Five times ICANN deleted a ccTLD, and what it means for .io

With the future of .io coming into question this week, with the news that the UK will return sovereignty of the British Indian Ocean Territory to Mauritius, I thought it would be a good time to see how ICANN has treated disappearing countries and territories in the past.

As far as I can tell, ccTLDs have been removed from the DNS root on only five occasions since ICANN came into existence in 1998.

While the circumstances differ, in all but one case the trigger for the deletion was a change to the International Standards Organization’s ISO 3166-1 alpha-2 list, which ICANN uses to decide who gets a ccTLD and what ccTLD they get.

.yu — Yugoslavia

The Socialist Federal Republic of Yugoslavia broke up in 1992 due to a bloody civil war, but it wasn’t until 2010 that ICANN finally removed .yu from the root.

Splinter nations Slovenia, Croatia, North Macedonia, and Bosnia and Herzegovina were all assigned their own new country codes — .si, .hr, .mk and .ba — in the 1990s, but the now independent and separate states of Serbia and Montenegro, initially known as the Federal Republic of Yugoslavia, carried on using .yu.

When the country renamed itself the State Union of Serbia and Montenegro in 2003, the ISO list was updated to assign it the new code .cs, but the corresponding ccTLD was never actually delegated before the country broke up again in 2006, getting the ccTLDs .rs and .me the following year.

RNIDS, the .rs registry, carried on running .yu for a few years while it transitioned registrants to the new ccTLD. The process was not entirely painless, and ICANN had to keep .yu live longer than planned, before eventually deleting it April 1, 2010.

.tp — Portuguese Timor

The country we now know as East Timor or Timor Leste started the 21st century as Portuguese Timor, under Indonesian occupation. Its ccTLD was .tp.

After the country gained its independence in 2002, it renamed itself Timor Leste and the ISO assigned it the new code TL, deleting TP from its list.

IANA delegated .tl to the local government in 2005 and encouraged .tp registrants to migrate, but it took a full decade before it followed through and removed .tp from the root, in February 2015.

.zr — Zaire

The first ccTLD to get deleted by IANA under ICANN’s watch was .zr, which was no longer needed after Zaire changed its name to Democratic Republic of the Congo, receiving the code CD from ISO, in 1997.

The pre-ICANN IANA delegated .cd to the newly named country in 1997 and the registry operator set about moving .zr names to .cd. By 2001, that process was completed and .zr was deleted from the root.

.an — Netherlands Antilles

The Netherlands Antilles was a collection of former Dutch colonies in the Caribbean, until the territory split, with its component islands receiving new statuses under Dutch law, in 2010. The ccTLD was .an.

Curaçao got .cw, Sint Maarten (Dutch part) got the sexy-sounding .sx, and Bonaire, Saint Eustatius and Saba got to share .bq. ISO removed AN from its list.

The transition was a bit more complicated than usual, as .an registrants had to transfer to a new ccTLD based on what island they were on, but the local authorities managed it and within five years .an went poof.

.um — United States Minor Outlying Islands

This one’s unique in that it was deleted apparently simply because the registry operator couldn’t be bothered with it any more.

The United States Minor Outlying Islands are pretty much unpopulated, but strategically well-located, islands belonging to the US. There’s eight in the Pacific and one in the Caribbean.

Its ccTLD was operated by the University of Southern California until 2006, when somebody at ICANN noticed it appeared to be broken. When it approached USC for an explanation, it was told “they were no longer interested in managing the .UM domain”.

It had no registered domains, so there was no need for a transition plan and IANA deleted it from the root the following year.

The islands and their code are still on the ISO list and are still eligible for their ccTLD. Presumably it’s only the fact that the US government has asserted its authority over .um that has prevented an opportunist Just Some Guy registry from snapping it up to market .um domains as the leading destination for indecisive people or something.

What does this mean for .io?

ICANN’s policy on ccTLDs is pretty straightforward — your territory has to be on the ISO 3166 list and the ccTLD has to match the code ISO gives you. If your code drops off the list, you have five years, extensible to 10, to conduct an orderly transition before the TLD is retired.

Much like Portuguese Timor changing its name to Timor Leste to shuck off its enforced colonial branding, it seems inconceivable that the Chagos Archipelago will continue to be known as the British Indian Ocean Territory.

The key questions for .io registrants are: will the renamed BIOT keep the IO assignment on the ISO list, and will the archipelago continue to qualify as a distinct territory eligible for ccTLD status?

If BIOT simply becomes part of Mauritius, no longer recognized by the UN as a distinct territory, .io gains an existential threat. It would drop off ISO’s list and ICANN could issue it a retirement notice.

If BIOT remains a distinct territory and remains eligible for a ccTLD, the possibilities become a whole lot more interesting.

If Mauritius decides to change the territory’s name, there’s no problem. But if it asks ISO for a corresponding change of two-letter code to better reflect its new name, .io’s future is in doubt.

If the name is changed to something like “Chagos” and Mauritius wants a “C” code, only CB, CE and CJ are still available.

Theoretically, the government of Mauritius could unilaterally force an undesirable string change on Identity Digital, the American company that runs the .io registry, forcing a years-long migration to the newly chosen ccTLD.

I can’t imagine many of .io’s hundreds of thousands of registrants, particularly those using .io as a domain hack or to hitch themselves to a cool tech-startup bandwagon, being happy with a forced migration to, say, .cj.

The power to decoolify an entire TLD would be a compelling weapon in a redelegation fight. I’m deep into speculative territory here, but I can’t help but feel that Identity Digital is going to have to give Mauritius some money at some point.

Another possibility is that the registry, one of ICANN’s biggest funders, could lobby ICANN to change its policies and somehow grandfather .io in as a stateless ccTLD.

The fact that ICANN hasn’t acted to remove .su from the root, thirty years after the Soviet Union collapsed, could be seen as precedent.

The answers to .io’s future might be found in the proposed UK-Mauritius treaty, but that has yet to be published. As it has to be ratified by the UK Parliament we can expect it to enter the public domain before long.

Future of .io domains uncertain as UK hands over Chagos islands

The future of the .io ccTLD is up in the air today with the announcement that the UK is to hand over the British Indian Ocean Territory, also known as the Chagos Archipelago, to Mauritius.

The two governments announced today that they will sign a treaty agreeing “that Mauritius is sovereign over the Chagos Archipelago”. It’s being called the end of British colonialism in Africa.

Under the broad-ranging 99-year deal, native Chagossians, forcibly exiled since the late 1960s, will be free to return to the islands, apart from Diego Garcia, which is home to a strategically important UK-US military base.

There’s no talk yet of the future the ccTLD, of course — the governments have bigger fish to fry — but the change of sovereignty could have interesting implications for the .io registry and its registrants.

The positive spin is that owning a .io domain could now be seen as a less dubious ethical choice.

For almost a decade, largely unsuccessful boycotts of .io have been organized by tech bros upset with the treatment of the Chagossians. Now that they’re getting their land back, the queasiness of supporting “digital colonialism” might go away.

The bad news is that a change of sovereignty could ultimately lead to a change of registry, or the ccTLD disappearing entirely.

ICANN takes its lead from the International Standards Organization, specifically the ISO 3166-1 alpha-2 list, when it comes to deciding whether a ccTLD deserves to exist and what two-letter code it gets.

If BIOT ceases to exist and is removed from the ISO list, as seems likely, there’s a strong case to be made that .io should cease to exist too.

Whether ICANN would actually remove .io from the DNS root is another matter, of course. While it has removed ccTLDs before when the associated country disappears, it has done so in a measured, managed fashion.

The Org also seems quite happy for .su to stay in the root, thirty-odd years after the Soviet Union fell apart.

But what of redelegation? There’s already a campaign to get .io redelegated to the Chagossians, and now that the UK is relinquishing its control of BIOT to Mauritius, the redelegation claim could be strengthened by the weight of a national government.

However, while .io is assigned to BIOT, the UK government says it has no formal relationship with the registry, so a change of ownership of the territory doesn’t necessarily mean the ccTLD changes owners.

The registry is run by a private UK company, Internet Computer Bureau, which nowadays is basically a shell owned by an Irish company that is in turn owned by US-based Identity Digital and its parent Beignet.

And ICANN typically doesn’t redelegate ccTLDs without the consent of the losing registry, which in many cases is Just Some Guy who spotted a business opportunity in the 1990s.

Niue, the Pacific island nation, has been fighting fruitlessly for control of .nu for two decades, for example, but the extant registry doesn’t want to hand it over so ICANN has not acted.

As I reported earlier this week, .io had turnover of almost $40 million last year, so it seems unlikely that Identity Digital would follow the UK’s lead and just hand it over.

While the registry does not disclose its registration numbers, the revenue suggests it’s possible over a million .io domains have been registered.

.ai now has over half a million names

Anguilla’s .ai ccTLD added 54,372 domain names in the last quarter, according to the registry’s web site.

The total today is 533,068 domains, compared to 478,696 on July 1, according to an update posted this afternoon. The .ai domains under management number was 306,861 about a year ago.

.ai now has about as many registered domains as Finland’s .fi or Identity Digital’s .live.

The impressive growth is of course due to the string matching the abbreviation for Artificial Intelligence.

UK and Israel cut ICANN funding

The ccTLD registries for UK and Israel cut their funding to ICANN by the largest amounts in the Org’s last financial year, according to the latest numbers.

ICANN received mostly voluntary ccTLD contributions totaling $2,135,937 in its fiscal 2024, which ended June 30, according to its report, which was published (pdf) a couple weeks ago. That’s down $80,302 from the $2,216,240 it received in FY23.

The biggest single reason for the decline is that Nominet, the .uk registry, slashed its contribution from its usual $225,000 tribute by $75,000 to $150,000 in FY24.

Under ICANN guidelines (pdf) for ccTLDs, registries with over five million domains under management should contribute the maximum $225,000 a year. While .uk has been in decline for a while, it still has well over 10 million DUM.

But Nominet was the only ccTLD still paying the $225,000. All the other ccTLDs with over five million domains were already paying substantially less.

The Netherlands reduced its contribution from $225,000 to $180,000 in FY23. Germany has not given ICANN more than $130,000 a year in the last five years. China always pays $45,000. Brazil pays $100,000.

Nick Wenban-Smith, Nominet’s general counsel told us: “Our relationship with ICANN has not changed. We are a long-standing supporter of the organisation in many ways, lending our resources to policy work and other community efforts alongside our annual financial contribution.”

Israel is the second big funding-cutter in the latest report. It had been giving the recommended $15,000 for its 250,000+ domains, but reduced that to just $5,000 in FY24, despite its DUM being up slightly over the period.

Registries from nine territories that contributed $1,000 or less every year from FY20 to FY23 did not contribute at all in FY24. These include Nigeria, Antigua and Barbuda, Malawi, Guernsey, Jersey, Saint Lucia, Tokelau, and the US Virgin Islands.

The lack of any money from Tokelau’s .tk is expected given the death of the registry. Jersey and Guernsey are perhaps more surprising, given the registries are run by a former ICANN director.

A handful of other ccTLDs from small territories that have only sporadically given in the past did not contribute in FY24.

Fourteen registries contributed more in FY24 than they did in FY23, but the difference amounted to just $13,000 extra cash in ICANN’s coffers. South Africa, Slovenia, Vietnam, Tanzania, and Mongolia all paid $1,000 or more over FY23.

Russia, which stopped providing funding in FY23 despite its almost six million DUM, also did not give any money in FY24.

Moment of truth as .music domains finally go on sale

After a wait of over 15 years, startup registry DotMusic is bringing .music domains to general availability today.

A week-long Early Access Period is due to start this afternoon, with prices initially measured in the thousands of dollars, before regular GA with standard pricing — around $60 retail — kicks off October 8.

Participating registrar 101domain has published an EAP price list and timetable, showing prices starting at $11,999 today, dropping to $6,299, $1,999, $799, $199, $169, and $139 over the following six days. The prices drop at 1600 UTC each day.

While .music is certainly among the strongest strings to emerge from the new gTLD program to date, there are substantial, self-imposed barriers to broad adoption.

.music is a rare example of a “Community” gTLD, with additional restrictions — built into its ICANN registry contract — on who can register names and what kind of content they can publish.

DotMusic’s published policies say that registrants must verify their identities and connection to the music industry and obtain a special code called a Music ID within 90 days of registration.

Newly registered domains will be on Registry Server Hold Status until this code is obtained, meaning they won’t be included in the .music zone file and won’t resolve on the internet.

Failure to obtain the Music ID within 90 days means DotMusic can delete or suspend the domain with no refunds. After a registrant has a .music ID, it can be reused to activate subsequent registrations.

A sister company of DotMusic called ID.music will be responsible for verifying the identity of registrants and their “nexus” to the music industry. It announced last week it’s partnered with a company called Shufti to verify IDs.

DotMusic is building additional services around the Music ID. A Music Hub is expected to feature services designed to help artists connect with and cultivate their fan base.

The launch so far appears to be a bit messy, with not much hype and some confusion about certain details, which is worrying given how long .music has been under development.

Domains being promoted for Music Hub services supposedly available at launch, such as search.music and channels.music, do not appear in the latest .music zone file and do not resolve.

It’s also not entirely clear what the official registry web site is. IANA lists nic.music, but music.us and get.music have also been used and registry.music appears to be the most up-to-date.

CentralNic is also being touted as .music’s back-end registry services provider both on the registry’s registrar-onboarding web site and by some participating registrars, but I’m pretty certain DotMusic switched to Tucows a few months ago.

gTLDs with onerous registration restrictions historically have not fared particularly well in the market, where registrars are not keen on products that cause shopping cart friction or risk spawning support calls.

DotMusic seems to done itself a favor by making registrant verification a post-registration hoop to jump through, moving most of the complexity to the registry.

.music had 213 domains in its zone file yesterday but, due to the restrictions, it’s going to be difficult to use this metric to judge the success of the launch in future.

Another ccTLD opens up its second level

Kuwait has become the latest country to make second-level domain registrations possible directly under its national ccTLD.

The registry, government regulator the Communication and Information Technology Regulatory Authority (CITRA), said last week that it’s launching direct 2LD regs under .kw with an initial six-month sunrise period that has already started.

CITRA said in a press release that this first launch phase allows “government entities, registered trademark owners, and holders of third-level domains (.com.kw/.net.kw/.org.kw)” to register names.

The current three-level structure has six subdivisions, also including .ind.kw for individuals, .gov.kw for governmental entities, and .edu.kw for educational institutions. Local presence restrictions appear to apply to all.

While much of CITRA’s web site is available in English, its 2LD policies appear to be only published so far in Arabic, in PDFs that resist machine translation.

Domains in .kw currently cost about KWD15 (about $50) a year. Kuwait does not have an Arabic version of the ccTLD, but Arabic script is supported at the second and third levels.

.io sells $40 million of domains after massive uptick

.io is now a $40-million-a-year domain, after a few years of impressive growth, judging by the registry’s latest financial reports.

UK-based Internet Computer Bureau, a subsidiary of Identity Digital, recently reported turnover of £29.6 million ($39.6 million) for 2023, up 13.9% on the £26.1 million it reported in 2022.

While that’s respectable growth, it pales compared to 2022 (which I don’t think was reported at the time), when turnover was up a whopping 59%.

Identity Digital does not reveal .io’s registration numbers, but with turnover of over $39 million and retail renewal prices bottoming out at around $39 a year, it seems quite possible that the TLD’s domains under management has reached seven digits.

When Afilias paid $70 million for ICB in 2017, it had turnover of $7 million and domains were reported at 270,000.

ICB’s gross margins are terrible — one can only assume its registry services deal with Identity Digital is rather generous to its parent — at 4.4%, with £28 million being paid out as cost of sales.

With another £3 million of unelaborated “administrative expenses”, ICB reported a 2023 net loss of £404,000 compared to a 2022 profit of £1.7 million. It paid £17,660 in UK tax, down from £277,703. It had just $69,000 cash on hand at the end of the year.

While ICB also runs .ac (Ascension Island) and .sh (Saint Helena, Ascension and Tristan da Cunha), it’s only .io that has seen broad uptake among the global domain-registering public. Tech firms like it because I/O means “input/output”.

.io is the ccTLD for the contested British Indian Ocean Territory, also known as the Chagos Archipelago, which is administered from the UK and used almost exclusively to house a strategically important US military base.

After five years, “useless” TLD has two web sites

An IDN ccTLD criticized as “useless” by locals when it was approved five years ago has fewer domains today than it did at launch, and a portfolio of web sites even a Simpson could count on one hand (twice).

The Greek-script .ευ (.xn--qxa6a) is one of two internationalized domain name versions of the European Union’s .eu, operated by EURid. It was approved by ICANN in September 2019 and went live two months later.

Today, it has just 2,561 domains under management, about 200 fewer than it did at the end of 2019, just a month after launch, according to stats on EURid’s web site.

A quick google on Google for .ευ domains returns results for only two indexed web sites, while googling on Bing returns four, of which two are undeveloped placeholders.

It’s not much of a result for a TLD that ICANN spent nine years twisting itself in knots to approve over the concerns of evaluators who thought it was visually too confusing to other two-letter strings.

Greek domainers criticized .ευ upon its approval, with Konstantinos Zournas calling it the “worst extension ever”, due largely to the fact that “EU” in Greek is εε, not ευ.

Verisign agrees to .com takedown rules

Verisign has agreed to take down abusive .com domains under the next version of its registry contract with ICANN.

The proposed deal, published for public comment yesterday, could have financial implications for the entire domain industry, but it also contains a range of changes covering the technical management of .com.

Key among them is the addition of new rules on “DNS Abuse” that require Verisign to respond to abuse reports, either by referring the domain to its registrar or by taking direct action

Abuse is defined with the now industry-standard “malware, botnets, phishing, pharming, and spam (when spam serves as a delivery mechanism for the other forms of DNS Abuse listed in this definition)”.

The language is virtually identical to the strengthened DNS abuse language in the base Registry Agreement that almost all other gTLD registries have been committed to since their contracts were updated this April. It reads:

Where Registry Operator reasonably determines, based on actionable evidence, that a registered domain name in the TLD is being used for DNS Abuse, Registry Operator must promptly take the appropriate mitigation action(s) that are reasonably necessary to contribute to stopping, or otherwise disrupting, the domain name from being used for DNS Abuse. Such action(s) shall, at a minimum, include: (i) the referral of the domains being used for the DNS Abuse, along with relevant evidence, to the sponsoring registrar; or (ii) the taking of direct action, by Registry Operator, where Registry Operator deems appropriate.

The current version of the .com contract only requires Verisign to publish an abuse contact on its web site. It doesn’t even oblige the company to respond to abuse reports.

In domain volume terms, .com is regularly judged one of the most-abused TLDs on the internet, though newer, cheaper gTLDs usually have worse numbers in terms of the percentage of registrations that are abusive.

Verisign will also get an obligation that other registries don’t have — to report to ICANN “any cyber incident, physical intrusion or infrastructure damages” that affects the .com registry.

ICANN won’t be able to reveal the details of such incidents publicly unless Verisign gives its permission, but in a side deal (pdf) the two parties promise to work together on a process for public disclosure.

Verisign will also have to implement two 20-year-old IETF standards on “Network Ingress Filtering” that describe methods of mitigating denial-of-service attacks by blocking traffic from forged IP addresses.

The contract is open for public comment.

New .com contract could see ALL domain prices go up

Verisign will retain its power to increase .com prices by 7% a year, and prices in other gTLDs could well go up too, under a new proposed registry contract designed to help patch up ICANN’s budget.

The proposed .com Registry Agreement was posted for public comment this evening, and the pricing terms within could have broad implications for all registrants of gTLD domains.

For starters, as usual the deal lets Verisign raise .com prices, currently $10.26 a year, by 7% in the final four years of the six years of its term. This is an option Verisign has never failed to exercise in the past.

But the deal would also give ICANN the power, in its sole discretion, to raise the per-transaction fees Verisign pays it for each added, renewed, or transferred .com domain, in line with the latest US inflation numbers.

The fee is currently $0.25 per transaction, and it hasn’t gone up ever, as far as I recall.

The proposed text on inflation is pretty much the same as found in all post-2012 gTLD Registry Agreements, but adds a clause saying that ICANN cannot raise the .com fees unless it also raises fees in “multiple other registry agreements”.

Yet another clause strongly suggests that ICANN intends to exercise its existing right to increase its fees, again according to the US Consumer Price Index, across other gTLDs — presumably all of them — rather soon:

ICANN and Registry Operator hereby agree that if ICANN delivers notice of a fee adjustment to other registry operators after November 1, 2024 and prior to the Effective Date, ICANN may concurrently deliver such fee adjustment notice to Registry Operator, in which case the provisions of Section 7.2(d) shall be deemed to have applied at the time such notice was sent.

Translated, this means that ICANN can put Verisign on notice that its fees are going up even before the contract is signed, but only if it also raises the fees on other registries at the same time.

It’s difficult to imagine why this language is there unless it’s describing something ICANN is actually planning to do.

Unlike Verisign, other gTLD operators do not have regulated pricing, so any ICANN fee increase on them could very well be passed on to registrars and ultimately registrants with increased wholesale prices.

The new contract is being proposed a few months after ICANN laid off staff because its budget was $10 million light, and CEO Sally Costerton said the Org was “evaluating ICANN’s fee structure to ensure it scales realistically with inflation”.

Verisign, and .com in particular, is ICANN’s biggest single source of funding, contributing $47.3 million of its $145.5 million in revenue in its last fiscal year.

The proposed new .com contract and public comment opportunity can be found here.