Latest news of the domain name industry

Recent Posts

Former .co registry defeated in $350 million contract fix case

Kevin Murphy, September 24, 2024, Domain Registries

The Neustar spin-off that once operated the .co TLD reportedly has lost a case against the Colombian government in which it had sought $350 million in damages over the acrimonious renewal of its registry contract.

According to local reports, the International Center for the Settlement of Investment Disputes, part of the World Bank, last week ruled in favor of Colombia on both the merits and on jurisdictional grounds.

The case had been brought in late 2019 by Neustar, which at the time managed some 2.3 million .co domains, under government contract, via a Colombian subsidiary it acquired in 2014.

Neustar has since been acquired by GoDaddy, which continues to run .co, but the ICSID case was inherited by Vercara, the DNS security services arm of the company that GoDaddy didn’t buy.

As .CO Internet, Vercara was hired by Colombia to turn .co into a global alternative to .com with a much-hyped 2010 relaunch. It was very successful, but when it came time to renew the initial 10-year contract, Colombia instead put it out for rebid and started behaving very strangely.

You may recall from coverage here on DI and on The Register that the Colombian tender process seemed to have been specially constructed so that only Afilias, then Neustar’s fiercest rival and now part of Identity Digital, could win.

The government’s RFP had set technical thresholds, such as daily registry transactions, that Afilias could show it met but Neustar could not. It looked naive and arbitrary at best and dodgy at worst.

So Neustar took Colombia to arbitration with ICSID, saying (pdf) the government was in breach of the Trade Promotion Agreement between the US and Colombia.

Neustar ended up winning the contract anyway, albeit on terms that were massively more favorable to the government, and it sold its entire registry services business to GoDaddy days later.

Now, almost five years later, it seems Vercara has lost the case it inherited. While ICSID has not yet published its arbitration panel’s decision, local newspapers have got hold of a copy.

Colombia’s oldest newspaper, El Spectador, reports: “The court, in addition to stating that it does not have jurisdiction to hear Vercara’s claims, rejected all the claims on the merits.”

In unrelated news, Vercara’s recently announced acquisition by DigiCert closed yesterday.

Is this the first Next Round new gTLD contention battle?

Kevin Murphy, September 24, 2024, Domain Registries

It had to happen sooner or later. With a few dozen would-be new gTLD applicants breaking cover over the last year or so, we seem to have our first clash and our first potential 2026-round contention set.

The sought-after contested gTLD is .chain, which now has two announced hopefuls after blockchain-based alternative naming system Freename.io yesterday revealed it wants the string.

“The company intends to apply for .chain, .token, .metaverse and a variety of other gTLDs,” Freename said. “Freename will also submit applications on behalf of third-party customers in this new gTLDs round.”

Freename, if it follows through, is likely to face competition from at least one other applicant, a company called 3DNS, which in June announced plans to apply for .chain and .super.

3DNS has Intercap as its registry partner, while Freename is partnered with registry ShortDot on a joint venture called WebUnited.

Freename already sells blockchain-based names that use .chain as an extension, while 3DNS sells third-level DNS domains under .chain.box that it hopes to upgrade to second-level names should it win the ICANN contest.

In truth, I’d be incredibly surprised if these are the only two companies to apply for .chain, which is a shortened version of “blockchain” and likely to be an attractive string with the whole crypto/”Web3″ crowd.

Under ICANN’s under-development rules, the exact process for resolving contention sets is still up in the air, with more clarity hoped for over the next few months.

ICANN has confirmed that it intends to ban private auctions in the next round, but has also come up with a new second-choice alternate string option that is already causing grumbling in the policy-making community.

Who uses Sunrise nowadays? You might be surprised

Kevin Murphy, September 23, 2024, Domain Registries

Sunrise periods may have been one of the unexpectedly damp squibs of the new gTLD program, but each launching registry is still obliged to run them and they usually attract a hundred or so registrations, some quite surprising.

Amazon’s sunrise periods for .deal and .now closed yesterday, ending with about 160 domains in each, so I thought I’d have a trawl through each zone file to see who’s mad-keen on protecting their trademarks online nowadays.

Excluding registered variants (with and without hyphens, for example), brands under the control of a single parent company, and domains registered to Amazon itself, I’d say there were fewer than 100 actual registrants in each sunrise.

With that in mind, you might expect only the most valuable, most at-risk brands to have participated.

Big tech firms — Meta, Microsoft, Google, Yahoo, Ebay, AOL, Baidu, etc — which are particularly at risk of phishing attacks, have indeed all snapped up names matching some of their famous marks.

Brands that might have a higher risk of counterfeiting, such as fashion and beauty brands like Maison Margiela, L’Occitane, Patagonia, Richard Mille, and Rolex all make an appearance in the zones.

But there are plenty of sunrise registrants whose appearance got me scratching my head.

Perhaps the weirdest registrant is SuperSigns, a sign-maker that appears to operate out of a single location, the size of a typical convenience store, between a Toyota dealership and a Dunkin’ Donuts on a small strip mall in Arizona.

La Famiglia Rana is a brand of ready-made supermarket pasta products that has registered at least three domains in each gTLD during sunrise.

Mars didn’t register mars.now or mars.deal, but its subsidiary did register championpetfoods.now.

CooperVision makes contact lenses and it registered both of its exact matches.

Delsey makes luggage. Danfoss makes electrical components. Nedgia distributes natural gas in Spain. Lechuza makes self-watering plant pots. Invisalign makes dental braces. They all participated in sunrise.

And we all know how mad the Americans are for the sport of polo, which is perhaps why The United States Polo Association chose to snap up uspoloassn.deal before somebody else did.

It’s certainly an eclectic mix, with no readily apparent common theme, but each registrant presumably has its own good reason for buying sunrise matches, even if that reason was simply telling its registrar: “Register everything!”

.now and .deal enter their Early Access Period of general availability today and go to standard pricing at the end of the month.

All the one-character .sk domains to be auctioned

Kevin Murphy, September 20, 2024, Domain Registries

SK-NIC, part of Team Internet, says it plans to auction off all 36 single-character .sk domains over the coming months.

The auction plans also include releasing all the 200-odd two-letter domains that match existing ccTLDs, as well as .com.sk and .net.sk, which have all been registry-reserved to date.

The registry said it plans to hold auctions every two months starting on the 15th and running for seven days, starting in November.

There will be a trademark priority phase first, running from October 1 to October 14, in which trademark owners can apply for their matching domain for €300. If successful, the domain will cost them €3,000 ($3,348) or more if a contested mark has to be auctioned.

Opening bids for the regular auctions will start at €1,000 for two-char names, €1,500 for the 26 one-letter domains, and €2,000 for everything else, SK-NIC says.

The domains to be sold — I count 277 — are listed here (pdf). They’re all either one-character or matches for existing TLDs, but sk.sk is not on the list.

.sk is of course the ccTLD for Slovakia, but it’s owned from the UK following CentralNic’s acquisition of SK-NIC and has no local presence requirements. There are over 471,000 registered domains today, according to the registry.

Straggler gTLD signs first ICANN contract for years

Kevin Murphy, September 20, 2024, Domain Registries

One of the outstanding contested gTLDs from the 2012 application round looks set to be delegated finally, after the winning bidder signed its Registry Agreement with ICANN.

Merck Registry Holdings Inc is now the officially contracted registry for .merck, and it appears the intent is to be a dot-brand jointly controlled by two unaffiliated chemical companies of the same name.

An American company and a German company, both called Merck and with common roots that were severed during World War I, now seem set to have equal ownership rights to .merck, after over a decade of legal wrangling.

Both companies applied for .merck, and according to the ICANN process the American one won because the German one withdrew its application.

However, the winning application was amended in 2021 to say that the registry intends to transfer its contract to a newly formed UK company called MM Domain Holdco Ltd.

Company records indicate that this shell firm is a 50:50 joint venture of the two Mercks, with over a million dollars cash in the bank.

It seems that the two firms intend to share the gTLD, and run it as a dot-brand for both of their benefit, which is pretty rare.

GoDaddy likely to win relaxed .xxx deal

Kevin Murphy, September 19, 2024, Domain Registries

GoDaddy seems set to get a renewed and relaxed .xxx registry contract, after ICANN dismissed the concerns of critics of the deal.

In a much-delayed analysis of submissions to a recent public comment period, Org indicated that it is in favor of GoDaddy, via subsidiary ICM Registry, migrating to a Registry Agreement much more in line with sister gTLDs .porn, .adult and .sex.

That would mean an end to the “sponsored” status of .xxx, removing the largely pointless restrictions and streamlining the registration process, and the dissolution of IFFOR, the nominal sponsor, which was criticized by one commenter as a toothless “gravy train”.

Only nine comments were received, and views were mixed, but where commenters were critical of the proposed deal ICANN has stood firm.

Notably, Org dismissed the idea that a public comment period on a Registry Agreement renewal is an appropriate forum to question whether a signatory to that Registry Agreement has historically complied with its terms.

At least two commenters had raised issues, some of which I have reported, about whether ICM had stuck to promises related to funding IFFOR and whether IFFOR had stuck to promises to issue cash grants to worthy causes.

Commenters also said that ICM has already stopped verifying the identities of registrants in its made-up “sponsored community”, which would have enabled it to more easily tackle repeatedly abusive registrants.

But ICANN doesn’t think that kind of thing — which it files under “Misconceptions, assumptions, and allegations and claims” — is suitable for discussion in Public Comments.

“If there are concerns regarding ICM’s compliance with the .XXX RA, such concerns (if any) should be raised with ICANN Compliance for investigation and are considered outside of the scope of this Public Comment proceeding,” the analysis reads.

There’s also no need to replace ICM’s sponsorship commitments with Public Interest Commitments along the lines of those found in most post-2012 gTLDs, according to the Org analysis.

“ICANN has not identified a need to add further, new obligations for the operation of .XXX or to treat .XXX differently than other adult-themed gTLDs, particularly in light of the similar PICs that the .ADULT, .PORN, and .SEX gTLDs have utilized for approximately the last decade,” it reads.

The .xxx agreement was due to expire in early 2021, but its term has been repeatedly extended as negotiations continued behind the scenes. Likewise, the public comment analysis was originally due to be published in late May but was repeatedly delayed.

It’s now up to ICANN’s board of directors, which has already been briefed on the analysis contents, to approve the renegotiated deal.

Tonkin promoted to CEO at auDA

Kevin Murphy, September 19, 2024, Domain Registries

Australian ccTLD overseer auDA has appointed industry veteran Bruce Tonkin to CEO.

It’s an internal promotion; Tonkin has been chief operating officer at auDA since 2018.

He’s replacing Rosemary Sinclair, who intends to leave at the end of the year.

Tonkin was formerly chief strategy officer of Melbourne IT, one of the very first batch of registrars accredited by ICANN a quarter-century ago. It’s now part of Webcentral, though the brand was resurrected a couple years ago.

He also spent nine years on the ICANN board of directors.

.my global relaunch starts slowly despite cheapo prices

Kevin Murphy, September 16, 2024, Domain Registries

Malaysia’s .my ccTLD has so far failed to attract the hoped-for thousands of new registrations since it relaunched to a global audience a few months ago, according to registry statistics.

MYNIC puts the total number of .my domains, including third-levels under the likes of .com.my and .biz.my, at 313,588 at the end of August, barely 3,500 above the end of May number.

Second-level domains directly under .my grew by about 3,000 over the same period to end August at 149,273.

June was when .my was due to go to general availability with scrapped local presence restrictions and a worldwide registrar channel under partnership with Internet Naming Co and Tucows.

Previously, .my domains were only available to Malaysia-based entities. Third-level domains continue to be available only to Malaysians.

MYNIC told the local Malaysian press in April, before the global launch was announced, that it hoped to hit the 400,000-domains mark by the end of the year. Its best monthly number so far was about 341,000, back in June 2018.

There’s not a great deal of retail registrar coverage outside of Asia right now, judging by the registry’s web site, but those registrars actually selling it are selling it cheap — around the $2 mark for the first year at Spaceship and Namecheap.

Hackers break .mobi after Whois domain expires

Kevin Murphy, September 12, 2024, Domain Registries

It’s probably a bad idea to let a critical infrastructure domain expire, even if you don’t use it any more, as Identity Digital seems to be discovering this week.

White-hat hackers at WatchTowr today published research showing how they managed to undermine SSL security in the entire .mobi TLD, by registering an expired domain previously used as the registry’s Whois server.

Identity Digital, which now runs .mobi after a series of acquisitions, originally used whois.dotmobiregistry.net for its Whois server, but this later changed to whois.nic.mobi and the original domain expired last December.

WatchTowr spotted this, registered the name, and set up a Whois server there, which went on to receive 2.5 million queries from 135,000 systems in less than a week.

Sources of the queries included security tools such as VirusTotal and URLSCAN, which apparently hadn’t updated the hard-coded Whois URL list in their software, the researchers said.

GoDaddy and Domain.com were among the registrars whose Whois tools were sending queries to the outdated URL, WatchTowr found.

Incredibly, so was Name.com, which is owned by Identity Digital, the actual .mobi registry.

More worryingly, it seems some Certificate Authorities, responsible for issuing the digital certificates that make SSL work, were also using the old Whois address to verify domain ownership.

WatchTowr says it was possible to obtain a cert for microsoft.mobi by providing its own email address in a phony Whois record served up by its bogus Whois server.

“Effectively, we had inadvertently undermined the CA process for the entire .mobi TLD,” the researchers wrote.

They said they would have also been able to send malicious code payloads to vulnerable Whois clients.

While WatchTowr’s research doesn’t mention ICANN, it might be worth noting that the change from whois.dotmobiregistry.net to whois.nic.mobi is very probably a result of .mobi’s transition to a standardized gTLD registry contract, which requires all registries to use the whois.nic.[TLD] format for their Whois servers.

As a pre-2012 gTLD, .mobi did not have this requirement until it signed a new Registry Agreement in 2017. There are still some legacy gTLDs, such as .post, that have not migrated to the new standard URL format.

The WatchTowr research, with a plentiful side order of cockiness, can be read in full here.

China loses over half a million domains

Kevin Murphy, September 6, 2024, Domain Registries

The Chinese ccTLD .cn shrunk by over half a million domains in the first half of the year, according to the latest semiannual report from the local registry.

There were 19,562,007 registered .cn names at the end of June, down from 20,125,764 at the end of 2023, a decline of 563,757 domains, according to the CNNIC report.

Despite the decline, .cn is still the largest ccTLD, ahead of the 17,703,602 that Germany’s DENIC (.de) reported June 30.

The dip is not surprising. Verisign has pointed to weakness in China as a reason .com’s volume has been tumbling in recent quarters.

The fact that .cn is going down too suggests the negative growth is in fact due to macroeconomic factors rather that Chinese .com registrants migrating to their local ccTLD.