Lockdown bump sees GoDaddy double customer gains in 2020

GoDaddy almost doubled its rate of customer acquisition in 2020, compared to 2019, as pandemic-related lockdown measures pushed more small businesses online.

The company last week reported that it added 1.4 million customers last year, a 7% year-on-year growth but almost double the number it added the previous year.

It ended the year with 20.6 million customers, up from 19.3 million 12 months prior.

Recognizing that coronavirus restrictions in various parts of the world were increasing demand for domains, hosting and related services, the market-leading registrar upped its marketing spend to make sure it captured as many customers as possible.

It spent $438.5 million on marketing last year, up from $345.6 million in 2019.

Its full-year revenue from domains grew from $1.35 billion to $1,51 billion. Including its other segments, company revenue was up to $3.31 billion from $2.98 billion, an 11% increase.

Domains revenue for the fourth quarter was $402.2 million, up 14.2% on Q4 2019. Total revenue for the quarter was $873.9 million, up 12.0%.

Registrar giant created as Web.com merged with Endurance

Clearlake Capital Group, which has taken Endurance International private and recently took a big stake in Web.com, has merged the two registrar stables to create a new company it’s calling Newfold Digital.

By my reckoning, Newfold has probably become the second-largest registrar group by domains under management, with around 16.5 million gTLD names across just its best-known half-dozen brands, leapfrogging Namecheap and Tucows in the registrar league table.

That number’s probably a big understatement. It doesn’t capture ccTLDs and does not take into account that the company now has hundreds of active ICANN accredited registrars, largely due to Web.com’s drop-catching business.

Its best-known registrar brands are Register.com, Network Solutions, Domain.com, BuyDomains, BigRock, PublicDomainRegistry and CrazyDomains. Its BlueHost and HostGator brands are both pretty big deals in web hosting.

Clearlake says Newfold has 6.7 million customers worldwide.

The privatization of Endurance, which sees it delisted from the Nasdaq stock exchange, was announced in November and cost Clearlake $3 billion. The value of its Web.com stake, which it acquired last month, was not disclosed.

Siris Capital, which bought Web.com in 2018, continues to have a stake.

Newfold will be led by two Web.com execs — CEO Sharon Rowlands and CFO Christina Clohecy.

The deal follows Web.com’s unsuccessful attempt to buy Webcentral last year.

There’s no word on (presumably inevitable) layoffs as the two companies come together.

One year on, Namecheap still fighting aborted .org takeover and may target GoDaddy and Donuts next

Even though Ethos Capital’s proposed takeover of Public Interest Registry was rejected last May, registrar Namecheap is still doggedly pursuing legal action against ICANN’s handling of the deal, regardless.

The Independent Review Process complaint filed last February is still active, with Namecheap currently fighting a recent ICANN motion to dismiss the case.

The company is also demanding access to information about GoDaddy’s acquisition of Neustar and Donuts’ acquisition of Afilias, and is threatening to file separate actions related to both those deals.

Namecheap has essentially two beefs with ICANN. First, that it should not have lifted price caps in its .org, .biz and .info registry contracts. Second, that its review of Ethos’ bid for PIR lacked the required level of transparency.

ICANN’s trying to get the IRP complaint thrown out on two fairly simple grounds. First, that Namecheap lacks standing because it’s failed to show a lack of price caps have harmed it. Second, that it rejected the PIR acquisition, so Namecheap’s claims are moot.

In its motion to dismiss (pdf), its lawyers wrote:

Namecheap’s entire theory of harm, however, is predicated on the risk of speculative future harm. In fact, nearly every explanation of Namecheap’s purported harm includes the words “may” or “potential.” Namecheap has not identified a single actual, concrete harm it has suffered.

…

Namecheap’s claims related to the Change of Control Request should be dismissed because ICANN’s decision not to consent to the request renders these claims moot
and, separately, Namecheap cannot demonstrate any harm resulting from this decision.

In December, Namecheap had submitted as evidence two analyses of its business prospects in the event of registry price increases, one compiled by its own staff, the other prepared by a pair of outside expert economists.

While neither shows Namecheap has suffered any directly quantifiable harm, such as a loss of revenue or customers, Namecheap argues that that doesn’t matter and that the likelihood of future harm is in fact a current harm.

A mere expectation of an increase in registry prices is sufficient to show harm. This is because such expectation reduces Namecheap’s expected profits and its net present value.

It further argues that if Namecheap was found to not have standing, it would give ICANN the ability to evade future IRP accountability by simply adding a 12-month delay to the implementation of controversial decisions, pushing potential complainants outside the window in which they’re able to file for IRP.

On the PIR change of control requests, Namecheap says it’s irrelevant that ICANN ultimately blocked the Ethos acquisition. The real problem is that ICANN failed in its transparency requirements related to the deal, the company claims.

The fact that ICANN withheld its consent is no excuse for refusing to provide full transparency with respect to the actions surrounding the proposed acquisition and ICANN’s approval process. Namecheap’s claims relate to the non-transparent process; not the outcomes of such process. Irrespective of the outcome, lack of transparency increases the level of systemic risk in Namecheap’s business environment.

…

How did ICANN come to its decision? Was an imminent request for a change of control known to ICANN, when it took the decision to remove the price control provisions? What was discussed in over 30 hours of secret meetings between ICANN org and the Board? What discussions took place between ICANN, PIR and other entities involved? All these questions remain unanswered

Namecheap refers to two incidents last year in which ICANN hid its deliberations about industry acquisitions by conducting off-the-books board discussions.

The first related to the PIR deal. I called out ICANN for avoiding its obligation to provide board meeting minutes in a post last May.

The second relates to the board’s consideration of Donuts’ proposed (and ultimately approved) acquisition of Afilias last December. Again, ICANN’s board discussed the deal secretly prior to its official, minuted December 17 meeting, thereby avoiding its transparency requirements.

In my opinion, this kind of bullshit has to stop.

Namecheap is also now threatening to bring the Afilias deal and GoDaddy’s acquisition of Neustar’s registry business last April into the current IRP, or to file separate complaints related to them, writing in its response to ICANN’s motion (pdf):

Namecheap seeks leave to have ICANN’s actions and inactions regarding its consideration of the Neustar and Afilias changes of control reviewed by this IRP Panel. If, per impossibile such leave is not granted, Namecheap reserves all rights to initiate separate proceedings on these issues.

The deals are similar because both involve the change of control of legacy gTLD contractors with millions of domains under management that have recently had their price caps lifted — Afilias ran .info and Neustar ran .biz.

Webcentral to change its branding yet again after tricky takeover

Pioneering Aussie registrar Webcentral is to undergo yet another rebranding under its new ownership.

The company said last week that its new strategy “will include the transition to a single brand, with a standardised set of core products”.

It also plans to bring its customer support back to Australia. It is currently outsourced overseas.

Its current brands include Melbourne IT, Netregistry, WME and Domainz. There’s no word on which of these, if any, will survive.

The company was founded as Melbourne IT and became one of the first half-dozen registrars accredited by ICANN over two decades ago.

It rebranded as Arq Group in 2018 after a series of acquisitions, and then again to Webcentral Group last year after a series of divestitures.

Late last year, it became majority-owned by a company called 5G Networks, beating a rival offer from Web.com.

That takeover is currently subject to protests to government regulators by shareholder Keybridge Capital, which believes the 5G takeover was coerced.

Time is running out for Net4 as ICANN questions Indian court ruling

Struggling registrar Net 4 India has been hit with an unprecedented fourth concurrent breach-of-contract notice by ICANN, but an Indian court has ruled that ICANN should NOT terminate its accreditation.

It also turns out that Public Interest Registry wants to terminate its Registry-Registrar Agreement with Net4, after it failed to deposit about $22,000 in its account to cover renewal fees, putting 1,644 .org domains at risk.

The latest ICANN breach notice is much the same as the two delivered in December, both of which suggest that Net4 has been transferring its customers’ domains to a partner registrar, OpenProvider, without the registrants’ knowledge or consent.

They further suggest that Net4 has not enabled its customers to renew their domains or reclaim them after they’ve expired, and claim that the company has consistently refused to hand over records proving that its disputed transfers were legit.

Net4 also owes ICANN thousands in past due fees.

The company has been in quasi-judicial insolvency proceedings since 2017 over $28 million in unpaid bank loans that were acquired by a debt recovery agency called Edelweiss; its first breach notice came two years later when ICANN first learned of the case.

For some reason, ICANN did not terminate or suspend Net4’s contract back then.

With hindsight, this may have proven a bad move — during India’s first coronavirus lockdown last year, hundreds of Net4 customers started complaining about lost domains and non-existent customer service.

It was not until December last year that these complaints were escalated to the level of formal breach notices, and more threats to terminate its Registrar Accreditation Agreement.

Net4, in response, asked its insolvency court for a ruling preventing ICANN and PIR from terminating their respective agreements. It reckons it can get is house in order in the next five or six weeks.

ICANN presented what appears to be a wealth of evidence of the company’s misconduct and argued that the court has no jurisdiction over ICANN anyway, because the RAA is governed by California law and ICANN has no presence in India.

Nevertheless, the National Company Law Tribunal in New Delhi has ruled, in a virtually impenetrable word soup of a document (pdf) that reads like it was vomited up by a Victorian-era college freshman who’d just rolled up and smoked an entire legal dictionary, that ICANN and PIR should not “terminate these agreements at least until three months from hereof”.

That would stay Net4’s executive until April 25. The latest ICANN breach notice gives the company until February 19 to come back into compliance, though technically there’s nothing stopping it starting termination proceedings today based on past notices.

The orders given to ICANN and PIR are more “requests”, due to the fact that the court couldn’t decide whether its words had any jurisdictional power over either.

Rather hilariously, ICANN said in a press release late Friday:

When a registrar fails to allow registrants to renew, transfer, and manage their domain names, ICANN will not hesitate to take whatever actions are necessary, up to and including termination of the registrar, to protect registrants’ rights and interests.

These are words that ring hollow, given that it’s allowed Net4 to slide three times already and has been hesitating since June 2019.

153 registrars fingered for ICANN security probe

Registrars will be asked to account for abusive domain names found on their services, under a new ICANN security audit.

ICANN says it will soon send requests for information to 153 registrars, asking them to provide documentation showing how they dealt with domains used for distribution of malware or spam.

Registrars will get audited if more than five domains under their sponsorship showed up on a number of block-lists ICANN uses (SpamHaus and the like) during November 2020.

ICANN is spinning the number of affected registrars as a very small percentage of the accredited base, but it really isn’t.

It said that “only” 153 out of 2,380 accredited registrars are affected, apparently willfully ignoring the fact that well over 1,700 of these registrars are shell accreditations used for drop-catching and belonging to just two companies: Web.com and NameBright.

Domains never stick around at drop-catch shells for long, and abusive registrants typically aren’t buying expensive names on the aftermarket, they’re prowling the budget registrars for sub-dollar bargains and bulk-reg tools.

Up to a couple hundred or other accredited registrars have no or negligible domains under management. Several more are corporate registrars with no retail front-end.

So we’re really looking at “only” 153 out of 500 to 600 active retail registrars that saw the required level of abuse, a much higher percentage than would be ideal.

The audit is part of ICANN’s regular Contractual Compliance Audit Program, which seeks to determine whether any registrars or registries are in breach of their contractual obligations.

Under the 2013 Registrar Accreditation Agreement, registrars are obliged to document their responses to abuse reports, keep the data for two years, and hand it over to ICANN on demand.

ICANN hopes to finish the audit by the third quarter this year.

Gun nut site crashes at Epik after GoDaddy shoots it down

A site for American gun enthusiasts has switched registrars, moving its domain to Epik — apparently with the consent of CEO Rob Monster — after GoDaddy turfed it out for allegedly inciting violence.

According to a GoDaddy statement at the weekend, the registrar had received complaints about content on AR15.com — that’s the name of a gun popular with spree killers — and determined it “incited violence”.

It informed the domain’s owner the same day, January 8, two days after the Capitol Hill riots, giving him 24 hours to remove the offending content.

It’s not clear what the content in question was, but given the timing and the fact that the site is a scarily popular forum with largely user-generated content, it’s not difficult to imagine.

AR15.com’s owner, identified in a video as GoatBoy, claims that by the time he received the email from GoDaddy, the forum’s moderators had already removed the posts on the grounds that the site also has a policy against incitement to violence.

But GoDaddy disagrees, saying the content could still be found after its supposed removal. It took down the domain on January 11. It said in a statement:

We do not take action on complaints that would constitute censorship of content that represents the exercise of freedom of speech and expression on the Internet. In instances where a site goes beyond the mere exercise of these freedoms, however, and crosses over to promoting, encouraging, or otherwise engaging in violence, as was the case with AR15.com, we will take action.

The AR15.com domain is now hosted by Epik, which has in recent years made a name for itself as a refuge for sites frequented by those with far-right views, such as 8chan, Gab and Parler.

GoatBoy says in the video embedded below: “I had the privilege of speaking with some of the guys on the executive staff, including the owner of Epik. Their views really align well with ours. They’re very pro First Amendment and very pro Second Amendment.”

Net 4 India gets unwelcome Christmas gift from ICANN

Struggling Indian registrar Net 4 India has been hit by its third notice of contract breach by ICANN, in a letter delivered Christmas Eve.

Net4 is on ICANN’s naughty list this time due to its alleged violations of ICANN’s transfer and expired domains policies. The breach notice is very similar to that delivered just two weeks earlier, concerning different domains.

ICANN reckons Net4, once India’s largest independent registrar, has in some cases been transferring domains to a partner registrar, OpenProvider, without the consent or knowledge of the registrant.

It’s been asking the company for records proving compliance, which Net4 has apparently not been providing. Therein lies the alleged breach.

Net4 has been persona non grata among many of its customers for several months, with complaints about billing and renewal failures, expirations, and a general lack of customer service availability compounded by the coronavirus pandemic.

The company has also been fighting an insolvency proceeding over millions of dollars in allegedly unpaid debts for years, which has been the subject of an ICANN breach notice for about 18 months.

The Christmas Eve breach notice gives Net4 until January 14 to turn over the relevant records or possibly face termination.

But that might prove moot — the December 10 notice had a deadline of December 31, so the wheels may already be in motion.

GoDaddy’s female geeks make a bit more than men

Women working at GoDaddy in technology roles on average make a penny more on the dollar than their male counterparts, but their bosses don’t fare nearly as well, according to the company’s latest published diversity data.

The market-leading registrar said last week that on average across the company globally, women make the same amount as men in like roles, but the female techies make $1.01 for every $1.00 the men make.

But women in leadership roles make $0.95 for every dollar made by than their male counterparts, the company said.

Comparable data for 2019 was not available.

However, in its native US, GoDaddy is paying women a penny more on average across all roles, up one cent on the 2019 data.

The reverse trend was true of female employees in leadership roles in the US, where they made $0.95 on the dollar in 2020, compared to $1.02 in the previous year.

In tech, the ratio approached parity, with women getting $1.01 on the dollar, compared to $1.03 in 2019.

Women make up 30% of GoDaddy employees, 33% of leadership, but only 19% of techies, the report says. Those are all slight improvements on 2019.

GoDaddy pranks employees with “insensitive” phishing test

GoDaddy has apologized to its staff after teasing them with a $650 Christmas bonus that turned out to be nothing but a test of whether they could be duped into handing over their sensitive personal info.

Employees worldwide reportedly received emails promising the bonus December 14 from an official-looking but presumably spoofed address.

Those who clicked through and filled out a form with their personal data received a second email a few days later informing them they’d actually just failed a “phishing test” and would “need to retake the Security Awareness Social Engineering training.”

Around 500 staff reportedly failed the test.

But many were pissed off that the company would dangle a bonus, only to snatch it away, just a week before Christmas and at a time when the coronavirus pandemic has caused many to fear for their livelihoods.

While GoDaddy rode out the pandemic just fine, it laid off hundreds, regardless.

After the prank last week attracted media attention, the company apologized to its employees, saying in a statement sent to the AFP:

GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologised. While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees.

I sincerely hope nobody spent their illusory $650 in the days before the test was revealed.