Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
Uniregistry changes emails after “renewal scam” complaints
Uniregistry has modified its marketing emails after customers complained they looked like fake renewal “scams”.
One customer contacted DI last week to say they were “horrified” to receive pitches for cheap SSL certificates that “read like some of the worst domain expiration scams of the past”.
The company recently started reselling Comodo’s SSL certs as part of its plan to broaden its customer base beyond its roots in the domain investor community.
But the way these certs were marketed left more than one customer with concerns. One email, which I’ve lightly redacted, read as follows:
Dear [CUSTOMER],
FINAL NOTICE – Your SSL certificate for your domain has expired. Take action and renew your certificate today through Uniregistry.
If your SSL certificate expires your website will display a warning informing customers the site is not secure.
We’ve teamed up with Comodo CA to offer our valued customers discounts up to 78% off when they renew their SSL certificate through us.
Visit https://www.comodo.com/uniregistry/ to take advantage of this offer and renew your certificate before it expires.
Domains at Risk :
[LIST OF DOMAINS]
Average validation time is less than an hour could take longer. Don’t let your certificate expire and put your business at risk. We are here to help, contact one of our SSL Specialist for more information or if you need additional support.
Thank you for choosing Uniregistry and Comodo CA
The reader said that while they have some domains with Uniregistry, their SSL certs had been bought elsewhere.
They added that the certs had not “expired” as the email claimed and said that they were not due to expire for months.
In addition, the email is quite clearly asking the customer to “renew” their cert via Uniregistry and Comodo, which should not be possible if the current cert was bought from a different Certificate Authority. It’s actually a solicitation to buy a new cert.
The scare-tactics wording is reminiscent of the old “slamming” scams carried out by Brandon Gray Internet Services, going under the moniker Domain Registry Of America and similar, until ICANN terminated its contract in 2014.
These “fake renewal” scams were delivered in the form of final-demand invoices, but were in fact solicitations to transfer domains, at a huge premium, from their current registrar to the scammer’s registrar.
A major difference between the DROA scam and Uniregistry’s marketing is that Uniregistry only contacted its existing customers. It was not spamming SSL owners at random.
Uniregistry told DI that the emails in question were part of an “A/B test” — when a company tests two emails to different sets of customers to see which one gets the best response rate — that were sent to “small number” of its customers.
Chief operating officer Kanchan Mhatre said in an email:
The initial content sent came from a previous campaign and it’s fair to say that it needed modifying to more accurately reflect what we were trying to convey. Based on the feedback received from you and other customers, we have modified the messaging and we are currently reviewing cert expiry date validation to ensure that we communicate with our customers in a timely manner.
GoDaddy and DomainTools scrap over Whois access
GoDaddy has seriously limited DomainTools’ access to its customers’ Whois records, pissing off DomainTools.
DomainTools CEO Tim Chen this week complained to DI that its access to Whois has been throttled back significantly in recent months, making it very difficult to keep its massive database of domain information up to date.
Chen said that DomainTools is currently only able to access GoDaddy’s Whois over port 43 at about 2% of the rate it had previously.
He said that this has been going on for about six months and that the market-leading registrar has been unresponsive to its requests to have previous levels restored.
“By throttling access to the data by 98% they’re defeating the ability of security practitioners to get data on GoDaddy domains,” Chen said. “It’s particularly troublesome because they [GoDaddy] are such a big part of DNS.”
“We have customers who say the quality of GoDaddy data is just degrading across the board, either through direct look-ups or in some of the DomainTools products themselves,” he said.
DomainTools customers include security professionals trying to hunt down the source of attacks and intellectual property interests trying to locate pirates and cybersquatters.
GoDaddy today confirmed to DI that it has been throttling DomainTools’ Whois access, and said that it’s part of ongoing anti-spam measures.
In recent years there’s been an increase in the amount of spam — usually related to web design, hosting, and SEO — sent to recent domain registrants using email addresses harvested from new Whois records.
GoDaddy, as the market-share leader in retail domain sales, takes a tonne of flak from customers who, unaware of standard Whois practice, think the company is selling their personal information to spammers.
This kind of Twitter exchange is fairly common on GoDaddy’s feed:
Being bombarded by web developers after purchasing domain frm @GoDaddy
I paid for that domain and u selling my personal info like anything.gotta switch frm godaddy.— Vikas Rawat (@VikasRa87555925) January 12, 2018
While GoDaddy is not saying that DomainTools is directly responsible for this kind of activity, throttling its port 43 traffic is one way the company is trying to counter the problem, VP of policy James Bladel told DI tonight.
“Companies like [DomainTools] present a challenge,” he said. “While we may know these folks, we don’t know who their customers are.”
But that’s just a part of the issue. GoDaddy was also concerned about the amount of resources DomainTools was consuming, and its own future legal responsibilities under the European Union’s forthcoming General Data Protection Regulation.
“When [Chen] says they’re down to a fraction or a percentage of what they had previously, well what they had previously was they were updating and archiving Whois almost in real time,” Bladel said. “And that’s not going to fly.”
“That is not only, we feel, not congruent with our responsibilities to our customers’ data, but it’s also, later on down the road, exactly the kind of thing that GDPR and other regulations are designed to stop,” he said.
GDPR is the EU law that, when it fully kicks in in May, gives European citizens much more rights over the sharing and processing of their private data.
Bladel added that DomainTools is still getting more Whois access than other parties using port 43.
“They have a level of access that is much, much higher than what they would normally have as a registrar,” he said, “but much lower than I think they want, because they want to effectively download and keep current the entirety of the Whois database.”
I’m not getting a sense from GoDaddy that it’s likely to backtrack on its changes.
Indeed, the company also today announced that it from January 25 it will start to “mask” key elements of Whois records when queried over port 43.
GoDaddy told high-value customers such as domainers today that port 43 queries will no longer return the registrant’s first name, last name, email address or phone number.
Bulk Whois users such as registrars (and, I assume, DomainTools) that have been white-listed via the “GoDaddy Port43 Process” will continue to receive full records.
Its web-based Whois, which includes a CAPTCHA gateway to prevent scraping, will continue to function as normal.
Bladel said that these changes are NOT related to GDPR, nor to the fact that ICANN said a couple months back that it would not enforce compliance with Whois provisions of the Registrar Accreditation Agreement, subject to certain conditions.
SpamHaus ranks most-botted TLDs and registrars
Namecheap and Uniregistry have emerged as two of the most-abused domain name companies, using statistics on botnet command and control centers released by SpamHaus this week.
SpamHaus data shows that over a quarter of all botnet C&Cs found during the year were using NameCheap as their registrar.
It also shows that almost 1% of domains registered in Uniregistry’s .click are used as C&Cs.
The spam-fighting outfit said it discovered “almost 50,000” domains in 2017 that were registered for the purpose of controlling botnets.
Comparable data for 2016 was not published a year ago, but if you go back a few years, SpamHaus reported that there were just 3,793 such domains in 2014.
Neither number includes compromised domains or free subdomains.
The TLD with the most botnet abuse was of course .com, with 14,218 domains used as C&C servers. It was followed by Directi’s .pw (8,587) and Afilias’ .info (3,707).
When taking into account the relative size of the TLDs, SpamHaus fingered Russian ccTLD .ru as the “most heavily abused” TLD, but its numbers don’t ring true to me.
With 1,370 botnet controllers and about five and a half million domains, .ru’s abused domains would be around 0.03%.
But if you look at .click, with 1,256 botnet C&Cs and 131,000 domains (as of September), that number is very close to 1%. When it comes to botnets, that’s a high number.
In fact, using SpamHaus numbers and September registry reports of total domains under management, it seems that .work, .space, .website, .top, .pro, .biz, .info, .xyz, .bid and .online all have higher levels of botnet abuse than .ru, though in absolute numbers some have fewer abused domains.
In terms of registrars, Namecheap was the runaway loser, with a whopping 11,878 domains used to control botnets. 
While SpamHaus acknowledges that the size of the registrar has a bearing on abuse levels, it’s worth noting that GoDaddy — by far the biggest registrar, but well-staffed with over-zealous abuse guys — does not even feature on the top 20 list here.
SpamHaus wrote:
While the total numbers of botnet domains at the registrar might appear large, the registrar does not necessarily support cybercriminals. Registrars simply can’t detect all fraudulent registrations or registrations of domains for criminal use before those domains go live. The “life span” of criminal domains on legitimate, well-run, registrars tends to be quite short.
However, other much smaller registrars that you might never have heard of (like Shinjiru or WebNic) appear on this same list. Several of these registrars have an extremely high proportion of cybercrime domains registered through them. Like ISPs with high numbers of botnet controllers, these registrars usually have no or limited abuse staff, poor abuse detection processes, and some either do not or cannot accept takedown requests except by a legal order from the local government or a local court.
The SpamHaus report, which you can read here, concludes with a call for registries and registrars to take more action to shut down repeat offenders, saying it is “embarrassing” that some registrars allow perpetrators to register domains for abuse over and over and over again.
Namecheap to bring millions of domains in-house next week
Namecheap is finally bringing its customer base over to its own ICANN accreditation.
The registrar will next week accept transfer of an estimated 3.2 million .com and .net domains from Enom, following a court ruling forcing Enom owner Tucows to let go of the names.
The migration will happen from January 8 to January 12, Namecheap said in a blog post today.
Namecheap is one of the largest registrars in the industry, but historically it mostly acted as an Enom reseller. Every domain it sold showed up in official reports as an Enom sale.
While it’s been using its own ICANN accreditation to sell gTLD names since around 2015 — and has around four million names on its own credentials — it still had a substantial portion of its customer base on the Enom ticker.
After the two companies’ arrangement came to an end, and Enom was acquired by Tucows, Namecheap decided to also consolidate its .com/.net names under its own accreditation.
After Tucows balked at a bulk transfer, Namecheap sued, and a court ruled in December that Tucows must consent to the transfer.
Now, Namecheap says all .com and .net names registered before January 2017 or transferred in before November 2017 will be migrated.
There may be some downtime as the transition goes through, the company warned.
Aussie registrar guilty of $6 million slamming campaign
Domain seller Domain Register Pty Ltd has reportedly been found guilty of scamming thousands of Australians out of a total of $6 million with bogus domain renewal notices.
The Herald Sun reports today that a Federal court ruled that the company’s sales tactics were “misleading or deceptive, or likely to mislead or deceive in breach of state and federal laws”.
The company, at one time a TPP Wholesale reseller but apparently never ICANN-accredited itself, was notorious for being a leading Aussie practitioner of the old “domain slamming” scam popularized by the Brandon Gray gang through fronts such as Domain Registry of America.
It sent paper invoices that appeared to the casual reader to be renewal notices for .com.au names, but were in fact solicitations to buy matching .com names for an outrageous $249 ($195) per year.
So convincing were the notices that the hit rate was one out of every 14 organizations targeted, the Herald Sun reported. Over 21,000 suckers in total.
According to the newspaper, the court was told that Domain Register made AUD 7.7 million ($6 million) from 31,000 registrations and renewals from January 1, 2011, to May 30, 2014.
The lawsuit was filed by Australian state government watchdog Consumer Affairs Victoria a year ago, but the domain industry was warning punters about the scam as far back as 2011.
Domain Register’s punishment has yet to be determined, but the agency had been seeking refunds for victims along with punitive penalties.
Brazil loses its only registrar as UOL bows out
There are now no ICANN-accredited registrars in Brazil, following the termination of Universo Online’s contract this week.
I understand the agreement was ended at UOL’s request. It’s not a case of it breaching its contract.
UOL is a big deal in Brazil, getting beaten in the eyeballs stakes only by the likes of Google and Facebook, but as a registrar it wasn’t in the top 100 globally.
It had a little over 100,000 gTLD domains under management at the last count, with a peak over the last five years of roughly 200,000
I hear that these remaining domains will be transferred to Tucows’ accreditation.
Brazil has had at least four registrars, including UOL, over the years.
Countries roughly the same size as Brazil by population (over 200 million) include Nigeria and Pakistan, each of which still have one active registrar.
There are 10 contracted registries, managing nine 2012-round new gTLDs, in Brazil.
GoDaddy renewal revamp “unrelated” to domainer auction outrage
GoDaddy has made some big changes to how it handles expired domain names, but denied the changes are related to domainer outrage today about “fake” auctions.
The market-leading registrar today said that it has reduced the period post-expiration during which registrants can recover their names from 42 days to 30. After day 30, registrants will no longer be able to renew or transfer affected names.
GoDaddy is also going to start cutting off customers’ MX records five days after expiry. This way, if they’re only using their domain for email, they will notice the interruption. Previously, the company did not cut off MX records.
The changes were first reported at DomainInvesting.com and subsequently confirmed by a GoDaddy spokesperson.
One impact of this will be to reduce confusion when GoDaddy puts expired domains up for auction when it’s still possible for the original registrant reclaim them, which has been the cause of complaints from prominent domain investors this week.
As DomaingGang reported yesterday, self-proclaimed “Domain King” Rick Schwartz bought the domain GoDaddyBlows.com in order to register his disgust with the practice.
Konstantinos Zournas of OnlineDomain followed up with a critique of his own today.
But the GoDaddy spokesperson denied the changes are being made in response to this week’s flak.
“This is unrelated to any events in the aftermarket,” he said. “We’ve been working on this policy for more than a year.”
He said the changes are a case of GoDaddy “optimizing our systems and processes”. The company ran an audit of when customers were renewing and found that fewer than 1% of names were renewed between days 30 and 42 following expiration, he said.
GoDaddy renews about 2.5 million domains per month in just the gTLDs it carries, according to my records, so a full 1% would equal roughly 25,000 names per month or 300,000 per year. But the company spokesperson said the actual number “quite a bit less” than that.
How many of these renewals are genuinely forgetful registrants and how many are people attempting to exploit the auction system is not known.
The changes will come into effect December 4. The news broke today because GoDaddy has started notifying its high-volume customers.
ICANN terminates 450 drop-catch registrars
Almost 450 registrars have lost their ICANN accreditations in recent days, fulfilling predictions of a downturn in the domain name drop-catch market.
By my reckoning, 448 registrars have been terminated in the last week, all of them apparently shells operated by Pheenix, one of the big three drop-catching firms.
Basically, Pheenix has dumped about 90% of its portfolio of accreditations, about 300 of which are less than a year old.
It also means ICANN has lost about 15% of its fee-paying registrars.
Pheenix has saved itself at least $1.2 million in ICANN’s fixed accreditation fees, not including the variable and transaction-based fees.
It has about 50 registrars left in its stable.
The terminated registrars are all either numbered LLCs — “Everest [1-100] LLC” for example — or named after random historical or fictional characters or magic swords.
The move is not unexpected. ICANN predicted it would lose 750 registrars when it compiled its fiscal 2018 budget.
VP Cyrus Namazi said back in July that the drop-catching market is not big enough to support the many hundreds of shell registrars that Pheenix, along with rivals SnapNames/Namejet and DropCatch.com, have created over the last few years.
The downturn, Namazi said back then, is material to ICANN’s budget. I estimated at the time that roughly two thirds of ICANN’s accredited registrar base belonged to the three main drop-catch firms.
Another theory doing the rounds, after Domain Name Wire spotted a Verisign patent filing covering a system for detecting and mitigating “registrar collusion” in the space, is that Verisign is due to shake up the .com drop-catch market with some kind of centralized service.
ICANN reckoned it would start losing registrars in October at a rate of about 250 per quarter, which seems to be playing out as predicted, so the purge has likely only just begun.
Hammock swings from Rightside to MarkMonitor
Statton Hammock has joined brand protection registrar MarkMonitor as its new vice president of global policy and industry development.
He was most recently VP of business and legal affairs at Rightside, the portfolio gTLD registry that got acquired by Donuts in July. He spent four years there.
The new gig sounds like a broad brief. In a press release, MarkMonitor said Hammock will oversee “the development and execution of MarkMonitor’s global policy, thought leadership, business development and awareness strategy”.
MarkMonitor nowadays is a business of Clarivate Analytics under president Chris Veator, who started at the company in July.
After slow launch, .africa looks to add hundreds of resellers
ZA Central Registry is opening up .africa and its South African city gTLDs to potentially hundreds of new registrars via a new proxy program.
The company today announced that its new registrar AF Proxy Services has received ICANN accreditation, which should open up .africa, .joburg, .capetown and .durban to its existing .za channel.
ZACR is the ccTLD registry for South Africa and as such it already has almost 500 partners accredited to sell .za names. But most of these resellers are not also ICANN accredited, so they cannot sell gTLD domains.
The AF Proxy service is intended to give these existing resellers the ability to sell ZACR’s four gTLDs without having to seek out an ICANN accreditation themselves.
“Effectively, all users of the AF Proxy service become resellers of the Proxy Registrar which is an elegant technical solution aimed at boosting new gTLD domain name registrations,” ZACR CEO Lucky Masilela said in a press release.
While reseller networks are of course a staple of the industry and registries acting as retail registrars is fairly common nowadays, this new ZACR business model is unusual.
According to ZACR’s web site, it has 489 accredited .za registrars active today, with 52 more in testing and a whopping 792 more in the application process.
Depending on uptake of the proxy service, that could bring the number of potential .africa resellers to over 1,300.
And they’re probably needed.
The .africa gTLD went into general availability in July — after five years of expensive legal and quasi-legal challenges from rival applicant DotConnectAfrica — but has so far managed to put just 8,600 names in its zone file.
That’s no doubt disappointing for TLD serving a population of 1.2 billion and which had been expected to see substantial domain investor activity from overseas, particularly China.
Recent Comments