Russian registry hit with second breach notice after downtime

ICANN has issued another breach notice against the registry for .gdn, which seems to be suffering technical problems and isn’t up-to-date on its bills.

Navigation-Information Systems seems to have experienced about 36 hours of Whois/RDDS downtime starting from April 22, and is past due with its quarterly ICANN fees, according to the notice.

Contractually, if ICANN’s probes detect downtime of Whois more than 24 hours per week, that’s enough to trigger emergency measures, allowing ICANN to migrate the TLD to an Emergency Back-End Registry Operator.

Today, the registry’s web site hasn’t resolved for me in several hours, timing out instead, suggesting serious technical problems. Other non-registry .gdn web sites seem to work just fine.

NIS seems to be a Russian company — although most ICANN records give addresses in Dubai and Toronto — so it might be tempting to speculate that its troubles might be a result of some kind of cyber-war related to the Ukraine invasion.

But it’s not the first time this has happened by a long shot.

The company experienced a pretty much identical problem twice a year earlier, and it seems to have happened in 2018 and 2019 also.

NIS just can’t seem to keep its Whois up.

According to the breach notice, whenever Compliance manages to reach the registry’s 24/7 emergency contact they’re told he/she can’t help.

ICANN has given the registry until May 29 to fix its systems and pay up, or risk termination.

.gdn was originally applied for as something related to satellites, but it launched as an open generic that attracted over 300,000 registrations, mostly via disgraced registrar AlpNames, earning it a leading position in spam blocklists. Today, it has around 11,000 names under management, mostly via a Dubai registrar that seems to deal purely in .gdn names.

Two countries could lose registrar competition after breach notices

ICANN has issued breach-of-contract notices to two small registrars, potentially reducing the number of accredited registrars in two countries to just one.

It’s sent notices to Tecnologia, Desarrollo Y Mercado S de RL de CV, one of two accredited registrars based in Honduras, and to Innovadeus, one of only two in Bangladesh.

In the former case, ICANN claims TDM has failed to respond to abuse reports and has been generally sluggish and reluctant to cooperate with Compliance requests.

In the case of Innovadeus, it claims the registrar — which records show has lost almost all of its domains under management in the last couple of years — has failed to pay its accreditation fees.

TDM has been told to shape up by May 27. Innovadeus has been given until May 26 to pay up. Failure in either case could mean termination.

Neustar now linked to scandal in the Catholic church

Neustar is having a bummer of a year for getting involved in major political scandals.

First, its execs were linked to allegations of an attempt to show Donald Trump was involved in “collusion” with Russia, and now it’s found itself in the middle of a corruption slash child sex abuse scandal in the Catholic Church.

There don’t appear to be any concrete allegations of wrongdoing by Neustar in the latest case, which involves a lot of mud-slinging between two elderly, bickering, controversy-wracked priests.

Rather, a senior church figure previously convicted and jailed and then cleared of child sex abuse is accusing an old rival currently standing trial on corruption charges of failing to explain money transfers that were said to be destined for Neustar.

George Pell is an Australian cardinal, the country’s most senior Catholic authority figure, who was very publicly convicted of child sex abuse offenses in 2018. His convictions were later overturned on appeal by the High Court of Australia.

Angelo Becciu is an Italian cardinal who, according to the religious press, served as the Pope’s de facto “chief of staff” until he was accused by the Vatican of embezzlement and corruption related to real estate investments last year.

Claims by Pell’s supporters have reportedly circulated in the Italian press for years that Becciu had sent church money to Australia in order to negatively influence Pell’s trial. The two men apparently don’t get on.

The reports even triggered a probe, which found nothing, by Australian regulators into a then-unnamed tech company.

But Becciu testified before a Vatican court last week that the AUD 2.3 million ($1.6 million) Pell has raised questions over was in fact used to pay Neustar Australia for operation of the .catholic gTLD in 2017 and 2018.

He said that Pell himself had authorized the payments, in a 2015 letter.

The Vatican had originally hired ARI/AusRegistry to be its registry partner for .catholic — which has never actually been used — but it had been acquired by Neustar by the time of the contested payments. Neustar’s registry is now owned by GoDaddy, which manages .catholic.

Following Becciu’s testimony, Pell issued a statement calling his story “incomplete” and saying:

My interest is focussed on four payments with a value of AUD 2.3 million made by the Secretariat of State in 2017 and 2018 to Neustar Australia, two of which with a value of AUD 1.236 million were authorised by Monsignor Becciu on 17/5/2017 and 6/6/2018. Obviously, these are different payments from those of 11/9/2015 which I allegedly authorised. What was the purpose? Where did the money go after Neustar?

The word “after” in that final sentence is certainly suggestive, but Pell did not elaborate.

Gee, thanks. auDA cuts price of .au names by five cents

Australian ccTLD registry auDA has cut the wholesale price of .au domains by a measly five cents, according to local reports.

Aussie domainer blog Domainer reports that registry back-end provider Afilias, owned by Donuts, has notified registrars that the price is coming down to AUD 7.83 ($5.56), from AUD 7.88, not including sales tax.

The cut kicks in June 1 and effects all new registrations, renewals and transfers.

With about 3.6 million .au domains under management, that amounts to $180,000 a year out of the registry’s pocket, but the price reduction obviously won’t be noticeable for any but the most prolific domain collector.

A sign of things to come? Verisign slashes outlook in post-pandemic slowdown

Verisign is warning that its business is going to grow slower than expected in 2022, due to the after-effects of the pandemic and general economic conditions.

The registry tonight reported first-quarter revenue of $347 million, up 7% on the comparable period a year ago, after raising its .com prices 7% last year.

But the company has slashed its sales estimates for the year.

CEO Jim Bidzos told analysts this evening that the company and its registrars have started to see a post-pandemic slowdown in sales, exacerbated by other unspecified “macro-economic factors”.

“Incremental demand for new registrations that grew during the pandemic is subsiding,” Bidzos said.

Many domain companies, including Verisign, saw growth spikes during the pre-vaccine pandemic, when many small businesses moved to online sales to stay afloat during recurring lockdown restrictions.

But that’s all over now, and the economic fallout most of us are feeling seems to also be affecting domain sales.

The company said its net income for the first quarter was $158 million, up from $150 a year ago. Its operating margin slipped a little, however, from an enormous 65% to an enormous 64.8%.

Verisign ended the quarter with 161.3 million .com domains and 13.4 million .net domains under management, up 4% combined at 174.7 million.

The renewal rate for .com and .net domains was estimated at 74.8%, up from 73.5% a year ago.

The company expects its domain base to grow between 1.75% and 3.5% this year. That’s down quite significantly from its February estimate of growth between 2.5% and 4.5%.

It added 10.1 million new names in the quarter, compared to 10.6 million in Q4 and 11.1 million in Q1 last year.

While Bidzos did not drill very deep into the other factors contributing to his pessimistic outlook, he did say that the war in Ukraine was not a factor. Sales in Ukraine, Russia and Belarus are “not material”, he said.

I suspect what we’re looking at here is probably related to what the media here in the UK is calling the “cost of living crisis”, which is seeing the price of staples such as food and energy skyrocket and many people cut back on luxuries as a result.

UPDATE: This article was updated July 28, 2022 to correct the number of .net registrations from 13.1 million to 13.4 million.

CentralNic sees 51% growth in Q1

CentralNic says it expects to report first-quarter growth of 51% and that its 2022 performance is likely to exceed expectations.

The company, which acts as registry and registrar but now makes most of its money from domain monetization, said it expects Q1 revenue to come in at about $156 million, with and adjusted EBITDA of about 18 million.

The gains are largely driven by its online marketing segment, CentralNic said in a statement to the markets this morning.

The company said in January that its 2021 annual revenue growth was 37%.

Ukraine won’t delete domains until war is over

Hostmaster, the Ukrainian ccTLD registry, has indefinitely paused domain deletions due to the ongoing war with Russian.

The company said its domain redemption period, which usually lasts 30 days after a registration expires, will now run until the end of martial law, which was brought in by the government shortly after the invasion.

The registry had previously, and perhaps optimistically, extended the window to 60 days. But the war continues, and many registrants are still unable to renew their names.

Since the first extension, registrars have already recovered over 300 names that were not renewed in time, Hostmaster said.

The price to restore an expired .ua name is the same as a renewal, the registry said.

Vox Pop defends its favorite cybersquatter

The .sucks registry, Vox Populi has complained to ICANN about the fact that its biggest customer keeps losing cybersquatting cases.

In its submission to ICANN’s recently closed public comment period on UDRP reform, Vox Pop bemoans the fact that panels keep finding that Honey Salt, a shell company based in a tax haven, isn’t really engaging in non-commercial free speech.

Honey Salt was the registrant of thousands of .sucks domains, all matching famous trademarks, that redirected visitors to a wiki-style gripe site, populated with content scraped from third-parties, at Everything.sucks.

After a long series of lost UDRP cases, Honey Salt started allowing its domains to expire and zone files suggest only a couple hundred or so remain today.

Neither Honey Salt nor Everything.sucks responded to ICANN’s public comment period, which was seeking input on possible changes to UDRP.

But Vox Pop did on their behalf, complaining bitterly that “forum shopping and bias obstruct free speech” and citing mostly Honey Salt’s lost UDRP cases to evidence its arguments:

Despite 4(c)(iii) of the UDRP stating “noncommercial or fair use” is legitimate use of a domain name – numerous UDRP decisions contradict the Policy’s express recognition of fair use and free speech rights in favor of trademark owners. Several recent UDRP decisions have jeopardized free speech rights for all domain name registrants because of the lack of guidance from ICANN and/or a misapplication of free speech rights and/or bias as it relates to criticism sites.

Honey Salt had consistently argued, UDRP decisions show, that Everything.sucks was non-commercial free speech and as such was not cybersquatting under UDRP precedent and WIPO guidance.

But panels repeatedly pointed out that Everything.sucks was in fact commercial.

At first, the site hosted banners linking directly to sales landers for the domains in question — basically asking the brand owners or others to fork out hundreds or thousands of dollars to claim their matching domains.

When panelists got wise to that, the site started instead publishing the transfer authorization codes for the domains in question, so literally anyone could initiate a transfer and take ownership of the name without even asking Honey Salt’s permission — if they were willing to pay the transfer fee.

Everything.sucks and Honey Salt would not have benefited financially from these transfer fees, which often were thousands of dollars, but Vox Pop, and sometimes its registrar sister company Rebel, which sells .sucks names at cost, would.

Everything.sucks has removed the AuthCodes, but in the most-recent .sucks UDRP case Eutelsat v Honey Salt, the panel called the AuthCode scheme “little more than a ruse to generate registration fees in the thousands of dollars range”.

Vox Pop is now complaining to ICANN, I’m guessing with a straight face, that transfer fees are ICANN-mandated and therefore registrants cannot be blamed if registrars charge for transfers:

The panelist, in an unfounded grasp, used the ICANN-mandated transfer fee, charged by the registrar as rationale to find commercial use by the registrant and hence bad faith by the registrant. Other UDRP panels have similarly disingenuously blamed registrants for ICANN-mandated transfer and renewal fees imposed by registrars; panelists argue that the ICANN-mandated transfer is bad faith even though the registrant has no say or participation.

It’s an incredibly ballsy complaint by Vox Pop, given that it is Vox Pop, as the registry, that sets the price for transfers and renewals in .sucks, and that it is Vox Pop, as the Eutelsat panel noted, that has flagged many trademarks as “premium”-tier names that costs thousands of dollars to transfer and renew.

Vox also argues that it is possible for trademark-owners to “forum shop” between the various UDRP providers, in the hope of finding a panel more favorable to intellectual property interests over free speech rights.

It’s certainly not the only ICANN commenter to make this point, but it’s a pretty thin argument in the case of Honey Salt and .sucks.

Vox argues that WIPO repeatedly favors IP rights over free speech rights, and the outcome of Honey Salt’s UDRP cases may indicate why it holds that view.

Of the 20-odd UDRP cases Honey Salt has defended, most were filed with WIPO and all those filed with WIPO resulted in a complainant win. Three were filed with the National Arbitration Forum and three were filed with the Czech Arbitration Court.

The only case Honey Salt won on the merits was Miraplex v Honey Salt, one of the first cases, filed with the Czech Arbitration Court. That panel bought the defense that Everything.sucks was non-commercial free speech.

But one of the panelists in that case later sat on another Czech Arbitration Court case, Cargotec v Honey Salt, which decided in favor of the complaint. The same guy ruling two different ways on almost identical facts does not suggest panelist bias.

While at least one UDRP panel has suggested Honey Salt is just a front for the .sucks registry, Vox Populi has previously denied any connection exists.

GoDaddy and XYZ sign away rights after UNR’s crypto gambit

ICANN has started asking registries to formally sign away ownership rights to their gTLDs when they acquire them from other registries.

GoDaddy and XYZ.com both had to agree that they don’t “own” their newly acquired strings before ICANN would agree to transfer them from portfolio UNR, which auctioned off its 23 gTLD contracts a year ago.

GoDaddy bought .photo and .blackfriday for undisclosed sums in the auction, it emerged last week. XYZ bought 10 others and newcomer Dot Hip Hop bought .hiphop.

All three transfers were signed off March 10 (though GoDaddy’s were inexplicably not published by ICANN until last Thursday, when much of Christendom was winding down for a long weekend) and all three contain this new language:

The Parties hereby acknowledge that, notwithstanding anything to the contrary in any marketing or auction materials, documentation or communications issued by Assignor or any other agreements between the Parties or otherwise, nothing in the Registry Agreement(s) or in any other agreements between Assignor and Assignee have established or granted to Assignor any property or ownership rights or interest in or to the TLDs or the letters, words, symbols or other characters making up the TLDs’ strings and that Assignee is not being granted any property or ownership rights or interest in or to the TLDs or the letters, words, symbols or other characters making up the TLDs’ strings.

The Parties represent that they understand the scope of ICANN’s Consent, which: (A) does not grant Assignee any actual or purported property or ownership rights or interest in or two the TLDs or the letters, words, symbols or other characters making up the TLDs’s strings; (B) is solely binding and applicable to the assignment of rights and obligations pursuant to the Registry Agreement(s); (C) solely relates to the operation of the TLDs in the Domain Name System as specified in the applicable Registry Agreement(s); and (D) does not convey any rights to the letters, words or symbols making up the TLD string for use outside the Domain Name System.

The TL;DR of this? Registries don’t “own” their gTLDs, ICANN just allows them to use the strings.

The new language is in there because UNR’s auction had offered, as a bonus, ownership of matching non-fungible token “domains” on the blockchain-based alt-root Ethereum Name Service.

Alt-roots arguably present an existential threat to ICANN and a risk to the interoperability of the internet, so ICANN delayed authorization of its approvals for many months while it tried to figure out the legalities.

Dot Hip Hop, for one, has said it couldn’t care less about the Ethereum NFT, and has had it deleted.

Separately, the .ruhr contract has been transferred from regiodot to fellow German geo-TLD operator DotSaarland, a subsidiary of London-based CentralNic, which announced the acquisition in February.

This assignment agreement was signed March 31 — after GoDaddy’s and XYZ’s — and does not include the new ownership waiver language, suggesting that it’s unique to UNR’s auction winners.

However, the friction between blockchain alt-roots is likely to be an issue when the next new gTLD application round opens.

It’s being said that a great many “TLDs” are being registered on various blockchains specifically in order to interfere with matching ICANN applications, and that blockchain fans are attempting to delay the next round to give their own projects more time to take root.

GoDaddy’s two acquisitions bring the total known outcomes of UNR’s auctions to 13 out of 23 gTLDs. At least four more are being processed by ICANN, according to a now month-old statement.

Verisign wipes free TLDs from the world stats

The number of domain names registered globally dropped by over 25 million in the first quarter, but only because Verisign has stopped tracking .tk and its free sister ccTLDs in its quarterly estimates.

The latest Domain Name Industry Brief says that 2021 ended with 341.7 million registrations across all TLDs, substantially fewer that the 367.3 million it reported at the end of the third quarter.

But this is only because Verisign has decided to no longer count the six Pacific and African ccTLDs managed by Freenom, notably .tk, which had contributed 24.7 million names to the Q3 tally.

The report says: “the .tk, .cf, .ga, .gq and .ml ccTLDs have been excluded from all applicable calculations, due to an unexplained change in estimates for the .tk zone size and lack of verification from the registry operator for these TLDs.”

It sounds rather like there’s been another weird fluctuation in .tk’s numbers that threw off the overall trend picture again, and Verisign’s basically said “to hell with it” and decided to exclude Freenom from its reports from now on.

This means the normalized numbers for Q4 2021 — ignoring Freenom in all applicable quarters — are 341.7 million, up 3.3 million or 1.0% sequentially and up 1.6 million or 0.5% year over year, the DNIB states.

The Freenom business model is to give domains away for free, mostly, in the first instance. It makes its money by retaining and monetizing domains that either expire or, frequently, which it suspends for abuse.

.tk domains never get deleted, in other words, so counting them alongside TLDs with the industry-standard business model could give a misleading impression of the global demand for domain names.

It’s not so much that counting spam domains is bad — every TLD has a spam problem to a greater or lesser extent — but the lack of deletions can create faulty assumptions.

It’s also never been clear how Verisign and its third-party researcher, ZookNic, acquires its data on Freenom TLDs. Its .tk figure would often remain static for quarters on end, suggesting the data was only sporadically available.

I also tracked .tk’s published numbers independently for many years, and the last figure I have, from March 2019, is 41.3 million. It’s never been clear to me why the Verisign/ZookNic number has always been so much lower.

Verisign has always flagged up any oddities caused by .tk in its DNIB, and every edition has contained a footnote describing Freenom’s unusual practices.

The latest DNIB (pdf) says that .com had 160 million names, up 1.2 million, and .net had 13.4 million, down about 100,000, compared to Q3.

ccTLDs overall had 127.4 million, up about 700,000, a 0.6% sequential increase.

The ccTLD number was down by 5.3 million, or 4.0%, compared to the end of 2020, but that was due to a 9.4 million-name deletion by China’s .cn, which I noted in the second quarter and which Verisign calls a “registry-implemented zone reduction”.

Ignoring China, ccTLD names were up 4.1 million or 3.8%, the DNIB says.

Verisign only breaks out the top 10 ccTLDs separately, so the removal of .tk means that Australia’s .au is now in the top 10 list in tenth place with 3.4 million at the end of Q4. It will likely move up the ranks in the first quarter due to the release of second-level names, which has sped up its growth rate.

France’s .fr, with 3.9 million names, has now entered the overall top 10 TLDs due to .tk’s removal.

New gTLDs grew by 1.2 million names or 5.1% sequentially, but were down by pretty much the same amount annually, ending 2021 with 24.7 million names.