new gTLD .xyz has become the first in this round to accrue over half a million domains in its zone file.

This morning I count 500,050 domains in the zone, up 3,485 on yesterday.

The registry has added over 60,000 domains in the last 30 days.

It’s well-known that the large majority of .xyz names have been given away for free, largely without the registrants’ explicit consent, so it’s not a great measure of demand.

Still, it’s a milestone of sorts.

Some percentage of .xyz’s registrants will renew for a fee next year, so the larger its installed base, the larger the number of paid-for domains the registry could wind up with.

Verisign: 41% of new gTLD sites are parked

Kevin Murphy, August 13, 2014, Domain Registries

As much as 41% of domains registered in new gTLDs are parked with pay-per-click advertising, according to research carried out by Verisign.

That works out to over 540,000 domains, judging by the 1.3 million total I have on record from June 29, the day Verisign carried out the survey.

Domains classified as carrying “business” web sites — defined as “a website that shows commercial activity” — accounted for just 3% of the total, according to Verisign.

There are some big caveats, of course, not least of which is .xyz, which tends to skew any surveys based on “registered” names appearing in the zone file. Verisign noted:

XYZ.COM LLC (.xyz) has a high concentration of PPC websites as a result of a campaign that reportedly automatically registered XYZ domains to domain registrants in other TLDs unless they opted out of receiving the free domain name. After registration, these free names forward to a PPC site unless reconfigured by the end user registrant.

On June 29, .xyz had 225,159 domains in its zone file. I estimate somewhat over 200,000 of those names were most likely freebies and most likely parked.

The practice of registry parking, carried out most aggressively by Uniregistry and its affiliate North Sound, also threw off Verisign’s numbers.

Whereas most new gTLD registries reserve their premium names without adding them to the zone files, Uniregistry registers them via North Sound to park and promote them.

Tens of thousands of names have been registered in this way.

Coupled with the .xyz effect, this leads me to conclude that the number of domains registered by real registrants and parked with PPC is probably close to half of Verisign’s number.

That’s still one out of every five domains in new gTLDs, however.

Judging by a chart on Verisign’s blog, .photography appears to have the highest percentage of “business” use among the top 10 new gTLDs so far.

Verisign also found that 10% of the names it scanned redirect to a different domain. It classified these as redirects, rather than according to the content of their final destination.