NameCheap: a top ten registrar?

eNom reseller NameCheap is actually in the top 10 largest registrars in terms of domains under management, judging by data in regulatory documents filed by eNom parent Rightside.
According to a Rightside SEC filing related to its spin-off from Demand Media, NameCheap accounted for 23% of the company’s total domains under management as of September 30.
With the same document declaring Rightside has over 12 million names under management as of the same date, NameCheap apparently looks after just under 2.8 million domains.
By my reckoning, this means NameCheap is very probably the ninth-largest registrar by DUM out there, sandwiched between GMO Internet and FastDomain.
My comparison is not completely apples-to-apples — NameCheap’s number may include ccTLD registrations and I’m levering the company into a gTLDs-only league table — so may not be fully reliable.
But it’s the first solid indication of the size of NameCheap’s business I’ve seen in a while.
While NameCheap is accredited by ICANN in its own right, it has never registered more than a handful of domains under its own name, leaving it in the sub-900 range in the DUM league table.
According to Rightside, NameCheap is under contract to exclusively use eNom’s wholesale services until December 2014, but the deal does have one-year renewals built in.

Go Daddy hires former Microsoft exec as CIO

Go Daddy has appointed a new chief information/infrastructure officer, former Microsoft and ServiceNow executive Arne Josefsberg.
Josefsberg was most recently CTO of ServiceNow, a service automation software company, but he previously worked with Go Daddy CTO Elissa Murphy when she was at Microsoft.
He’s the latest in a series of high-level appointments to come over the year since Blake Irving took over as CEO and started plundering the ranks of alma maters Yahoo and Microsoft for executive talent.

LogicBoxes customers get registry pre-pay “wallet”

LogicBoxes has launched a new “wallet” service for its registrar clients, designed to make it easier for them to manage payments to the rapidly growing number of TLD registries.
The new Registry Wallet product — bundled in at no extra charge for existing customers — is a way for registrars to consolidate the process of managing pre-paid registry accounts.
Instead of managing accounts with dozens of registries for potentially hundreds of new gTLDs, LogicBoxes customers will be able to use the Wallet as a buffer and single management interface.
Many existing registries require registrars to fund an account in advance that gradually gets chipped away as more domains are sold to registrants. During quiet periods, the money sits dormant.
While some new gTLD registries are planning to allow credit card or post-payment options, others are sticking to the old ways and the legacy TLDs show no sign of changing, according to LogicBoxes senior marketing associate Vivek Desai.
“This service also aims at simplifying the invoicing and reconciliation process,” he said. “Imagine registrars having to reconcile statements and invoices with 30 or 40 or even more providers. Having one place to manage everything, will make things simpler.”
The company said it uses “pattern recognition algorithms” to predict usage, with manual oversight. It also features “threshold reminders, emergency credits and deactivation protection”, LogicBoxes said.

Cops can’t block domain transfers without court order, NAF rules

Law enforcement and IP owners were dealt a setback last week when the National Arbitration Forum ruled that they cannot block domain transfers unless they have a court order.
The ruling could make it more difficult for registrars to acquiesce to requests from police trying to shut down piracy sites, as they might technically be in breach of their ICANN contracts.
NAF panelist Bruce Meyerson made the call in a Transfer Dispute Resolution Policy ruling after a complaint filed by EasyDNS against Directi (PublicDomainRegistry.com).
You’re probably asking right about now: “The what policy?”
I had to look it up, too.
TDRP, it turns out, has been part of the ICANN rulebook since the Inter-Registrar Transfer Policy was adopted in 2004.
It’s designed for disputes where one registrar refuses to transfer a domain to another. As part of the IRTP, it’s a binding part of the Registrar Accreditation Agreement.
It seems to have been rarely used in full over the last decade, possibly because the first point of complaint is the registry for the TLD in question, with only appeals going to a professional arbitrator.
Only NAF and the Asian Domain Name Dispute Resolution Centre are approved to handle such cases, and their respective records show that only one TDRP appeal has previously filed, and that was in 2013.
In the latest case, Directi had refused to allow the transfer of three domains to EasyDNS after receiving a suspension request from the Intellectual Property Crime Unit of the City of London Police.
The IPCU had sent suspension requests, targeting music download sites “suspected” of criminal activity, to several registrars.
The three sites — maxalbums.com, emp3world.com, and full-albums.net — are all primarily concerned with hosting links to pirated music while trying to install as much adware as possible on visitors’ PCs.
The registrants of the names had tried to move from India-based Directi to Canada-based EasyDNS, but found the transfers denied by Directi.
EasyDNS, which I think it’s fair to say is becoming something of an activist when it come to this kind of thing, filed the TDRP first with Verisign then appealed its “No Decision” ruling to NAF.
NAF’s Meyerson delivered a blunt, if reluctant-sounding, win to EasyDNS:

Although there are compelling reasons why the request from a recognized law enforcement agency such as the City of London Police should be honored, the Transfer Policy is unambiguous in requiring a court order before a Registrar of Record may deny a request to transfer a domain name… The term “court order” is unambiguous and cannot be interpreted to be the equivalent of suspicion of wrong doing by a policy agency.
To permit a registrar of record to withhold the transfer of a domain based on the suspicion of a law enforcement agency, without the intervention of a judicial body, opens the possibility for abuse by agencies far less reputable than the City of London Police.

That’s a pretty unambiguous statement, as far as ICANN policy is concerned: no court order, no transfer block.
It’s probably not going to stop British cops trying to have domains suspended based on suspicion alone — the Metropolitan Police has a track record of getting Nominet to suspend thousands of .uk domains in this way — but it will give registrars an excuse to decline such requests when they receive them, if they want the hassle.

New gTLD launches: registrar coverage at less than 40% of the market

Registrars representing less than 40% of the gTLD market are ready to offer new gTLDs during their launch phases, according to the latest stats from ICANN.
ICANN released yesterday a list (pdf) of the just 21 registrars that have signed the 2013 Registrar Accreditation Agreement and have been certified by IBM to use the Trademark Clearinghouse database.
Signing the 2013 RAA is a requirement for registrars that want to sell new gTLDs. Almost 150 registrars are currently on the new contract.
But being certified for the TMCH is also a requirement to sell names during the first 90 days of each new gTLD’s general availability, when the Trademark Claims service is running.
Together, the 21 registrars that have done both accounted for 59 million registered gTLD domain names (using August’s official numbers), which translated to 39.5% of the gTLD market.
It’s a high percentage due to the presence of Go Daddy, with its 48.2 million gTLD names. The only other top-10 registrar on the list is 1&1.
Twelve of the 21 registrars on the list had fewer than 40,000 names under management. A couple have fewer than 100.
Only one new gTLD, dotShabaka Registry’s شبكة., is currently in its Trademark Claims period.
The second batch, comprising Donuts’ first seven launches, isn’t due to hit until January 27, giving just a few weeks for the certified list to swell.
There’ll be 33 new gTLD in Claims by the end of February.
The rate at which new registrars are being certified by IBM is not especially encouraging either. Only four have been added in the last month.
Some registrars may of course choose to work via other registrars, as a reseller, rather than getting certified and doing the TMCH integration work themselves.

Latest Go Daddy phishing attack unrelated to 2013 RAA

Fears that the 2013 Registrar Accreditation Agreement would lead to new phishing attacks appear to be unfounded, at least so far.
The 2013 RAA, which came into force at most of the big registrars on January 1, requires registrars to verify the registrant’s email address or phone number whenever a new name is registered.
It was long predicted that this new provision — demanded by law enforcement — would lead to phishers exploiting registrant confusion, obtaining login credentials, and stealing valuable domain names.
Over the weekend, it looked like this prediction had come true, with posts over at DNForum saying that a new Go Daddy scam was doing the rounds and reports that it was related to the 2013 RAA changes.
I disagree. Shane Cultra posted a screenshot of the latest scam on his blog, alongside a screenshot of Go Daddy’s actual verification email, and the two are completely dissimilar.
The big giveaways are the “Whois Data Reminder” banner and “Reminder to verify the accuracy of Whois data” subject line.
The new attack is not exploiting the new 2013 RAA Whois verification requirements, it’s exploiting the 10-year-old Whois Data Reminder Policy, which requires registrars annually to remind their customers to keep their contact details accurate.
In fact, the language of the new scam has been used in phishing attacks against registrants since at least 2010.
That’s not to say the attack is harmless, of course — the attacker is still going to steal the contents of your Go Daddy account if you fall for it.
We probably will see attacks specifically targeting confusion about the new address verification policy in future, but it seems to me that the confusion we’re seeing with the latest scam may be coincidental.
Go Daddy told DI yesterday that the scam site in question had already been shut down. It’s not clear if anyone fell for it while it was live.

1&1’s new gTLD ads banned for “misleading” viewers

TV ads promoting 1&1’s new gTLD pre-registration services have been banned from the UK’s airwaves after being ruled “likely to mislead” by the Advertising Standards Authority.
The ads were part of probably the biggest new gTLD marketing outreach to date, a worldwide campaign I’ve heard is costing 1&1 up to $80 million. The UK ad stated:

Do you own a company? Or an online shop? Are you an estate agent? Or a car dealer? Are you from London? Or maybe Scotland? Are you looking for a great new web or e-mail address? Then choose from over 700 new domains. Pre-order yours for free, before someone else does, and link it to your website.

The ASA ruled that the ads would have led consumers to believe that they would definitely get the name they pre-registered as soon as it became available.
In fact, of course, allocation is dependent largely on registry policy, Sunrise registrations, name collisions blocking, and whatever other barriers ICANN can think up in the meantime.
The ASA said in its decision:

Whilst we considered consumers would understand the reference to ‘pre-order’ to mean that the domain names were not currently available, we considered they would understand the ad to mean that they could place an order with 1&1 Internet that would secure their chosen domain name when it became available. However, we understood that that was not the case and that upon receipt of a pre-order, 1&1 Internet would pass on the customer’s request to the relevant domain name registry, who would apply their own allocation process when the requested domain name became available. We therefore considered the presentation of the ad was likely to mislead.

The ad therefore “must not appear again in its current form”, the ASA ruled.

Finally, domain-slamming registrar gets ICANN breach notice

Domain “slamming” registrar Brandon Gray Internet Services, which does business as NameJuice.com, has finally received its first ICANN compliance notice.
If you’ve been around the industry for a while you’ll know Brandon Gray better as Domain Registry of America, Domain Registry of Canada, Domain Renewal Group and various other pseudonyms.
DROA is known for being the prime perpetrator of the old “slamming” scam, where fake postal renewal notices that look like invoices trick busy or gullible registrants into transferring their names.
It was sued for slamming by Register.com back in 2002, spanked by the UK’s Advertising Standards Agency as recently as 2009, and de-accredited by .ca registry CIRA.
There’s a list of the various times it’s run afoul of regulators over on Wikipedia.
ICANN yesterday sent a breach notice (pdf) to Brandon Gray, saying the company failed to “maintain and make available to ICANN registration records relating to dealings with the Registered Name Holder” of businesspotion.com, in violation of the Registrar Accreditation Agreement.
A Whois look-up reveals that businesspotion.com has belonged to the same registrant since 2009. However, in April 2011 it was transferred from 1&1 to Brandon Gray (DROA/NameJuice).
I can only guess why it might have been transferred.
However, the material ICANN wants only relates to the period from July this year.
It appears from the compliance notice that the owner of the domain tried to transfer his name away from DROA recently but claims to have not received the necessary authorization codes.
Brandon Gray has until January 13 to provide ICANN with the requested documentation or face losing its accreditation.
Back in 2011, the last time Brandon Gray tried to slam me, I asked: “Isn’t it about time ICANN shut these muppets down?”
Hopefully, that wish is a step closer to reality today.

Go Daddy to take $2,500 profit on Donuts’ first-day domains

Donuts’ pricey Early Access Program for its new gTLDs could prove quite lucrative for registrars.
Go Daddy today revealed that it’s charging $12,500 and up for first-day “priority” registrations in 14 Donuts gTLDs, a $2,500 profit on Donuts’ EAP registry fee, which I believe is $10,000.
The EAP is Donuts’ alternative to a traditional landrush period.
Rather than charging premium landrush fees and then running an auction for contested domains, every available domain has a standard premium buy-it-now price that is reduced every day for a week until the fee hits the standard reg fee.
It’s Dutch-auction-like, with a first-come-first-served component.
The EAP registry fees start at $10,000, go to $2,500 on day two, $950 on day three, $500 on day four and $100 from days five through day seven. Then they go to the base fee, which depends on gTLD but typically translates to about $40 at the check-out.
Go Daddy’s respective EAP retail prices are $12,539.99, $3,164.99, $1,239.99, $689.99 and $189.99.
Complicating matters, these are currently “priority pre-registration” fees, so the company will still have to successfully grab the pre-registered names from the registry when they become available.
While customers are billed today, they may not get the name they want. If Go Daddy fails to secure the name it will issue a full refund.
Complicating matters further, the company is accepting multiple pre-registrations on any given name and will auction it off to the highest bidder if more than one person pre-registers at the same level and Go Daddy manages to grab the name.
So $12,500 may just be the tip of the iceberg.
Complicating matters further further, Go Daddy’s site is currently not particularly clear — at least to this elderly hack — which components of its fees are refundable and which are not.
This slogan, currently in use on the Go Daddy pre-reg site, appears to me to be absolute nonsense.

The 14 Donuts gTLD currently on offer are: .estate, .photography, .ventures, .guru, .bike, .clothing, .gallery, .singles, .camera, .lighting, .plumbing, .equipment, .graphics and .holdings.

Jetpack Domains hit with ICANN breach notice

A small Californian registrar has been sent a contract breach notice by ICANN.
ICANN says Irvine-based Jetpack Domains has failed to comply with a scheduled audit, breaking the terms of the Registrar Accreditation Agreement that require it to supply records on demand.
The company has until January 2 to provide ICANN with the data it has asked for or risk losing its accreditation, ICANN said (pdf).
Jetpack, which had fewer than 6,000 gTLD domains under management at the last count, appears to use DomainCocoon for registrar management services.