Recent Posts
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
- $2 million Christmas bonus for ICANN
- Another VW car dot-brand crashes out
- Largest back-end switch EVER as GoDaddy loses deal
- Yeah, we got phished, ICANN admits after crypto hack
- ICANN hacked to promote crypto scam
- Super Bowl a bit of a dud for .com?
- More gloom predicted for .com
- These are the .gov domains Trump has deleted so far
- Did Trump just create the world’s next ccTLD?
Sales and profits dip at Team Internet
Having been one of the industry’s notable growth stories over the last decade, Team Internet saw its revenue and profit go down in 2024, according to its latest earnings report.
The company is also predicting a miserable 2025 as it tries to work around Google’s decision to turn off advertising on parked domains by default for its customers, a key source of Team Internet’s revenue.
Revenue was down 4.1% to $802.8 million, the company said, and adjusted EBITDA was down 4.7% to $91.9 million.
The domains part of its business seemed to fare better than its search unit, recording revenue up 7.4% at $202.7 million. But this division also includes some non-domains software businesses, so we can’t really break its performance out any more granularly.
Team Internet said the current analyst consensus for adjusted EBITDA this year is between $60 million and $62 million, a huge drop on 2024, with double-digit growth returning next year.
CEO Michael Riedl said in a statement: “The Search segment’s difficult reset in 2025 in response to recent market developments is the acceleration of a long-anticipated pivot, not, the board believes, a permanent setback.”
He also seemed to confirm that the company will rely on AI-generated content to populate its domains, enabling it to use Google’s contextual advertising.
Four deadbeat registrars get terminated
ICANN has terminated the contracts of four registrars that haven’t paid their accreditation fees in years.
US-based Zoo Hosting, UK-based Nerd Origins, and China-based Mixun and Mixun Network Technology have all been canned, following public breach notices in January.
Judging by the termination notices, the registrars all stopped paying their quarterly fees between 2022 and early 2024. None of them had implemented recent ICANN policies such as RDAP adoption, the notices added.
It’s not a huge problem, as none of the four companies had ever sold a single gTLD domain name, so there are no customers to be affected.
Tucows quits ICANN’s Whois disclosure pilot
Tucows has dramatically dropped out of ICANN’s Registration Data Request Service pilot.
The company said that RDRS provides a poor user experience that harms user privacy and causes ICANN to produce misleading usage statistics that show an artificially high request denial rate.
RDRS is a bit more than half way through a two-year pilot designed to gather data that will help ICANN decide whether to deploy a more permanent and probably more expensive long-term solution.
The service is essentially a clearinghouse that connects people who want to request private Whois data with the registrars that manage domains of interest.
Tucows said in a blog post:
Given that the RDRS Standing Committee has enough data to complete its report, as well as the customer experience challenges and data privacy concerns we’ve outlined above, Tucows Domains has decided to end our participation in the RDRS.
The move makes Tucows the highest-profile registrar to pull out of the service to date. Across its various brands (such as Ascio, Enom, EPAG, and OpenSRS) it has around 10 million domains under management.
As of the end of January, RDRS had 94 registrars on board, covering 60% of all registered gTLD domains.
Tucows said it will continue to offer its TACO service, which also allows entities such as intellectual property interests to request private Whois data but charges requesters at least $3,000 a year, which it calls a “cost recovery fee”.
The TACO fee can be waived for “single-use and non-commercial requestors”, Tucows noted. It has updated its terms accordingly.
LA wildfire victims get domain deletes delay
Victims of the recent wildfires in the Los Angeles area have been offered special relief from renewing their expiring domains, according to an ICANN note to registrars.
Registrars were told last week that they “will be permitted to temporarily forebear from canceling domain registrations that are unable to be renewed because of the impact of the fires in Los Angeles, California, on domain name registrants.”
The LA fires reportedly destroyed or damaged 18,000 buildings, killed 29 people, and turned 200,000 into evacuees.
The Registrar Accreditation Agreement gives ICANN the discretion to allow its registrars to keep domains alive beyond their usual lifespan due to “extenuating circumstances”.
That’s been taken to mean natural disasters including hurricanes Maria, Helene and Milton, the earthquakes in Türkiye and Syria in 2023, the Covid-19 pandemic, as well as the Russian invasion of Ukraine.
The idea is to help victims of disasters keep their domains — and therefore often their livelihoods — after the usual renewal date if their credit cards are buried under a pile of rubble and they have more important things on their minds.
Los Angeles is the home of ICANN’s corporate headquarters.
Registrar terminated after ignoring Whois transition
A registrar has lost its right to sell gTLD domains in part due to its failure to migrate from Whois to RDAP.
Spain-based Abansys & Hostytec has had its ICANN registrar contract terminated over a litany of alleged breaches dating back to 2023, and its meager collection of domains will now be given to another registrar.
ICANN said in its termination notice that the company had failed to implement the Registration Data Access Protocol, the successor to Whois that this week became the new industry standard for domain ownership lookups.
The registrar was also past due on its fees, hadn’t given ICANN evidence the was still in good standing, hadn’t had an employee attend compliance training and was not publishing masked contact addresses in Whois results, among other things.
While its accreditation dates back to the noughties, Abansys has never had more than 600 gTLD domains under management and it seems very unlikely that it was making enough money from those domains to cover the cost of compliance.
ICANN said the termination became effective January 26, but it still wants its past-due fees paid.
Separately, Compliance has also sent breach notices to four other registrars — US-based Zoo Hosting, UK-based Nerd Origins, and China-based Mixun and Mixun Network Technology — that cite RDAP failures as an area of non-compliance but appear to be primarily based on non-payment of fees.
All four registrars appear to have got accredited between 2019 and 2021 and stopped paying their fees not long afterwards. None of them has sold a single gTLD domain, ever, and two of their web sites suggest the companies are no longer around.
They’ve all got until February 12 to magically rectify their compliance problems or face execution.
GoDaddy ordered to stop lying about crappy security
GoDaddy has agreed to roll out some pretty basic security measures and has been told to stop lying about how secure its hosting is, under an agreement with US regulators.
It turns out that the company, while claiming that security “was at the core of everything we do”, was failing to do some pretty basic stuff like installing software patches, retiring end-of-life servers, or securing internet-facing APIs.
Its settlement with the Federal Trade Commission finds that GoDaddy engaged in “false or misleading” advertising and orders that it “must not misrepresent in any manner” its security profile in future.
The FTC complaint (pdf), filed in 2023 after reports of mass hacking incidents, states:
Despite its representations, GoDaddy was blind to vulnerabilities and threats in its hosting environment. Since 2018, GoDaddy has violated Section 5 of the FTC Act by failing to implement standard security tools and practices to protect the environment where it hosts customers’ websites and data, and to monitor it for security threats.
The complaint says that GoDaddy had a slack patching regime that was left up to individual product teams to execute, with no centralized management.
This meant thousands of boxes in its Shared Hosting environment were subject to critical vulnerabilities that allowed bad guys to get in and steal data such as user credentials and credit card info for months.
The complaint also describes a custom internet-facing API designed to enable customer support staff to access details about managed WordPress users, such as login credentials.
This API was apparently open to the internet, unfirewalled, used plaintext for credentials, and had no multi-factor authentication in place, again enabling hackers to steal data.
One or more “threat actors” abused this lax security to pwn tens of thousands of servers between October 2019 and December 2022, according to the complaint.
The settlement (pdf), in which GoDaddy does not admit or deny any wrongdoing, does not come with an associated fine.
Instead, GoDaddy has agreed to a fairly extensive list of requirements designed to increase the security of its hosting services.
Antisemitic remarks cost registrar dearly
A domain registrar based in Jordan appears to have lost about a third of its gTLD domains under management after ICANN slammed it for its founder’s televised antisemitic comments.
Talal Abu Ghazaleh Intellectual Property, which goes by the name AGIP, saw a huge decline in DUM in February, a month after ICANN’s then-CEO described Talal Abu-Ghazaleh’s remarks on Jordanian TV as “beyond offensive or objectionable”.
Abu-Ghazaleh had deployed some pretty clear-cut antisemitic tropes and seemed to try to justify the Holocaust in a news interview related to the war in Gaza, causing outrage from at least one Jewish ICANN community member.
After Costerton’s published chastisement, AGIP’s DUM fell from 1,371 to 930 over the space of a month. It was the first substantial decline on record, with its DUM having been on a fairly steady but slow upward trajectory.
In August, the last month for which we have records, its gTLD DUM had gone down to 695, about half its peak.
AGIP is a boutique intellectual property management registrar, likely with higher margins than your typical domain retailer. A decline of a few hundred domains could represent the loss of just a few customers.
The registrar still has its ICANN accreditation. It’s also still contracted with ICANN to run an instance of the L-root DNS root server in Amman, despite a call for it to lose that deal.
But, as Domain Name Wire noted on Friday, it’s no longer listed as providing UDRP services for ICANN. This change seems to have occurred in mid-September, judging by Archive.org records.
ICANN says it WILL raise its domain taxes soon
Prices in all gTLDs will go up after ICANN told registries and registrars last week that it plans to increase the fees it charges them, sometimes called its “tax”, next year.
The extra fee ICANN takes from registrars for each new domain registration and renewal will increase from $0.18 to $0.20, according to an email sent from ICANN VP Russ Weinstein to registrars Thursday evening.
This fee is typically passed on explicitly and directly to registrants in their registrar’s shopping cart.
Less-visible charges on registries will also go up. The fixed quarterly fee will go from $6,250 per quarter ($25,000 per year) to $6,450 per quarter ($25,800 per year) and the per-transaction fee will go up from $0.25 per year to $0.258 per year.
The registry fee changes will take effect January 1, but the registrar fee changes will not take effect until July 1, 2025, the start of ICANN’s next fiscal year, according to ICANN.
“After more than a decade of no changes to registry-level and registrar-level fees, ICANN would like to increase the fees it charges to both parties,” Weinstein wrote.
The two cents tax increase is big in percentage terms — about 11% — while the registry fee is more in line with US inflation at 3.20%.
The fixed registrar accreditation fee is to stay the same at $4,000 per year, while the variable accreditation fee, which is divided between registrars based on their transaction volume, is going up from a total of $3.42 million to $3.8 million per year.
The increases come as ICANN struggles to fill a $10 million hole in its budget — a situation that has already led to layoffs — and some back-of-the-envelope calculations suggest the combined fee increases are designed to raise annual revenue in that ball-park.
Due to the differences between the standard Registry Agreement and Registrar Accreditation Agreement, ICANN can push through the registry fee increases fairly quickly and unilaterally, while the registrar changes have some red tape.
The two-cent tax increase will be part of ICANN’s usual budget process, which includes a public comment period and consideration by the board of directors, while the variable fee increase will be subject to a registrar vote.
Note: an early, unfinished draft of this post was inadvertently published on Friday, for which I can only apologize.
Senator says domain industry “enables” Russian disinfo attacks
An influential US senator has accused major registries and registrars including GoDaddy and Namecheap of facilitating Russian disinformation campaigns.
Senator Mark Warner, the Democrat chair of the Senate Select Committee on Intelligence, told registrars that “legislative remedies” may be required unless they “take immediate steps to address the continued abuse of your services for foreign covert influence”.
The threat came in letters sent to registrar groups Namecheap, GoDaddy, Cloudflare, NewFold Digital, NameSilo, and .com registry Verisign today.
Warner’s letters seem to have been inspired by Facebook owner Meta, perhaps the domain industry’s most prolific antagonist, and align closely with Meta’s views on issues such as cybersquatting and Whois access.
The criticisms also stem from a recent FBI seizure of 32 domains that were being use to proliferate fake news about the invasion of Ukraine and the upcoming US presidential election.
The Russian campaign, known as Doppelganger, used domains such as fox-news.in and washingtonpost.pm to trick visitor into thinking they were reading news sources they trust.
Warner tells the registrars (pdf) they have “ostensibly facilitated sustained covert influence activity by the Russian Federation and influence networks operating on its behalf”.
The main concern appears to be the lack of access to private information in Whois records. Warner’s list of industry sins includes:
withholding vital domain name registration information from good-faith researchers and digital forensic investigators, ignoring inaccurate registration information submitted by registrants, and failing to identify repeated instances of intentional and malicious domain name squatting used to impersonate legitimate organizations
Warner called for “immediate” action “to address the continued abuse of your services” as the US presidential election looms, and in its aftermath. Voters go to the polls November 5.
ICANN gunning for Tencent over abuse claims
ICANN Compliance is taking on one of the world’s largest technology companies over claims that a registrar it owns turns a blind eye to DNS abuse and phishing.
The Org has published a breach of contract notice against a Singapore registrar called Aceville Pte Ltd, which does business as DNSPod and is owned by and shares its headquarters with $86-billion-a-year Chinese tech conglomerate Tencent.
ICANN says that DNSPod essentially has turned a blind eye to recent abuse reports, allowing phishing sites to stay online long after they were reported, and makes life difficult for people trying to report abuse.
It also has failed to upgrade from the Whois protocol to RDAP and failed to migrate its registration data escrow service provider from NCC to DENIC, according to the notice.
According to ICANN, DNSPod received abuse reports about several domains in July and August but failed to take action at all or until ICANN itself got in touch to investigate. Compliance wants to know why.
ICANN adds that the registrar seems to be requiring reporters to create user accounts and use a web form to submit their reports, even after they’ve already used the abuse@ email address.
Stricter rules on DNS abuse came into force on registrars this April. They’re now required to take action on abuse reports.
“Aceville does not appear to have a process in place to promptly, comprehensively, and reasonably investigate and act on reports of DNS Abuse,” the notice reads.
ICANN has given DNSPod until October 11 to answer its questions or risk escalation.
While DNSPod says it has been around for 17 years, it only received its ICANN accreditation in 2020. Since then, it’s grown to almost 200,000 domains under management in gTLDs.
It’s primarily a DNS resolution service provider, saying it hosts over 20 million domains, and does not appear to operate as a retail registrar in the usual sense.
Owner Tencent may not be a household name in the Anglophone world, but it’s the company behind some of China’s leading social media brands, including QQ and WeChat, as well as a formidable force in gaming and one of the world’s richest companies in any sector.
It’s the second huge Chinese tech firm to find itself publicly shamed by ICANN in recent months. Compliance went after Tencent’s primary competitor, Alibaba, on similar grounds in March. Alibaba has since resolved the complaints.
Recent Comments