Latest news of the domain name industry

Recent Posts

New gTLD phishing still tiny, but .xyz sees most of it

New gTLDs are not yet being widely used to carry out phishing runs, but most such attacks are concentrated in .xyz.

That’s one of the conclusions of the Anti-Phishing Working Group, which today published its report for the second half of 2014.

Phishing was basically flat in the second half of the year, with 123,972 recorded attacks.

The number of domains used to phish was 95,321, up 8.4% from the first half of the year.

However, the number of domains that were registered maliciously in order to phish (as opposed to compromised domains) was up sharply — by 20% to 27,253 names.

In the period, 272 TLDs were used, but almost 54% of the attacks used .com domains. In terms of maliciously registered domains, .com fared worse, with over 62% share.

According to APWG, 75% of maliciously registered domains were in .com, .tk, .pw, .cf and .net.

Both .tk and .cf are Freenom-administered free ccTLDs (for Tokelau and the Central African Republic) while low-cost .pw — “plagued” by Chinese phishers — is run by Radix for Palau.

New gTLDs accounted for just 335 of the maliciously registered domains — 1.2% of the total.

That’s about half of what you’d expect given new gTLDs’ share of the overall domain name industry.

Twenty-four new gTLDs had malicious registrations, but .xyz saw most of them. APWG said:

Almost two-thirds of the phishing in the new gTLDs — 288 domains — was concentrated in the .XYZ registry. (Of the 335 maliciously registered domains, 274 were in .XYZ.) This is the first example of malicious registrations clustering in one new gTLD, and we are seeing more examples in early 2015.

XYZ.com aggressively promoted cheap or free .xyz names during the period, but APWG said that only four .xyz phishing names were registered via freebie partner Network Solutions.

In fact, APWG found that most of its phishing names were registered via Xin Net and used to attack Chinese brands.

But, normalizing the numbers to take account of different market shares, .xyz shapes up poorly when compared to .com and other TLDs, in terms of maliciously registered domains. APWG said:

XYZ had a phishing-per-10,000-domains score of 3.6, which was just slightly above the average of 3.4 for all TLDs, and lower than .COM’s score of 4.7. Since most phishing domains in .XYZ were fraudulently registered and most in .COM compromised, .XYZ had a significantly higher incidence of malicious domain registrations per 10,000 coming in at 3.4 versus 1.4 for .COM.

APWG said that it expects the amount of phishing to increase in new gTLDs as registries, finding themselves in a crowded marketplace, compete aggressively on price.

It also noted that the amount of non-phishing abuse in new gTLDs is “much higher” than the phishing numbers would suggest:

Tens of thousands of domains in the new gTLDs are being consumed by spammers, and are being blocklisted by providers such as Spamhaus and SURBL. So while relatively few new gTLD domains have been used for phishing, the total number of them being used maliciously is much higher.

The number of maliciously registered domains containing a variation on the targeted brand was more or less flat, up from 6.6% to 6.8%.

APWG found that 84% of all phishing attacks target Chinese brands and Chinese internet users.

The APWG report can be downloaded here.

UPDATE: XYZ.com CEO Daniel Negari responded to the report by pointing out that phishing attacks using .xyz have a much shorter duration compared to other TLDs, including .com.

According to the APWG report, the average uptime of an attack using .xyz is just shy of 12 hours, compared to almost 28 hours in .com. The median uptime was a little over six hours in .xyz, compared to 10 hours in .com.

Negari said that this was due to the registry’s “aggressive detection and takedowns”. He said XYZ has three full-time employees devoted to handling abuse.

XYZ and Uniregistry acquire .car from Google, launch joint venture

XYZ.com and Uniregistry have launched a joint venture to operate a trio of car-related new gTLDs, after acquiring .car from Google.

Cars Registry Ltd is a new company. It will launch .cars, .car and .auto later this year.

Uniregistry won .cars and .auto at auction last year. Google was the only applicant for .car.

It signed its ICANN contract in January but transferred it to Cars Registry a little under a month ago.

The newly formed venture plans to launch all three TLDs simultaneously in the fourth quarter this year.

.car is currently in pre-delegation testing. The other two are already in the root.

Cars Registry does not have the the car-related domain space completely sewn up, however.

Dominion Enterprises runs .autos, albeit with a plan to launch the TLD with restrictions that may well mean it does not directly compete with the other three TLDs.

Launch details for .cars, .car and .auto have not yet been released.

Judging by the gTLDs’ web site, they will run on the Uniregistry back-end.

.xyz dismisses own ads as “puffery”

Kevin Murphy, April 30, 2015, Domain Registries

XYZ.com has dismissed its own claim that .xyz is the “next .com” as “mere opinion or puffery”, in an attempt to resolve a false advertising lawsuit filed by Verisign.

Attempting to get the lawsuit resolved without going to the expense of a full trial, the registry has filed with the court a lengthy, rather self-deprecating deconstruction of its own marketing.

It says among other things that the blog posts and videos at issue are “not statements of fact but rather mere puffery, hyperbole, predictive, or assertions of opinion”.

Verisign sued XYZ and its CEO, Daniel Negari, in December, claiming that the video embedded below reflects “a strategy to create a deceptive message to the public that companies and individuals cannot get the .COM domain names they want from Verisign, and that XYZ is quickly becoming the preferred alternative.”

Last week XYZ filed a motion asking the court to rule on the pleadings only, meaning it would not go to trial. It appears to be an effort by the smaller company to avoid any more unnecessary legal fees.

“Verisign is attempting to litigate XYZ out of business complaining about a vanity video, website blog posts, and opinions stated to a reporter,” the motion says.

The document goes to great lengths to argue that the video, blog posts and interviews given by Negari are not “statements of fact”, but rather mere “hyperbole”.

It even goes to the extent of arguing that its ads make Verisign look good:

XYZ’s claim to be “the next .com” could not plausibly harm Verisign’s commercial interest because the claim reinforces that Verisign’s .COM is the most-popular, most-successful domain. Perhaps consumers think that since .XYZ is the next .COM, they should not buy other new domains. Perhaps consumers buy more .COM domains because XYZ has promoted Verisign as the market leader. But Verisign suffering any injury as a result of XYZ’s statements is implausible.

Some might view the old Honda in the video with the “COM” license plate as trusty and reliable, and the Audi sports car with “XYZ” as high maintenance, impracticable, and too trendy.

Verisign may or may not win the lawsuit, but it does seem to have succeeded in getting XYZ to cut the balls off of its own marketing.

Verisign has not yet filed a response to XYZ’s motion, which will be heard in court May 8.

You can download the PDF of the motion here.

.xyz helps CentralNic double its revenue

Kevin Murphy, April 28, 2015, Domain Registries

CentralNic’s revenue almost doubled in 2014, helped by the launch of new gTLDs.

The UK-based registry today reported annual operating profit of £497,000 ($759,000), down from £694,000 ($1.05 million) in 2013, on the back of revenue up 99% at £6.06 million ($9.25 million).

Billings– money taken but not yet recorded as revenue — was up a whopping 154% at £9.89 million ($15.1 million).

Part of the reason for the growth was the launch of new gTLDs last year.

CentralNic acts as the registry back-end for eight TLDs that launched last year, including runaway volume leader .xyz, which has about 880,000 domains in its zone file today.

Another big contributor was Internet.bs, the Bahamas-based registrar that CentralNic acquired for $7.5 million last year.

The registrar had about 400,000 legacy gTLD domains under management at the end of the year, according to DI’s records.

Both new gTLDs and Internet.bs started contributing to revenue in the second half of the year.

CentralNic also said that its new “enterprise” division, which sells premium domains and offers consulting and software, was a growth factor.

CEO Ben Crawford told the markets that the new gTLD opportunity has so far been “softer” than expected.

Only a small number of retailers received their accreditations from ICANN to sell domains under the new TLDs in 2014, and a lack of public awareness pending the launches of the “superbrand TLDs” such as .google, .apple and .sony, meant that the market for new TLDs in 2014 was softer than had been projected by ICANN and other industry experts. It was essentially limited to domain investors and other early adopters.

Opinion in split in the industry on how much reliance can be put on what Crawford calls “super-brands” to do the heavy lifting when it comes to public awareness of new gTLDs.

NetSol’s free .xyz bundle renews at $57

Kevin Murphy, April 13, 2015, Domain Registrars

Network Solutions is charging a total of $57.17 for renewing the .xyz domain names and associated services it gave away for free as part of .xyz’s controversial launch last year.

A little over a year ago, NetSol found controversy when it pushed hundreds of thousands of .xyz domain names into its customers’ accounts without their explicit consent.

The offer, which required customers to opt out if they didn’t want it, included a year of private registration and a year of email.

The move allowed XYZ.com, the .xyz registry, to report itself as the largest new gTLD registry.

It’s been the subject of some speculation how renewals would be treated by NetSol, but now we know.

Customers, at least in cases reported by DI readers, are being sent renewal notices for their .xyz bundles in the same mailshots as for their .com domains.

Clicking the “Renew” button in these emails takes registrants to a NetSol page on which they can select which of their products they would like to renew.

All, including the .xyz products, are pre-selected for renewal but may be deselected.

Pricing is set at $15.99 for the .xyz domain, $15.99 for the private registration and $25.19 for the email service. That’s a total of $57.17.

Here’s a screenshot of the shopping cart with the pricing (I’ve redacted the domain). Click to enlarge.

The original email sent by NetSol to customers last June, said:

We want to show you how much we appreciate your loyalty by rewarding you with complimentary access to a 1-year registration of a .XYZ domain, one of the hottest new domain extensions. .XYZ domains are proving to have broad appeal and also be extremely memorable. In addition to your complimentary domain, you’ll also receive Professional Email and Private Registration for your .XYZ domain – free of charge.

If you choose not to keep this domain no action is needed and you will not be charged any fees in the future. Should you decide to keep the domain after your complementary first year, simply renew it like any other domain in your account.

The fine print read:

Offer applies to first year of new registrations only. The offer is not transferable and is only available to the recipient. After the complimentary first year the .XYZ domain name and its related services shall expire unless you actively renew the .XYZ domain name and its related services at the then-current rates.

Please note that your use of this .XYZ domain name and/or your refusal to decline the domain shall indicate acceptance of the domain into your account, your continued acceptance of our Service Agreement located online at http://www.networksolutions.com/legal/static-service-agreement.jsp, and its application to the domain.

There’s concern from some registrants that customers may renew their .xyz services without really understanding how they ended up in their account in the first place.

.xyz currently has over 857,000 domains in its zone file.

XYZ.com CEO Daniel Negari was recently quoted as saying that roughly 500,000 of those were not freebies.

The company is being sued by .com registry Verisign for using its reg numbers in “false advertising” that seeks to compare .xyz to .com.