Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
FTC slams new gTLDs but waffles over .sucks legality
The US Federal Trade Commission has made some strong criticisms of the new gTLD program but has refused to answer the question of whether .sucks is behaving illegally.
In a letter to ICANN today (pdf), FTC chair Edith Ramirez took the opportunity to ask for a bunch of changes to the program.
But she declined to reply to ICANN’s original question, which was: are Vox Populi’s launch policies and pricing illegal?
Ramirez said she “cannot comment on the existence of any pending investigations” but said “the FTC will monitor the activities of registries and other actors in this arena” and “will take action in appropriate cases”.
She goes on to make three “recommendations” about new gTLDs in general.
She wants ICANN to “encourage the best practice” of all domain registrants to prominently identify themselves on their web sites, so that consumers are not confused.
This will never happen.
Ramirez then says rights protection mechanisms should be strengthened to prevent companies like Vox Pop violating the “spirit” of the RPMs by charging such high prices.
Finally, she echoes the advice of the Governmental Advisory Committee in asking for gTLDs representing regulated industries to have much more stringent registration requirements.
ICANN is of course under no obligation to take these recommendations as anything other than the comments of a single community member.
It’s good news for .sucks — without a determination of illegal behavior ICANN presumably has no reason to act against it.
It remains to be seen what the Canadian regulator, which ICANN also contacted for guidance, will say.
UPDATE: ICANN has just released the following statement from general counsel John Jeffrey:
We want to thank Chairwoman Ramirez for her response and for the FTC’s active interest in ICANN.
We greatly appreciate the Chairwoman’s stated understanding and appreciation of the importance of the concerns ICANN had conveyed regarding the .SUCKS gTLD rollout, as well as the broader set of consumer protection issues relating to the new gTLD program that the FTC has restated in the Chairwoman’s letter.
The FTC’s comments on consumer protection issues throughout the new gTLD program have been an important part of the dialogue of the ICANN community relating to these topics.
New gTLD phishing still tiny, but .xyz sees most of it
New gTLDs are not yet being widely used to carry out phishing runs, but most such attacks are concentrated in .xyz.
That’s one of the conclusions of the Anti-Phishing Working Group, which today published its report for the second half of 2014.
Phishing was basically flat in the second half of the year, with 123,972 recorded attacks.
The number of domains used to phish was 95,321, up 8.4% from the first half of the year.
However, the number of domains that were registered maliciously in order to phish (as opposed to compromised domains) was up sharply — by 20% to 27,253 names.
In the period, 272 TLDs were used, but almost 54% of the attacks used .com domains. In terms of maliciously registered domains, .com fared worse, with over 62% share.
According to APWG, 75% of maliciously registered domains were in .com, .tk, .pw, .cf and .net.
Both .tk and .cf are Freenom-administered free ccTLDs (for Tokelau and the Central African Republic) while low-cost .pw — “plagued” by Chinese phishers — is run by Radix for Palau.
New gTLDs accounted for just 335 of the maliciously registered domains — 1.2% of the total.
That’s about half of what you’d expect given new gTLDs’ share of the overall domain name industry.
Twenty-four new gTLDs had malicious registrations, but .xyz saw most of them. APWG said:
Almost two-thirds of the phishing in the new gTLDs — 288 domains — was concentrated in the .XYZ registry. (Of the 335 maliciously registered domains, 274 were in .XYZ.) This is the first example of malicious registrations clustering in one new gTLD, and we are seeing more examples in early 2015.
XYZ.com aggressively promoted cheap or free .xyz names during the period, but APWG said that only four .xyz phishing names were registered via freebie partner Network Solutions.
In fact, APWG found that most of its phishing names were registered via Xin Net and used to attack Chinese brands.
But, normalizing the numbers to take account of different market shares, .xyz shapes up poorly when compared to .com and other TLDs, in terms of maliciously registered domains. APWG said:
XYZ had a phishing-per-10,000-domains score of 3.6, which was just slightly above the average of 3.4 for all TLDs, and lower than .COM’s score of 4.7. Since most phishing domains in .XYZ were fraudulently registered and most in .COM compromised, .XYZ had a significantly higher incidence of malicious domain registrations per 10,000 coming in at 3.4 versus 1.4 for .COM.
APWG said that it expects the amount of phishing to increase in new gTLDs as registries, finding themselves in a crowded marketplace, compete aggressively on price.
It also noted that the amount of non-phishing abuse in new gTLDs is “much higher” than the phishing numbers would suggest:
Tens of thousands of domains in the new gTLDs are being consumed by spammers, and are being blocklisted by providers such as Spamhaus and SURBL. So while relatively few new gTLD domains have been used for phishing, the total number of them being used maliciously is much higher.
The number of maliciously registered domains containing a variation on the targeted brand was more or less flat, up from 6.6% to 6.8%.
APWG found that 84% of all phishing attacks target Chinese brands and Chinese internet users.
The APWG report can be downloaded here.
UPDATE: XYZ.com CEO Daniel Negari responded to the report by pointing out that phishing attacks using .xyz have a much shorter duration compared to other TLDs, including .com.
According to the APWG report, the average uptime of an attack using .xyz is just shy of 12 hours, compared to almost 28 hours in .com. The median uptime was a little over six hours in .xyz, compared to 10 hours in .com.
Negari said that this was due to the registry’s “aggressive detection and takedowns”. He said XYZ has three full-time employees devoted to handling abuse.
Krueger removed as chair as M+M finally starts seeing some revenue
Minds + Machines co-founder Fred Krueger has been kicked out of his job as executive chairman of the company.
The news came as the new gTLD registry reported its first full year of results as a proper, revenue-generating company.
The company reported revenue of $1.9 million for 2014, compared to $56,000 in 2013.
Its report includes a “cash revenue” line of $5 million, to show off revenues that it has deferred to future periods due to standard domain industry accounting.
For accounting purposes, M+M was profitable to the tune of $22 million for the year, but almost none of that is from actually selling domains — $33.7 million of profit came from losing new gTLD auctions.
That’s not a sustainable or predictable part of the business — nobody knows exactly when or if ICANN will launch the next round of new gTLDs — but it did help M+M grow its cash pile to $45.7 million.
That pile may grow or shrink depending on how aggressive the company is in its 11 remaining new gTLD contention set auctions.
CEO Antony Van Couvering said that M+M is also eyeing acquisition opportunities as the new gTLD industry enters an early consolidation phase.
He said that M+M’s early priorities include a focus on selling premium domains that have higher than usual annual renewal fees.
At the same time as announcing its results, the company said Krueger, who founded M+M with Van Couvering in 2009 in anticipation of the new gTLD program, has quit.
While he’s technically resigned, he left no doubt in his unusually frank resignation letter that he’s actually been forced out by the M+M board of directors.
He wrote that the decision was “initiated by the board” and that his “decision” to leave “was unexpected – for me at least”.
He added that he was “OK with it, indeed supportive of it” and that he has no intention to sell off his substantial stake in the company.
Krueger will now focus on Mozart, a web site building software maker that he’s been leading for the last couple of years. M+M has a deal to offer Mozart to its registrants.
He’s been replaced, albeit in a non-executive capacity, by Keith Teare, an existing director.
Teare is a tech veteran perhaps best known in the domain industry for launching and running RealNames, which attempted to replicate AOL Keywords for the Internet Explorer browser at the turn of the century.
Wildly popular Facebook scam attack hits .ninja
Rightside’s .ninja appears to be the victim of a broad, highly effective affiliate marketing scam that targets Indians and exploits Facebook’s trademark.
Today, 11 of the top 12 most-visited .ninja domains are linked to the same attack. Each has an Alexa ranking of under 15,000. They’re all in the top 40 new gTLD domain names by traffic, according to Alexa.
The domains are com-news.ninja, com-finance-news.ninja, com-important-finance-update.ninja, com-important-finance-news.ninja, com-important-update.ninja, com-important-news.ninja, com-important-news-update.ninja, com-finance-now.ninja, com-finance.ninja, com-news-now.ninja and com-personal-finance.ninja.
The domains do not directly infringe any trademarks and appear innocuous enough when visited — they merely redirect to the genuine facebook.com.
However, adding “facebook” at the third level leads users to pages such as this one, which contains a “work at home” scam.
Indian visitors are told that that Facebook will pay them the rupee equivalent of about $250 per day just for posting links to Facebook, under some kind of deal between Bill Gates and Mark Zuckerberg.
It’s all nonsense of course. The page is filled with faked social media quotes and borrowed stock photos.
Not only that, but it uses Facebook’s logo and look-and-feel to make it appear, vaguely, like it’s a genuine Facebook site.
The links in the page all lead to an affiliate marketing campaign that appears, right now, to be misconfigured.
Infringing trademarks at the third level in order to spoof brands is not a new tactic — it’s commonly used in phishing attacks — but this is the first time I’ve seen it deployed so successfully in the new gTLD space.
It would be tricky, maybe impossible, for Facebook to seize the domains using UDRP or have them suspended using URS, given that the second-level domains are clean.
But it seems very probable that the domains are in violation of more than one element of Rightside’s anti-abuse policy, which among other things forbids trademark infringement and impersonation.
Eurovision deploys dot-brand for ludicrous song contest
It isn’t making a song and dance about it, but the European Broadcasting Union is promoting is annual Eurovision Song Contest using its new dot-brand gTLD, .eurovision.
The default registry domain, nic.eurovision, is mirroring its regular web site — found at eurovision.tv — ahead on Friday night’s televised show.
It’s the only domain in the .eurovision zone so far; the EBU does not seem to be properly promoting the dot-brand yet.
That’s a pity for the domain industry, as Eurovision has a TV viewership measured in the hundreds of millions.
For those outside of the EBU’s 40 participating countries… Eurovision is an annual song competition contested by singers from mostly European nations, viewed in the UK largely as an excuse to have a bit of a mildly derisive giggle at our beloved neighbors’ taste in music, dress, culture, language, and so on.
Last year it was won by an Austrian drag queen with a beard. It’s like that, you understand.
The 60th annual televised Eurovision final takes place on Friday Saturday night.
Obama, Apple, cancer and Taylor Swift’s cat top lists of most searched-for .sucks domains
You’ve got to hand it to .sucks registry Vox Populi.
The pricing may be “exploitative” and “predatory”, as the intellectual property community believes, but damn if the the company doesn’t know how to generate headlines.
Vox Pop has just added a new ticker stream to its web site, fingering the 50 most sucky celebrities, politicians, companies, social ills and abstract concepts.
The lists have been compiled from “more than a million” searches for .sucks domains that Vox Pop has seen pass through its system, according to CEO and veteran PR man John Berard.
For some reason, TayloySwiftsCat.sucks is the most searched-for in the “Personalities” category.
I’m guessing this relates to a meme that has yet to reach my isolated, middle-aged, non-country-music-loving corner of the world.
Whatever the cat did to earn this ire, it’s presumably equivalent to what Barack Obama, Apple, cancer and just life generally has done to searchers on the .sucks web site.
Here are the lists of most-searched-for terms, as it stands on the .sucks web site right now.
Top Personalities:
- 1. TaylorSwiftsCat
- 2. JustinBeiber
- 3. KevinSpacey
- 4. Oprah
- 5. KimKardashian
- 6. KayneWest
- 7. GuyFieri
- 8. TomBrady
- 9. DonaldTrump
- 10. OneDirection
Catch Phrases:
- 1. Life
- 2. YourMomma
- 3. This
- 4. Everyone
- 5. MyJob
- 6. MyLife
- 7. Reality
- 8. YouKnowWhat
- 9. Who
- 10. College
Causes:
- 1. Cancer
- 2. Technology
- 3. Obesity
- 4. Racism
- 5. Depression
- 6. Meat
- 7. AIDS
- 8. Hate
- 9. Poverty
- 10. Government
Companies:
- 1. Apple
- 2. Google
- 3. Microsoft
- 4. Facebook
- 5. Comcast
- 6. Walmart
- 7. CocaCola
- 8. McDonalds
- 9. Sony
- 10. Amazon
Politicians:
- 1. Obama
- 2. Hillary
- 3. TedCruz
- 4. RandPaul
- 5. StephenHarper
- 6. Putin
- 7. JebBush
- 8. TonyAbbott
- 9. DavidCameron
- 10. Democrats
Make no mistake, this is a headline-generating exercise by Vox Pop.
It comes as .sucks hits 10 days left on the clock for its $1,999+-a-pop sunrise period.
The company got a shed-load of mainstream media publicity when celebrities, starting with Kevin Spacey, started registering their names in .sucks several weeks ago.
It’s looking to get more headlines now, from lazy journalists and bloggers.
This is one of the first, for which I can only apologize.
Epic new gTLD fail? Gambling site named after new gTLD but doesn’t use it
Online gambling company bwin.party owns the domain name bwin.party but, bafflingly, hasn’t even turned it on.
The company runs PartyPoker and other betting sites and is in the business news today due to a takeover bid from rival 888.
Having just heard the story reported on the TV, I went to check out its web site — this was a significant company which had apparently rebranded to a new gTLD, and I hadn’t heard of it before.
But the domain name bwin.party doesn’t resolve, even though it’s an exact — exact, down to the lower case letters and the dot — match of the company name.
bwin.party actually uses bwinparty.com and bwin.com.
The domain is registered via Com Laude, so I assume it’s a defensive play.
.party is a new gTLD managed by Famous Four Media. It currently has over 134,000 names it its zone, growing by thousands of names per day, strongly suggesting it’s being sold for next to nothing at one or more registrars.
XYZ and Uniregistry acquire .car from Google, launch joint venture
XYZ.com and Uniregistry have launched a joint venture to operate a trio of car-related new gTLDs, after acquiring .car from Google.
Cars Registry Ltd is a new company. It will launch .cars, .car and .auto later this year.
Uniregistry won .cars and .auto at auction last year. Google was the only applicant for .car.
It signed its ICANN contract in January but transferred it to Cars Registry a little under a month ago.
The newly formed venture plans to launch all three TLDs simultaneously in the fourth quarter this year.
.car is currently in pre-delegation testing. The other two are already in the root.
Cars Registry does not have the the car-related domain space completely sewn up, however.
Dominion Enterprises runs .autos, albeit with a plan to launch the TLD with restrictions that may well mean it does not directly compete with the other three TLDs.
Launch details for .cars, .car and .auto have not yet been released.
Judging by the gTLDs’ web site, they will run on the Uniregistry back-end.
Barclays confirms move away from .com to new gTLD
Barclays has become one of the first major companies to explicitly confirm it will dump traditional gTLDs and ccTLDs in favor of its new dot-brands.
The $25 billion-a-year bank said it will “transfer its online assets to proprietary domain names — .barclays and .barclaycard — away from the traditional location-specific .com and .co.uk web addresses.”
The transition is a “long-term” play, but it’s started already, with “non-transactional” parts of its web site already using the two new gTLDs.
Basically, we’ve entered the brochureware phase of the dot-brand evolution.
home.barclays already mirrors barclays.com — both are simultaneously live right now — but the online banking service remains at barclays.co.uk.
In a May 11 press release that seems to have slipped under everyone’s radar last week, Barclays chief security officer Troels Oerting, until a few months ago cyber-crime chief at Europol, said:
The launch of the .barclays and .barclaycard domain names creates a simplified online user experience, making it crystal clear to our customers that they are engaging with a genuine Barclays site.
This clarity, along with the advantages of controlling our own online environment, enables us to provide an even more secure service, which we know is of utmost importance to our customers, and ultimately serves to increase trust and confidence in Barclays’ online entities.
This is precisely what advocates of dot-brands pitched as the benefits of the new gTLD program.
While many applicants stated similar plans in their gTLD applications, I think there’s been a degree of skepticism about whether they would follow through.
Barclays’ moves are happening faster than I expected — the .barclays gTLD was delegated in January — showing a degree of enthusiasm.
The charitable Australian Cancer Research Foundation in February launched sites under its .cancerresearch (not technically a dot-brand), while Hong Kong conglomerate CITIC Group has already experimented with a shift from .com to .citic.
In related news, the non-branded .bank gTLD opened for its sunrise period today.
URS coming to .travel under big contract changes
The .travel gTLD, which was approved 10 years ago, will have to support the Uniform Rapid Suspension service, one of several significant changes proposed for its ICANN contract.
I believe it’s the first legacy gTLD to agree to use URS, which gives trademark owners a way to remove domain names that infringe their marks that is quicker and cheaper than UDRP.
Tralliance, the registry, saw its .travel Registry Agreement expire earlier this month. It’s been extended and the proposed new version, based on the New gTLD Registry Agreement, is now open for public comment.
While the adoption of URS may not have much of a direct impact — .travel is a restricted TLD with fewer than 20,000 names under management — it sets an interesting precedent.
IP interests have a keen interest in having URS cover more than just 2012-round gTLDs. They want it to cover .com, .org, .net and the rest too.
Domain investors, meanwhile, are usually cautious about any changes that tilt the balance of power in favor of big brands.
When .biz, .org and .info came up for renewal in 2013, the Intellectual Property Constituency filed comments asking for URS to be implemented in the new contracts, but the request was not heard.
I’m aware of two ccTLDs — .pw and .us — that voluntarily adopted URS in their zones.
Other changes include a requirement for all .travel registrars, with the exception of those already selling .travel domains, to be signatories of the stricter 2013 Registrar Accreditation Agreement.
That’s something Afilias and Neustar only agreed to put in their .info and .biz contracts if Verisign agrees to the same provisions for .com and .net.
The fees Tralliance pays ICANN have also changed.
It currently pays $10,000 in fixed fees every year and $2 per billable transaction. I estimate this works out at something like $40,000 to $50,000 a year.
The proposed new contract has the same fees as 2012-round new gTLDs — a $25,000 fixed fee and $0.25 per transaction. The transaction fee only kicks in after 50,000 names, however, and that’s volume .travel hasn’t seen in over five years.
Tralliance will probably save itself thousands under the new deal.
The contract public comment forum can be found here.
Recent Comments