Latest news of the domain name industry

Recent Posts

Adware dominating popular new gTLD ranks

Kevin Murphy, March 11, 2015, Domain Registries

Afilias’ .kim has become the latest victim (beneficiary?) of adware, as robo-registrations boost the gTLD’s zone file and apparent popularity.

It’s the latest new gTLD, after .xyz and .country, to see its rankings soar after hundreds of gibberish, bulk-registered domains started being used to serve ads by potentially unwanted software.

.kim is today the 4th most-popular new gTLD, with 85 domains in the top 100,000 on the internet and 264 in the top one million.

A month ago, it had a rank of 223, with just 16 domains in the top one million.

The domain names involved — gems such as oatmealsmoke.kim, vegetableladybug.kim and tubhaircut.kim — have seen a boat-load of traffic and rocketing Alexa rank.

The reason for the boost seems to be a one-off bulk registration of about 1,000 meaningless .kim domain names in early February, which now appear to be being used to serve ads via adware.

In this chart (click to enlarge), we see .kim’s zone file growth since the start of 2015.

The spike on February 5, which represents over 1,000 names, is the date almost all of the .kim names with Alexa rank were first registered.

They all appear to be using Uniregistry as the registrar and its free privacy service to mask their Whois details.

These domains often do not resolve if you type them into your browser. They’re also using robots.txt to hide themselves from search engines.

But they’ve been leaving traces of their activity elsewhere on the web, strongly suggesting their involvement in adware campaigns.

It seems that the current (ab?)use of .kim domains is merely the latest in a series of possibly linked campaigns.

I noted in January that gibberish .country domains — at the time priced at just $1 at Uniregistry — were suddenly taking over from .xyz in the popularity charts.

The following three charts, captured from DI PRO’s TLD Health Check, show how the three TLDs’ Alexa popularity rose and fell during what I suspect were related adware campaigns..

First, .xyz, which was the first new gTLD to show evidence of having robo-registrations used in adware campaigns, saw its popularity spike at the end of 2014 and start of 2015:

Next, Minds + Machines’ .country, which saw its zone file spike by 1,500 names around January 6, starts to see its Alexa-ranked total rocket almost immediately.

.country peaks around February 9, just a few days after the .kim robo-registrations were made.

Finally, as .country’s use declines, .kim takes over. Its popularity has been growing day by day since around February 13.

I think what we’re looking at here is one shadowy outfit cycling through bulk-registered, throwaway domain names to serve ads via unwanted adware programs.

It seems possible that domains are retired when they become sufficiently blocked by security countermeasures, and other domains in other TLDs are then brought online to take over.

None of this necessarily reflects badly on any of the new gTLDs in question, or even new gTLDs as a whole, of course.

For starters, I’ve reason to believe that TLDs such as .eu and .biz have previously been targeted by the same people.

The “attacks”, for want of a better word, are only really noticeable because the new gTLDs being targeted are young and still quite small.

It takes much longer to build up genuine popularity for a newly launched web site than it does to merely redirect exist captive traffic to a newly registered domain.

What it may mean, however, is that .kim and .country are going to be in for statistically significant junk drops about a year from now, when the first-year registrations expire.

For .kim, 1,000 names is about 14% of its current zone file. For .country, it’s more like a quarter.

The daily-updated list of new gTLD domains with Alexa rank can be explored by DI PRO subscribers here. The charts in this post were all captured from the respective TLD’s page on TLD Health Check.

Verisign sues .xyz and Negari for “false advertising”

Kevin Murphy, February 24, 2015, Domain Registries

Handbags at dawn!

Verisign, the $7.5 billion .com domain gorilla, has sued upstart XYZ.com and CEO Daniel Negari for disparaging .com and allegedly misrepresenting how well .xyz is doing.

It’s the biggest legacy gTLD versus the biggest (allegedly) new gTLD.

The lawsuit focuses on some registrars’ habit of giving .xyz names to registrants of .com and other domains without their consent, enabling XYZ.com and Negari to use inflated numbers as a marketing tool.

The Lanham Act false advertising lawsuit was filed in Virginia last December, but I don’t believe it’s been reported before now.

Verisign’s beef is first with this video, which is published on the front page of xyz.com:

Verisign said that the claim that it’s “impossible” to find a .com domain (which isn’t quite what the ad says) is false.

The complaint goes on to say that interviews Negari did with NPR and VentureBeat last year have been twisted to characterize .xyz as “the next .com”, whereas neither outlet made such an endorsement. It states:

XYZ’s promotional statements, when viewed together and in context, reflect a strategy to create a deceptive message to the public that companies and individuals cannot get the .COM domain names they want from Verisign, and that XYZ is quickly becoming the preferred alternative.

As regular readers will be aware, .xyz’s zone file, which had almost 785,000 names in it yesterday, has been massively inflated by a campaign last year by Network Solutions to push free .xyz domains into customers’ accounts without their consent.

It turns out Verisign became the unwilling recipient of gtld-servers.xyz, due to it owning the equivalent .com.

According to Verisign, Negari has used these inflated numbers to falsely make it look like .xyz is a viable and thriving alternative to .com. The company claims:

Verisign is being injured as a result of XYZ and Negari’s false and/or misleading statements of fact including because XYZ and Negari’s statements undermine the equity and good will Verisign has developed in the .COM registry.

XYZ and Negari should be ordered to disgorge their profits and other ill-gotten gains received as a result of this deception on the consuming public.

The complaint makes reference to typosquatting lawsuits Negari’s old company, Cyber2Media, settled with Facebook and Goodwill Industries a few years ago, presumably just in order to frame Negari as a bad guy.

Verisign wants not only for XYZ to pay up, but also for the court to force the company to disclose its robo-registration numbers whenever it makes a claim about how successful .xyz is.

XYZ denies everything. Answering Verisign’s complaint in January, it also makes nine affirmative defenses citing among other things its first amendment rights and Verisign’s “unclean hands”.

While many of Verisign’s allegations appear to be factually true, I of course cannot comment on whether its legal case holds water.

But I do think the lawsuit makes the company looks rather petty — a former monopolist running to the courts on trivial grounds as soon as it sees a little competition.

I also wonder how the company is going to demonstrate harm, given that by its own admission .com continues to sell millions of new domains every quarter.

But the lesson here is for all new gTLD registries — if you’re going to compare yourselves to .com, you might want to get your facts straight first if you want to keep your legal fees down.

And perhaps that’s the point.

Read the complaint here and the answer here, both in PDF format.

Pop-ups boost most-popular new gTLD domains, and it’s not just .xyz any more

Kevin Murphy, January 26, 2015, Domain Registries

The .xyz and .country gTLDs are currently dominating the league table of most-popular new gTLDs, but massive pop-up advertising campaigns using junk domains can account for the majority of their leading sites.

Today, Amazon’s Alexa site popularity tool sees 2,425 new gTLD domains in its top one million. Of those, 163 are in the top 50,000 sites.

But almost two thirds of those 163 domains appear to be throwaways that receive traffic not because they’re attracting visitors, but because they’re used to serve pop-up advertising, in some cases via adware.

The trend has been visible for a few months now, restricted almost exclusively to .xyz, but over the last two weeks .country has also started to be used in this way.

That’s interesting because, unlike .xyz, .country is not a low-cost gTLD. Go Daddy currently sells it for $39.95 per year.

(UPDATE: As Andrew points out in the comments, Uniregistry is selling .country names for $1 for the first year, which almost certainly explains the .country bump.)

Almost 100 of the top 163 new gTLD domains comprise two unrelated dictionary words put together to make something nonsensical.

Domains such as iciclecellar.country, laborervolcano.country, classkitten.country, sweepstakesglove.country, rewardmen.country, installationdesk.country have recently joined have joined the likes of vasegiraffe.xyz, cactusstew.xyz, bedcrow.xyz, notebookwrist.xyz, wishgrass.xyz, pencilkite.xyz and basketriver.xyz on this list.

As far as I can tell, they’re all registered via Uniregistry and using its free Whois privacy service to mask the identities of the registrants.

Visiting these domains in your browser will either result in an error — where I suspect the site is checking the referrer before deciding whether to show a page — or will send you on a merry redirect chain that terminates in an affiliate marketing sign-up page.

Some of the domains have been discussed in online forums as serving up pop-up ads, which would account for large amounts of traffic and high popularity.

Some have alleged that they’ve seen adware serve up ads from some of these domains.

Pop-up ads may be annoying, but they’re legal and — unlike spam and malware — not usually a violation of gTLD registries’ terms of service.

Whether benefiting from adware would leave a registrant in violation of a registrar or registry’s ToS is also a fuzzy area.

But for the new gTLD industry, which is currently in a mindshare-building mode, this kind of use does not make for great optics. If internet users see new gTLDs most often in an unwanted context, it could impair their trust in the new gTLD environment.

.xyz press release yanked for “encouraging cybersquatting”

Kevin Murphy, January 13, 2015, Domain Registries

XYZ.com has withdrawn a month-old press release following allegations that it encouraged cybersquatting in .xyz.

The December 3 release concerned the release of 18,000 .xyz domains that were previously blocked due to ICANN’s policy on name collisions.

The release highlighted “trademarked names such as Nike, Hulu, Netflix, Skype, Pepsi, Audi and Deloitte” that were becoming available, according to World Trademark Review, which reported the story yesterday.

Five of the seven brands highlighted have since been registered by apparent cybersquatters, WTR reported.

The .xyz press release has since been withdrawn from the web sites on which it appeared, and registry production manager Shayan Rostam told WTR that the intention was to encourage brand owners to register, rather than cybersquatters.

“Cybersquatting has a negative effect on our business and we would never take any action to encourage cybersquatting,” he reportedly said.

Read the WTR article here.

.xyz tops 500,000 names

Kevin Murphy, September 16, 2014, Domain Registries

XYZ.com’s new gTLD .xyz has become the first in this round to accrue over half a million domains in its zone file.

This morning I count 500,050 domains in the zone, up 3,485 on yesterday.

The registry has added over 60,000 domains in the last 30 days.

It’s well-known that the large majority of .xyz names have been given away for free, largely without the registrants’ explicit consent, so it’s not a great measure of demand.

Still, it’s a milestone of sorts.

Some percentage of .xyz’s registrants will renew for a fee next year, so the larger its installed base, the larger the number of paid-for domains the registry could wind up with.