Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
At ICANN, you can have any registrar you want, as long as it begins with A
Want to find a registrar based in your home country, or in a friendlier foreign jurisdiction? Don’t rely on ICANN to help.
A recent outcome of the Org’s information transparency car crash is a registrar search engine that only returns filtered results where the registrar’s name begins with the letter A.
The search engine allows users to search for registrars by name, IANA number or the country/territory where the registrar is based. Results can also be filtered alphabetically.
But it’s broken.
If you’re looking for a local registrar, or an overseas registrar, perhaps because you’re concerned about the legal jurisdiction of the company before you register a domain, you might expect the handy drop-down countries menu to bear fruit.
Say you’re looking for an Irish registrar. You select “Ireland” from the drop-down:
And the results come back:
Oh. According to these results, there are no ICANN-accredited registrars based in Ireland.
But I notice the letter A is highlighted. Perhaps it’s only showing me the registrars beginning with A.
Are there any Irish registrars beginning with B? I’m sure I’ve heard of one, but the name escapes me. I click B:
Oh. It’s showing me registrars beginning with B, but they’re not all Irish. The search engine has cleared my original filter.
With B still selected, I filter again by country, and now I’m looking at an empty result set again. There are no Irish registrars beginning with A, ICANN is telling me again.
There also doesn’t appear to be a way to filter for registrars that begin with numerals or special symbols, so the likes of 123reg and 101domain appear to be fresh out of luck.
This search engine appears to have been live for about a year, replacing the old flat list, which appears to have been deleted, because that’s how ICANN rolls nowadays.
I don’t know whether it’s been broken the whole time it’s been live, nor whether ICANN knows it’s broken.
Perhaps nobody uses it. It does appear to be the only way to find accredited registrars by country on the ICANN or IANA web sites.
UPDATE Feb 4, 2022: within approximately seven hours, one of the major bugs reported in this post had been fixed. That’s what I call tech support!
Turkish registrar on the naughty step over abuse
ICANN has issued a public contract breach notice to a Turkish registrar over claims it’s not adequately responding to abuse reports.
Atak Teknoloji showed a “failure to take reasonable and prompt steps to investigate and respond appropriately to reports of abuse” and did not provide ICANN with evidence it responds to abuse reports, ICANN said.
These are violations of the Registrar Accreditation Agreement, the breach notice says.
The registrar is also not offering a port 43 Whois service as required by the RAA, ICANN claims.
Atak isn’t small. It has about 175,000 domains under management in gTLDs, according to registry reports.
It has until February 18 to come into compliance or risk suspension, and has already supplied ICANN with documentation that is now under review.
“We fell short” — Tucows says sorry for Enom downtime
Tucows has apologized to thousands of Enom customers who suffered days of downtime after a planned data center migration went badly wrong.
Showing true Canadian humility, the registrar posted the following statement this evening:
Beginning Saturday, January 15, 2022, Enom experienced a series of complications with a planned data center migration that caused significant disruptions for a subset of our customers.
We sincerely apologize to all of those impacted. We pride ourselves on being a reliable domain registration platform, and this weekend we fell short. We are committed to regaining your trust and to serving you better.
A full internal audit is underway and an incident report is forthcoming. This will include a summary of events and scope, learnings, and policy and process changes to mitigate future issues.
We reported on the downtime on Monday, as some customers were entering their third day of non-resolving DNS, which led to broken web sites and email.
At the time, Enom was saying it was tracking a “few hundred” affected domains. As customers suspected, that turned out to be a huge underestimate. The true number was closer to 350,000 domains, Tucows is now saying.
The company had been warning its customers about the planned maintenance for weeks, but it did not anticipate a “a bug in the new DNS provisioning system” that stopped customers’ domains resolving.
The migration started Saturday January 15 at 1400 UTC and was expected to last 12 hours. In the end, the DNS issue was not fully fixed until Monday January 17 at about 1845 UTC.
BMW porn site leads to registrar getting suspended
A Hong Kong registrar has had its ICANN contract suspended after failing to transfer a cybersquatted domain to car maker BMW.
ThreadAgent.com, which has about 32,000 .com and .net domains under management, attracted the attention of ICANN compliance after a customer lost a UDRP case concerning the domain bmwgroup-identity.net.
The domain led to a site filled with porn and gambling content, and the UDRP was a slam-dunk win for BMW.
But ThreadAgent failed to transfer the domain to BMW within the 10 days required by ICANN policy, leading to Compliance reviewing the registrar for other areas of non-compliance.
A December 22 breach notice led to the registrar transferring the domain to BMW last week, but it had failed to resolve the other issues ICANN had identified, leading to a suspension notice the very next day.
ICANN wants ThreadAgent to explain why the UDRP was not processed according to the policy, and how it will be compliant in futre. It also says the company is not operating a web Whois service as required.
ICANN has told the company it will not be able to sell gTLD domains or accept inbound transfers between January 28 and April 28, and must display a notice to that effect prominently on its web site.
That second requirement may prove complicated, as ThreadAgent appears to be one of about 20 registrar accreditations belonging to XZ.com, a Chinese group based in Xiamen. It has not used the domain threadagent.com in several years, and its other accreditations, which use the same storefront, are all still unsuspended.
Nightmare downtime weekend for some eNom and Google customers
Some eNom customers have experienced almost two days of downtime after a planned data center migration went titsup, leading to DNS failures hitting what users suspect must have been thousands of domains.
Social media has been filled with posts from customers complaining that their DNS was offline, meaning their web sites and email have been down. Some have complained of losing money to the downtime.
Affected domains include some registered directly with eNom, as well as some registered via resellers including Google Workspace.
The issue appears to have been caused by a scheduled data center migration, which was due to begin 1400 UTC on Saturday and last for 12 hours.
The Tucows-owned registrar said that during that time both reseller hub enom.com and retail site enomcentral.com would be unavailable. While this meant users would be unable to manage their domains, DNS was expected to resolve normally.
But before long, customers started reporting resolution problems, leading eNom to post:
We are receiving some reports of domains using our nameservers which are failing to resolve. Owing to the migration we are unable to research and fully address the issue until the migration is complete. This is not an expected outcome from the migration, and we are working to address it as a priority.
The maintenance window was then extended several times, by three to six hours each time, as eNom engineers struggled to fix problems caused by the migration. eNom posted several times on its status page:
The unexpected extension to the maintenance window was due to data migration delays. We also discovered resolution problems that impact a few hundred domains
eNom continued to post updates until it finally declared the crisis over at 0800 UTC this morning, meaning the total period of downtime was closer to 42 hours than the originally planned 12.
A great many posts on social media expressed frustration and anger with the outage, with some saying they were losing money and reputation and others promising to take their business elsewhere.
Help, it's Monday morning in the UK, I have a team who need to work. I have customers who want to place orders. I have a new partnership in progress which will be ruined at this rate. Please please let us know what is happening. #enom #enomdown @enomsupport
— Karen Burns (@cooper_karen) January 17, 2022
@enom @enomsupport What on the world is going on? Every 3 hours we get another boilerplate message saying “another 3 hours” This is completely unacceptable. How are you going to fix this and how are you going to make people whose work sites have been down all weekend whole?
— Andrew Pershing (@Sci_Officer) January 16, 2022
I almost have begrudging respect for how badly @enom has fucked the pooch with their migration. Blowing up your service so badly that your customers can’t even take their business elsewhere is some galaxy brain shit.
— Keith (@FilthySpecs) January 16, 2022
Same. I'm in a group with 6 other bloggers who also have the same DNS issue. Our sites have been down since yesterday. We're losing ad income & have readers who can't access the information they need.
— Elaina Newton (@TheRisingSpoon) January 16, 2022
Some said that they continued to experience problems after eNom had declared the maintenance over.
@enom your service status website states incorrect status for Google services? My email is still down!!! Also, getting error when logging in to enom domain management console!
— Tomislav Pavosevic (@tompavosevic) January 17, 2022
eNom primarily sells through its large reseller channel, so some customers were left having to explain the downtime in turn to their own clients. Google Workspace is one such reseller that acknowledged the problems on its Twitter feed.
Some customers questioned whether the problem really was just limited to just a few hundred domains, and eNom seemed to acknowledge that the actual number may have been higher.
Looks like one of the most severe internet outages I've seen in years is underway and has not hit MSM yet! @enom, "largest wholesaler of Internet domains" has screwed up a migration and taken possibly up to 2M domains offline.
Certainly my measly 100+ are dead.
See @enomsupport— 😷Andy Stringer (@AndyStringer) January 17, 2022
At this point, we have been able to track a few hundred. If you have domains that are affected we encourage you to reach out to help@enom.com with the domain(s) in question.
— enomsupport (@enomsupport) January 16, 2022
I’m in contact with Tucows, eNom’s owner, and will provide an update when any additional information becomes available.
CentralNic makes another registrar acquisition
CentralNic said today it has bought another registrar, Chile-based NameAction, in a $1 million deal.
NameAction has been around since the late 1990s and specializes in ccTLDs in the Latin American region, including offering local presence services for foreign registrants.
It sells gTLD domains too, acting primarily in the brand protection space, but does not appear to be ICANN-accredited in its own right.
CentralNic said the deal will immediately add $2 million to its top line and $200,000 to profits.
CEO Ben Crawford said in a press release that the deal is small but of strategic importance, giving the company a beachhead from which to expand into Latin America.
It’s the fourth acquisition announcement from CentralNic, which describes itself as an industry consolidator, this year.
GoDaddy hack exposed a million customer passwords
GoDaddy’s systems got hacked recently, exposing up to 1.2 million customer emails and passwords.
The attack started on September 6 and targeted Managed WordPress users, the company’s chief information security officer Demetrius Comes disclosed in a blog post and regulatory filing this week.
The compromised data included email addresses and customer numbers, the original WordPress admin password, the FTP and database user names and passwords, and some SSL private keys.
In cases where the compromised passwords were still in use, the company said it has reset those passwords and informed its customers. The breached SSL certs are being replaced.
GoDaddy discovered the hack November 17 and disclosed it November 22.
It sounds rather like the attack may have been a result of a phishing attack against a GoDaddy employee. The company said the attacker used a “compromised password” to infiltrate its WordPress provisioning system.
Comes wrote in his blog post:
We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection
You may recall that GoDaddy came under fire last December for punking its employees with a fake email promising an end-of-year bonus, which turned out to be an “insensitive” component of an anti-phishing training program.
About 500 staff reportedly failed the test.
GoDaddy says it turned around Neustar, and .biz numbers seem to confirm that
GoDaddy is pleased with how its new registry division is doing, with CEO Aman Bhutani claiming last night that it’s managed to turn around the fortunes of Neustar, which became part of GoDaddy Registry a year ago.
Reporting a strong third quarter of domains revenue growth, Bhutani highlighted the secondary market and the registry as drivers. In prepared remarks, he said:
On Registry, we are continuing to prove our ability to acquire, integrate, and accelerate. A great example is the cohort performance within GoDaddy Registry. When we acquired Neustar’s registry assets in Q3 last year, its new cohorts were shrinking, with new unit registrations down 4% year over year. We are now one year into the acquisition, and we’re pleased to report that within that first year, we have been able to accelerate new business significantly. We are now seeing new unit registrations increase nearly 20% year over year — all organically.
If you’re wondering what a “cohort” is, it appears to refer to GoDaddy’s way of, for analysis purposes, slicing up its customers, how much they spend and how profitable they are, into tranches according to the years in which they became customers.
So GoDaddy’s saying here that Neustar’s number of new customers was going down, and it was selling 4% fewer new domains, at the time of the acquisition last year, but that that trend has now been reversed, with new regs up 20%.
The numbers are not really possible to verify. Neustar’s main three TLDs for volume purposes were .us, .co and .biz, and of those only .biz is contractually obliged to publish its zone file and registry numbers.
But look at .biz!
That’s .biz’s daily zone file numbers for the last two years, with the August 2020 acquisition highlighted by a subtle arrow. It’s only added about 50,000 net names since the deal, but it’s reversing an otherwise negative trend.
Monthly transaction reports show .biz had been on a general downward, if spiky, line since its early 2014 peak of 2.7 million names. It’s now at about 1.4 million.
When asked how the company achieved such a feat, Bhutani credited “execution” and left it at that. Perhaps this means something to financial analysts.
When asked by an analyst whether GoDaddy was giving its own TLDs preferential treatment, promoting its owned strings on the registrar in order to better compete with .com at the registry, Bhutani denied such frowned-upon behavior:
We don’t do that. All TLDs work on our registrar side in terms of their merit. It’s about value to the customer — whatever works best irrespective of whether we own the registry side or not. That’s what we’ll sell in front of the customer.
The company reported domains revenue up 17% at $453.2 million for the third quarter, with overall revenue up 14% at $964 million compared to year-ago numbers. Net income was up to $97.7 million from $65.1 million a year ago.
GoDaddy expects domains revenue to grow in the low double digits percent-wise in the current quarter.
Donuts shuts down 14 registrars, but it’s “not related to DropZone”
Donut has let 14 of its shell registrar accreditations expire, but told DI it’s not related to its recently approve drop-catching service, DropZone.
ICANN records show that the companies, with names such as Name118 Inc and Name104 Inc, all basically mini-clones of Name.com, recently had their registrar contracts terminated.
This kind of thing happens fairly regularly with companies resizing the networks they use for catching dropping domains. Donuts still has at least half a dozen active accreditations, records show.
But the move comes just weeks after ICANN approved a controversial new Donuts service called DropZone, which would see dropping domains across Donuts’ portfolio of 250+ gTLDs being handled by a dedicated parallel registry.
DropZone would reduce the need for owning vast numbers of shell accreditations in order to effectively drop-catch, but has faced criticism from rival DropCatch because a) Donuts may charge registrars for access and b) claims that Donuts-owned registrars would have an advantage.
But Donuts says the two things are unrelated. Name.com senior product marketing manager Ethan Conley said in an email:
We did recently let 14 ICANN registrar accreditations expire. These accreditations had become an administrative headache and a point of confusion for customers. This decision was not related to DropZone, and the domain drop business has not been a core focus of Name.com for quite some time.
It’s worth noting that cancelling registrar accreditations would also have an affect on the ability to catch names in other, unaffiliated gTLDs, including .com.
Most registrars did NOT “fail” abuse audit, ICANN says
Most registrars did not “fail” a recent abuse audit, despite what I wrote in my original coverage, according to ICANN.
“Referring to a certain blog, none of the registrars failed the audit,” ICANN senior audit manager Yan Agranonik said during a session of ICANN 72’s Prep Week last night.
He’s talking about ME! He’s talking about ME!
“Failure would mean that there’s an irreparable finding of deficiency that can not be corrected timely or it just goes against the registrar’s business model,” Agranonik said.
An accompanying presentation reads:
None of the registrars “failed” the audit. “Failure” means that the auditee did not acknowledge/remediate identified violations of the RAA or their business practices are not compatible with RAA.
At the risk of prolonging a tedious semantic debate, what I reported in August, when the results of the audit were announced, was: “The large majority of accredited registrars failed an abuse-related audit at the first pass, according to ICANN.”
A bunch of registrar employees, and now apparently ICANN’s own head auditor, disagreed with my characterization.
ICANN had issued a press release stating that of 126 audited registrars, it had identified 111 “that were not fully compliant with the RAA’s requirements related to the receiving and handling of DNS abuse reports.”
To me, if ICANN checks whether you’re doing a thing you should be doing and you’re not doing the thing, that’s a fail.
But to ICANN, if ICANN checks whether you’re doing a thing you should be doing and you’re not doing the thing, and it tells you you’re not doing the thing you should be doing, so you start doing the thing, that’s not a fail.
I think reasonable people could disagree on the definitions here.
But I did write that the registrars “failed… according to ICANN”, and that appears to be inaccurate, so I’m happy to correct the record today.
Recent Comments