Latest news of the domain name industry

Recent Posts

Hackers break .mobi after Whois domain expires

Kevin Murphy, September 12, 2024, Domain Registries

It’s probably a bad idea to let a critical infrastructure domain expire, even if you don’t use it any more, as Identity Digital seems to be discovering this week.

White-hat hackers at WatchTowr today published research showing how they managed to undermine SSL security in the entire .mobi TLD, by registering an expired domain previously used as the registry’s Whois server.

Identity Digital, which now runs .mobi after a series of acquisitions, originally used whois.dotmobiregistry.net for its Whois server, but this later changed to whois.nic.mobi and the original domain expired last December.

WatchTowr spotted this, registered the name, and set up a Whois server there, which went on to receive 2.5 million queries from 135,000 systems in less than a week.

Sources of the queries included security tools such as VirusTotal and URLSCAN, which apparently hadn’t updated the hard-coded Whois URL list in their software, the researchers said.

GoDaddy and Domain.com were among the registrars whose Whois tools were sending queries to the outdated URL, WatchTowr found.

Incredibly, so was Name.com, which is owned by Identity Digital, the actual .mobi registry.

More worryingly, it seems some Certificate Authorities, responsible for issuing the digital certificates that make SSL work, were also using the old Whois address to verify domain ownership.

WatchTowr says it was possible to obtain a cert for microsoft.mobi by providing its own email address in a phony Whois record served up by its bogus Whois server.

“Effectively, we had inadvertently undermined the CA process for the entire .mobi TLD,” the researchers wrote.

They said they would have also been able to send malicious code payloads to vulnerable Whois clients.

While WatchTowr’s research doesn’t mention ICANN, it might be worth noting that the change from whois.dotmobiregistry.net to whois.nic.mobi is very probably a result of .mobi’s transition to a standardized gTLD registry contract, which requires all registries to use the whois.nic.[TLD] format for their Whois servers.

As a pre-2012 gTLD, .mobi did not have this requirement until it signed a new Registry Agreement in 2017. There are still some legacy gTLDs, such as .post, that have not migrated to the new standard URL format.

The WatchTowr research, with a plentiful side order of cockiness, can be read in full here.

China loses over half a million domains

Kevin Murphy, September 6, 2024, Domain Registries

The Chinese ccTLD .cn shrunk by over half a million domains in the first half of the year, according to the latest semiannual report from the local registry.

There were 19,562,007 registered .cn names at the end of June, down from 20,125,764 at the end of 2023, a decline of 563,757 domains, according to the CNNIC report.

Despite the decline, .cn is still the largest ccTLD, ahead of the 17,703,602 that Germany’s DENIC (.de) reported June 30.

The dip is not surprising. Verisign has pointed to weakness in China as a reason .com’s volume has been tumbling in recent quarters.

The fact that .cn is going down too suggests the negative growth is in fact due to macroeconomic factors rather that Chinese .com registrants migrating to their local ccTLD.

Microsoft switches two gTLDs from GoDaddy to Nominet

Kevin Murphy, September 2, 2024, Domain Registries

Microsoft has moved two of its branded gTLDs from GoDaddy’s registry back-end to Nominet’s.

Records show that .skype and .office both recently made the switch.

Microsoft had already moved six TLDs — .azure, .bing, .hotmail, .microsoft, .windows and .xbox — from Verisign to Nominet about a year ago, and .skype and .office mean its whole collection is now on Nominet’s service.

While .office isn’t technically a dot-brand because it does not have a Spec13 exemption in its ICANN contract, it is in use — you can log in to your email and other services, at least for now, via www.office.

.skype, meanwhile, has a handful of domains that work as redirects to skype.com.

ICANN homes in on new gTLD application fee

Kevin Murphy, September 2, 2024, Domain Registries

ICANN has narrowed down the expected application fee for the next round of new gTLDs, and while it’s towards the lower end of previous guidelines, it’s still much higher than in 2012.

The bog-standard base application fee is now expected to be $220,000, according to a draft document circulated by ICANN.

That’s up on the $185,000 applicants paid in 2012, but it’s at the less-pricey end of the $208,000 to $293,000 range ICANN outlined at its meeting in Rwanda this June.

But the base fee is simply to get your foot in the door. It’s accompanied by an à la carte menu of additional services incurring additional fees, some of which were part of the base fee in 2012.

Because the new gTLD program is being run on a cost-recovery basis, the fee is set according to how many applications ICANN expects to receive, which is rather speculative and based largely on anecdotal evidence.

That predicted number is now 1,500, down on the 1,930 actual applications received in 2012.

The $220,000 fee is the lowest up-front fee that applicants would have to pay, and does not include extra payments they would have to make in the event of contention, additional evaluations or objections.

There are 10 different additional fees that could be incurred by applicants, including one that’s new to me — an “Occupancy fee” which the document says is “for lingering applications”.

I can’t help but think that this is an attempt to avoid a repeat of Nameshop, which applied for the banned string .idn in 2012 and continues to refuse to admit defeat, withdraw its application, and get its refund.

The new ICANN document notes that this proposed squatters’ rent is still open to discussion, but other fees, while not given a price tag yet, appear more likely to become a reality.

It seems dot-brand applicants will have to pay extra fees for their Spec9 and Spec13 exemptions, which allow them to work outside the usual registrar channel and allocate names only to themselves.

Applicants for community gTLDs and geographic strings would also pay extra fees.

There’s also the chance that the base fee could go up before the application window opens, depending on the outcome of some still-unconfirmed parts of the application process, such as the mechanism to address name collision risk. This alone could add thousands to each applicant’s bill.

The good news is that if the next round is significantly over-subscribed and ICANN makes back the $70 million it reckons the program cost, it plans to offer rebates to applicants dependent on how much extra cash it has received.

The draft document also includes estimates for the cost of the Registry Service Provider Evaluation Program, which enables RSPs to get the ICANN seal of approval before pitching their services to new gTLD applicants.

Also priced on a cost-recovery basis, this program is still expected to cost a maximum of $92,000 per RSP, with the costs potentially falling if more than 50 RSPs apply to be accredited.

ICANN has a pretty good idea that the roughly 45 companies currently providing back-end registry services for gTLDs will probably use the RSP program. If a large number of startups or ccTLD registries want to get involved too, that would bring the price down.

Four more dot-brands switch back-ends

Kevin Murphy, August 29, 2024, Domain Registries

Four dot-brand gTLDs have recently changed their back-end providers, according to the latest records, three moving away from Verisign.

US insurance company American Family Insurance has moved its .americanfamily and .amfam from Verisign to GoDaddy, as has AARP, a US interest group representing retired people, with .aarp.

Aquarelle.com Group, a French flower delivery company, has meanwhile switched from French ccTLD operator Afnic to London-based CentralNic (which is still Team Internet’s registry brand).

The AmFam moves are notable because while Verisign has for some time been getting out of the dot-brand back-end business, most of its clients have been migrating to Identity Digital.

I count seven gTLDs making the Verisign-GoDaddy switch, compared to 60 going Verisign-Identity Digital over the last couple years. Verisign is now down to a few dozen dot-brands.

The Aquarelle.com move is notable because it’s rare for a dot-brand to use a back-end in a different time zone that predominantly uses a different language, but Team Internet does have a footprint in France and other Francophone countries so it’s perhaps not wholly weird.

Three of the dot-brands are not heavily used — .aarp has three resolving domains that redirect to aarp.org, while .amfam has about 10 names in its zone that do not publicly resolve and .americanfamily has none.

You might infer from the name “Aquarelle.com” that the company is not a big believer in the dot-brand concept, but you’d be surprisingly wrong — .aquarelle has more than 50 domains that resolve to web sites without redirecting to traditional TLDs.

Almost 100,000 .tr domains registered in one day

Kevin Murphy, August 29, 2024, Domain Registries

Türkiye’s ccTLD has seen a massive spike in registrations, experiencing instant growth of about 8%, at the end of its year-long second-level liberalization process.

The .tr space had 1,187,324 domains at the end of yesterday, according to stats published by government-run registry Trabis, up about 91,000 on the previous day.

That’s more that four time’s .com’s daily growth over the same period.

The sudden growth spurt came due to the registry’s allocation of second-level domains that match previously registered third-level domains under several extensions including .com.tr, .org,tr and .info.tr.

The multi-stage grandfathering process latterly prioritized registrants based on which extension their domain was in and ran from February to early August. The registry decided which registrants had made the cut August 27.

The liberalization came about after Trabis took over from previous registry Nic.tr in 2022. The number of .tr domains has almost doubled since then, crossing on million late last year.

Trabis intends to open up the .tr second level to all comers, full general availability, next Wednesday, September 4.

Türkiye follows the likes of the UK, New Zealand and Australia in opening up the second level of their traditionally three-level spaces.

ICANN to terminate five new gTLDs

Kevin Murphy, August 6, 2024, Domain Registries

ICANN is set to terminate the registry contracts for five new gTLDs run by an apparent deadbeat registry.

Asia Green IT System’s agreements for .pars, .shia, .tci, .nowruz and .همراه (.xn--mgbt3dhd) have all been “Escalated to Termination Process” following a July breach notice, according to ICANN’s web site.

The first stage of the termination is mediation, which can be followed by arbitration before the contracts, which were all due to expire next month anyway, finally get torn up.

The escalation was not unexpected. All five gTLDs were migrated to the Emergency Back-End Registry Operator program last month after critical systems failed to function within the contractual requirements.

It is believed that the TLDs stopped functioning properly after AGIT failed to pay its back-end provider. It also allegedly failed to pay its ICANN fees.

The gTLDs in question for the most part were not used. The Iranian new-year-themed .nowruz had a handful of third-party registrations but the others never launched in the decade AGIT was contracted to run them.

.tci is an interesting case, a planned dot-brand that AGIT had intended to operate on behalf of the Telecommunication Company of Iran, the country’s incumbent telco.

US could change .com pricing terms

Kevin Murphy, August 6, 2024, Domain Registries

The US government and Verisign are to enter talks about possible changes to .com pricing.

The National Telecommunications and Information Administration has told the company that it “intends to renew its Agreement with Verisign” but said it welcomed Verisign agreeing to talks that “may include an amendment to the pricing terms”.

The news came in an exchange of letters between NTIA assistant secretary Alan Davidson and Verisign chief Jim Bidzos over the weekend, published last night. Davidson wrote:

NTIA has questions related to pricing in the .com market. We are therefore pleased that Verisign has agreed to discussions regarding .com pricing and the health of the .com ecosystem, including retail and secondary markets. The parties will discuss possible solutions that benefit end-users, both businesses and consumers, and serve the public interest

The Cooperative Agreement between NTIA and Verisign gives the company the right to raise prices by 7% in four of the six years of its term, all of which Verisign exercised in the current run, which ends in a couple months.

The price-rising powers were frozen under Obama administration but reinstated under Trump, giving Verisign masses of extra revenue and huge profit margins, even as .com volume numbers took a prolonged dive.

NTIA’s intervention follows letters from three campaign groups calling .com a “cartel” and inquiries from three Congresspeople.

In response to NTIA’s letter, Bidzos wrote:

We have observed that our capped .com price increases have not always been passed through to benefit end-users and therefore we welcome an opportunity to have this important discussion. We are prepared to consider structures to address this and other issues, including ways to make .com pricing more predictable for the channel as part of it.

It’s clear from this rather tense exchange that the two parties might not exactly see eye-to-eye on their desired outcomes.

Verisign’s position recently has been that .com volumes have been falling in large part because of what Bidzos called the “unregulated retail channel” pumping up prices to increase profit-per-domain over domains under management.

He also pointed out in the company’s most-recent quarterly earnings call that the average price of .coms on the secondary market is $1,600, or 166x the wholesale price.

As some have pointed out, Verisign complaining about profiteering in the channel is the height of chutzpah, given its own mouth-watering margins, which appear to be what it seeks to protect more than anything else.

If Verisign reckons the registrar business is so great, why hasn’t it launched a registrar of its own yet? The company has been legally permitted by the Cooperative Agreement and its ICANN contract to do so for years.

.cv domains now on sale worldwide

Kevin Murphy, August 1, 2024, Domain Registries

Cabo Verde has become the latest nation to market its ccTLD globally based on its meaning in other languages.

The country’s .cv domain is now available via several registrars and recently formed registry entity OlaCV.

A CV is of course shorthand for “curriculum vitae”, what Americans call a résumé, in many countries. OlaCV reckons its addressable market is 3.5 billion people, according to its web site.

OlaCV appears to be a Delaware corporation formed in May last year, shortly before it was awarded the five-year registry contract by Cabo Verde regulator ARME.

You’d be hard-pressed to find any company information on its web site, but OlaCV appears to have its roots in Nigeria, with the ICANN-accredited registrar Go54 (formerly WhoGoHost).

WhoGoHost founder Ope Awoyemi, who has been doing domainer conferences recently, is named as president of the company in a press release today. IANA has the technical contact for .cv as Portuguese ccTLD operator DNS.pt.

Some of the international registrars named on the registry web site do not currently seem to support .cv on their storefronts, and prices vary substantially among those that do carry it.

While OlaCV say prices should be around $10 a year, the only registrar I could find selling in that range was NameSilo. Prices around $70 to $120 seem a lot more common right now.

The registry’s premium pricing strategy is a little different to the usual — domains of six characters and under have premium pricing, regardless of their semantic value.

Cabo Verde is an island nation in West Africa with a population of about half a million. A former colony of Portugal, Portuguese is the main official state language.

Amazon to launch two new gTLDs this month

Kevin Murphy, August 1, 2024, Domain Registries

Amazon Registry is to finally launch two of the gTLDs it has been sitting on for the best part of a decade.

The company expects to take .deal and .now to sunrise later this month, with general availability following in September.

According to information provided by ICANN, sunrise for both runs for a month from August 22, followed immediately by a week-long Early Access Period and general availability at standard pricing September 30.

Both extensions have been in the root since 2016, parts of Amazon’s portfolio of 54 mostly unused gTLDs.

They’re the first English-language strings the company has launched since .bot, which came out with a controlled release in 2018 before loosening its restrictions last year. It has about 14,000 domains.

Similar TLDs to .deal and .now are already available from other registries, which may give clues to their potential.

The plural .deals is part of Identity Digital’s massive portfolio, selling at a $25 wholesale price, but it currently has fewer than 10,000 registrations, having peaked at 11,388 in May 2022.

.now might be the more attractive of the two. The disputed ccTLD for Niue, .nu, means “now” in Swedish and has about 220,000 domains under management.