Latest news of the domain name industry

Recent Posts

Freenom shuts down 12.6 million domains — report

Kevin Murphy, March 18, 2024, Domain Registries

Dying free-domains registry Freenom has shut down at least 12.6 million domains across three of its TLDs, according to research from Netcraft.

Netcraft’s latest web server survey shows that the domains — across .tk, .cf and .gq — no longer resolve, according to the company.

That’s 98.7% of the resolving domains Freenom had a month earlier, Netcraft said.

Freenom, also known as OpenTLD, said in February that it was to exit the domains business entirely as part of its settlement with Facebook owner Meta, which had sued it for alleged cybersquatting.

It had already lost its ICANN registrar accreditation and its government contracts to run its portfolio of ccTLDs.

The company’s business model was to offer most domains for free and then monetize them when the registrations expired or were suspended for abuse. It attracted a lot of abusive registrants.

Interestingly, Netcraft notes that the deletions meant that Cloudflare saw a 22% drop in its total hosted domains (with Cloudflare acting as host, not registrar) over the month.

Microsoft moving its cloud apps from .com to .microsoft

Kevin Murphy, March 15, 2024, Domain Registries

Microsoft is planning to move all of its Microsoft 365 apps off a multitude of .com domains and consolidate them all under .microsoft, its dot-brand gTLD.

The company says it will move Teams, Outlook, and Microsoft 365 web apps to the cloud.microsoft domain. They currently use domains such as outlook.office.com, teams.microsoft.com and microsoft365.com.

It first announced the move in April last year and this week reminded developers of apps that use its cloud platform that they need to support the new domain.

Explaining the move to the dot-brand last year, the company wrote:

Consolidating authenticated user-facing Microsoft 365 experiences onto a single domain will benefit customers in several ways. For end users, it will streamline the overall experience by reducing sign-in prompts, redirects, and delays when navigating across apps. For admins, it will drastically reduce the complexity of the allow-lists required to help your tenant stay secure while enabling users to access the apps and services they need to do their work.

Microsoft plans to launch the teams.cloud.microsoft domain in June but run the two domain schemes in parallel for a while, so as to not unnecessarily break apps in its developer ecosystem.

It’s not going to dump microsoft.com altogether, saying that it plans to use it for “non-product experiences such as marketing, support, and e-commerce.”

The cloud.microsoft domain is already one of the more visible dot-brand names out there, ranking in the top 20 most-visited, according to Majestic rankings.

Hat tip: The Register.

Cosmetics brand terminates its gTLD

Kevin Murphy, March 13, 2024, Domain Registries

Brazilian cosmetics maker Natura has become the latest new gTLD operator to tell ICANN to terminate its dot-brand contract.

The company said it is “no longer interested” in operating .natura, and ICANN has agreed to end the Registry Agreement.

Natura was not using the domain beyond the mandatory nic.natura, but my records show that it did start experimenting with usage about five years ago.

A handful of domains, including global.natura, app.natura and innovationchallenge.natura were active and resolved to full-content web sites, but these were all shut off at the end of 2023.

The move comes at a time when Natura has been in a cost-cutting drive, divesting various assets and de-listing itself from the New York Stock Exchange.

The string “natura” is a dictionary word in some languages, meaning “nature” in Italian for example, so it could feasibly be applied for in future new gTLD program rounds.

Up to 70 jobs on the line at Nominet as .uk regs dwindle

Kevin Murphy, March 13, 2024, Domain Registries

Nominet plans to lay off as many as 70 employees to cut costs, and is preparing for a .uk price increase, after years of dwindling domain registrations and the loss of a major government contract.

CEO Paul Fletcher told members yesterday that it won’t be providing the UK government with its Protective DNS recursive DNS service, PDNS, after its contract ends later this year. He implied that the government has selected a cheaper competitor to replace it, without giving details.

The deal was with the UK National Cyber Security Centre, and saw Nominet resolve half a trillion DNS queries a year for central government and other public services.

Nominet had been banking on this “cyber” business to bolster revenue in the face of “static or reduced demand for domains”, but the contract loss means some serious belt-tightening is in order, Fletcher indicated.

In its last financial year, Nominet said its cyber business had revenue of £12.6 million but had a loss of £2.4 million

“The changes that we are proposing to give us a sustainable cost base mean that up to 70 of our current roles could be made redundant,” he told members in an email. “While this would be partially offset by some redeployment opportunities, our overall headcount will reduce.”

He added that members should expect the price of .uk domains to increase in future, without giving a timetable.

“Our pricing will remain at current level of £3.90 until at least the end of the year, extending the freeze in place since 2021,” he wrote, but added that lower volume means “prices cannot be held at the level set in January 2020 indefinitely.”

Nominet had 10,688,932 .uk domains under management at the end of January, down from 11,045,559 a year earlier (a loss of almost a thousand domains a day) and its 2019 peak of 13,348,378.

Fletcher also delivered the news that one of its longest-serving staffers, registry managing director Eleanor Bradley, will leave the company later this year.

Finally, he said the company has successfully challenged a default court judgment (pdf) ordering it to repay a member’s subscription fees, a ruling that had been put forward as proof that Nominet has been breaking the law by charging membership fees for the last quarter-century.

Fletcher said the judgment came because Nominet had no idea it had been sued, adding: “On 31 January, we successfully applied to have the default judgment set aside in the County Court, having made every effort to avoid unnecessary, costly and time-consuming court proceedings. This ruling, which the claimant is appealing, allows us to defend the original claim.”

The lawsuit came as part of a campaign operated at WeightedVoting.uk that seeks to prove Nominet’s membership and voting structure is illegal.

GoDaddy to start selling graphic.design domains

In an unusual diversification into third-level domains, GoDaddy Registry seems to be planning to sell names under .graphic.design.

The company filed a request with the Public Suffix List yesterday, asking for the domain to be included on the list, so it will be recognized around the internet as a space where third-level names are registerable.

“GoDaddy Registry will be opening graphic.design to individual registrations, through a global network of authorised Registrars, similar to a standard open gTLD,” the request states.

“This inclusion in the PSL is to ensure the correct operation of the zone as an open TLD, such that providers including website, email and Certificate Authorities recognise the individual ownership of the registered domains within the graphic.design DNS zone,” it says.

The request goes on to say the company expects “5,000 to 10,000+” domains to be registered there.

The PSL is used widely by software such as browsers to determine ownership of domains for security purposes, allowing them to recognize, for example, that example1.graphic.design and example2.graphic.design are two different sites with potentially two different owners.

Registries launching third-level spaces is unusual but not unheard of. It happens much more often in the ccTLD space, where some countries have a baffling number of third-level options. In the gTLD space, the trend if anything is in the opposite direction, with third-levels being de-emphasized in favor of second-levels.

GoDaddy acquired .design from Top Level Design in 2021, a part of its massive expansion in the registry business. It’s not doing badly as new gTLDs go, with about 119,000 domains under management at the last count.

Police .uk domain takedowns dive in 2023

Kevin Murphy, February 29, 2024, Domain Registries

The number of .uk domain names taken down as a result of requests from law enforcement shrank substantially last year, according to the latest stats from Nominet.

The registry said today that it suspended 1,193 domains in the 12 months to October 31, down from 2,106 in the previous period. It’s a record low since Nominet started tracking the data, for the second year in a row.

As usual, alleged intellectual property violations were the biggest cause of action. The Police Intellectual Property Crime Unit had 717 names taken down, with the National Fraud Intelligence Bureau suspending 321 and the Financial Conduct Authority 116.

While police takedowns were low, domains suspended by Nominet’s proactive Domain Watch anti-phishing technology were up about 20%, from 5,005 to 5,911. Nominet said this is because the tech, which flags possible phishing domains for human review at point of registration, is getting better.

The number of domains suspended because they appeared on threat feeds doubled, from 1,108 in the 2022 period to 2,230 last year, the company said.

Cybersquatting cases in .uk have also been declining, Nominet reported earlier this month.

While correlation does not equal causation, it might be worth noting that .uk registrations overall have been on the decline for some time. There were 10.68 million .uk domains at the end of January, down from 11.04 million a year earlier.

GoDaddy wants to cut the bullshit from .xxx

Kevin Murphy, February 27, 2024, Domain Registries

GoDaddy Registry wants to drop a big chunk of nonsense from the contract governing its .xxx domain, some 20 years after it was applied for as a “Sponsored” gTLD.

It’s asked ICANN if it can kill off its sponsor, the International Foundation For Online Responsibility, and sign up to something closer to the Base New gTLD Registry Agreement, the contract that all new gTLDs from the 2012 application round are on.

GoDaddy’s .porn, .adult and .sex gTLDs have been on a non-sponsored contract for a decade to no complaint, though they haven’t sold nearly as many domains as .xxx.

IFFOR’s board, the IFFOR Ombudsman, and .xxx registrants polled by GoDaddy all agree that the “sponsored” classification is no longer needed, GoDaddy VP Nicolai Bezsonoff told ICANN VP Russ Weinstein (pdf).

The registry wants ICANN to put out a non-sponsored version of the .xxx contract out for public comment.

It looks like a fait accompli. GoDaddy and ICANN have been negotiating the renewal of the .xxx contract, which was due to expire in 2021, for at least three years. It’s difficult to imagine a scenario in which the two parties have not already agreed terms.

Nobody who doesn’t get paid by IFFOR will miss IFFOR. For 20 years it’s been the domain industry’s least-convincing merkin, existing entirely to give original .xxx manager ICM Registry (and then MMX, then GoDaddy, following industry consolidation) the illusion that it had community support for selling porn domains.

ICM created IFFOR when it applied for .xxx in 2003 during ICANN’s well-intentioned but poorly considered and ill-fated “sponsored TLD” round, where applicants had to show they had support from a community related to their chosen string.

Because the porn industry, particularly in the US, hated the idea of a .xxx domain — erroneously believing governments would force all porn sites into it and then shut it down — ICM was forced to pull a community out of its backside. And thence IFFOR was born.

IFFOR was designed to be a mini-ICANN. It was to have a board, policy-making committees, an ombudsman, oversight, transparency, etc. Its foundational documents (pdf), list 14 obligations, most of which were never fulfilled to any meaningful extent.

Judging by its web site, it’s never made a single policy since it was formed in 2011. But we can’t be sure, because the web site has been poorly maintained (a breach of the first of its original 14 commitments), with no board minutes published for the last six years (despite employing a full-time staffer on a $60,000 salary who, tax forms say, works 40 hours a week).

It did come up with something called a “Policy Engine” for new gTLD registries around the time of the 2012 round, but discontinued it a year later when nobody wanted it.

IFFOR, a not-for-profit registered in California, was supposed to receive $10 from ICM for every registered, resolving .xxx domain and use a portion of that to issue grants to worthy causes related to its mission — child protection, free speech, and so on.

While IFFOR did announce two $5,000 awards in 2013, its tax filings have not reported a single penny spent on grants since 2011. Nada.

IFFOR’s charter seems to have been renegotiated behind the scenes at some point, when .xxx turned out to not be quite the internet cash machine its founders had hoped for. From 2011 to 2014 it was rolling in cash — getting over $1 million from ICM in 2013 — but from 2016 it’s been receiving a flat $100,000 a year, most of which is spent on director salaries.

At around the same time, instead of issuing cash grants, IFFOR started producing an “educational program” for UK schools called AtFirstSite. Aimed at 11 to 14-year-olds, it covers topics such as sexting, dick pics and online pornography, with a clear emphasis on keeping young teens safe online.

AtFirstSite carried a price tag of £150, but the revenue lines on tax forms since 2016 suggest none were ever sold. Instead, the program was given for free to schools that asked for it and this was called a “grant”, to satisfy IFFOR’s grant-giving mandate.

The program — which consists of a PDF and a PowerPoint presentation — is now free, and can be downloaded here , if you want to bemuse an 11-year-old with a reference to Rihanna and Chris Brown’s destructive relationship, which ended before they were born.

Closing IFFOR is not going to cause anyone to lose any sleep, but it will nevertheless be interesting to see whether anyone objects to .xxx losing its “sponsored TLD” status when ICANN opens the contract to public comment.

UK gov takes its lead from ICANN on DNS abuse

Kevin Murphy, February 23, 2024, Domain Registries

The UK government has set out how it intends to regulate UK-related top-level domain registries, and it’s taken its lead mostly from existing ICANN policies.

The Department for Science, Innovation and Technology said last year that it was to activate the parts of the Digital Economy Act of 2010 that allow it to seize control of TLDs such as .uk, .london, .scot, .wales and .cymru, should those registries fail to tackle abuse in future.

It ran a public consultation that attracted a few dozen responses, but has seemingly decided to stick to its original definitions of abuse and cybersquatting, which were cooked up with .uk registry Nominet and others and closely align to industry norms.

DSIT plans to define abuse in the same five categories as ICANN does — phishing, pharming, botnets, malware and vector spam (spam that is used to serve up the first four types of attack) — in its response to the consultation, published yesterday (pdf).

But it’s stronger on child sexual abuse material than ICANN. While registries and registrars have developed a “Framework to Address Abuse” that says they “should” take down domains publishing CSAM, ICANN itself has no contractual prohibitions on such content.

DSIT said it will require UK-related registries to have “adequate policies and procedures” to combat CSAM in their zones. The definition of CSAM follows existing UK law in being broader than elsewhere in the world, including artworks such as cartoons and manga where no real children are harmed.

DSIT said it will define cybersquatting as “the pre-emptive, bad faith registration of trade marks as domain names by third parties who do not possess rights in such names”. The definition omits the “and is being used in bad faith” terminology used in ICANN’s UDRP. DSIT’s definition includes typosquatting.

In response to the new document, Nominet tweeted:

DSIT said it will draft its regulations “over the coming months”.

.art takes a million domains off its premium list

Kevin Murphy, February 20, 2024, Domain Registries

UK Creative Ideas, the .art gTLD registry, is removing premium pricing from over a million domain names and slashing the premium pricing on others.

The company said today that most of the names losing their premium tag were on the lowest pricing tier, which is $70 wholesale a year. I believe the standard wholesale fee they will be moving to is $12 a year. Retail registrars will of course add their markups on their storefronts.

The registry said it’s “also moving a number of names from some higher premium tiers to lower priced premium tiers”.

The price changes, which come into effect February 21, are designed to make .art more attractive to both end users and domain investors, the company said.

.art had almost a quarter of a million domains under management at the last count. Not relying on cheapo registrations, it has one of the least lumpy growth trajectories of any 2012-round new gTLD, having a reliably steady incline pretty much since its 2017 launch.

Its top registrars are Namecheap, GoDaddy, Tucows and SquareSpace (formerly Google) in North America and Alibaba in China.

Freenom settles $500 million Meta lawsuit and will exit domain business

Kevin Murphy, February 16, 2024, Domain Registries

Facebook has claimed another domain industry scalp. Freenom said this week it has settled the cybersquatting lawsuit filed against it by Meta last year, and that it is getting out of the domain name business.

The registry/registrar said in a brief February 12 statement (pdf) that it will pay Meta an undisclosed sum and has “independently decided to exit the domain name business”.

Just how “independent” that decision was is debatable. The company lost its ICANN registrar accreditation last year and is believed to have lost its government contracts to run the ccTLDs for Equatorial Guinea, Central African Republic, Mali, Gabon, and possibly also Tokelau, its flagship .tk domain.

Meta had claimed in its complaint that Freenom had typosquatted its trademarks thousands of times, including domains such as faceb00k.ga. It sued for 5,000 counts under US anti-cybersquatting law, seeking $100,000 for each infringement, for a cool half-billion bucks in total.

Freenom and its network of co-defendant affiliates said in their defense that Meta had access to an abuse API that allowed it to turn off such domains, but had never used it. It also claimed many of the cited typosquats had already been shut down by the time the suit was filed.

It seems the names in question were likely those registered by abusive third-parties that were reclaimed and monetized by Freenom under its widely criticized free-domains business model, which made its TLDs some of the world’s most-abused.

But the claims on both sides evidently will not be tested at trial. The last court filing, dated late December, showed the two parties were to enter mediation, and Freenom put out the following statement this week:

Freenom today announced it has resolved the lawsuit brought by Meta Platforms, Inc. on confidential monetary and business Terms. Freenom recognizes Meta’s legitimate interest in enforcing its intellectual property rights and protecting its users from fraud and abuse.

Freenom and its related companies have also independently decided to exit the domain name business, including the operation of registries. While Freenom winds down its domain name business, Freenom will treat the Meta family of companies as a trusted notifier and will also implement a block list to address future phishing, DNS abuse, and cybersquatting.

Meta said in its Q4 Adversarial Threat Report this week that the settlement showed its approach to tackling DNS abuse is working.

Freenom’s gTLD domains have been transferred to Gandi. It’s less clear what’s happening to its ccTLD names, though social media chatter this week suggests the company has been giving registrants in affected ccTLDs nine-year renewals at no cost.