We grassed up .TOP, says free abuse outfit

A community-run URL “blacklist” project has claimed credit for the complaints that led to .TOP Registry getting hit by an ICANN Compliance action earlier this week.

.TOP was told on Tuesday that it has a month to sort of its abuse-handing procedures or risk losing the .top gTLD, which has over three million domains.

ICANN said the company had failed to respond to an unspecified complainant that had reported multiple phishing attacks, and now the source of that complaint has revealed itself in a news release.

URLAbuse says it was the party that reported the attacks to .TOP, which according to ICANN happened in mid April.

“Despite repeated notifications, the .TOP Registry Operator failed to address these issues, prompting URLAbuse to escalate the matter to ICANN,” URLAbuse said, providing a screenshot of ICANN’s response.

URLAbuse provides a free abuse blocklist that anyone is free to incorporate into their security setup. Domain industry partners include Radix, XYZ.com and Namecheap.

RDRS stats improve a little in June

ICANN’s Registration Data Request Service saw a small improvement in usage and response times in June, but it did lose a registrar, according to statistics published today.

There were 170 requests for private Whois data in the month, up a little from May’s historic low of 153, and 20.88% were approved, compared to 20.29% in May.

The mean average response time for an approved request was down to 6.59 days, from 11.34 days in May and April’s huge 14.09 days. Since the RDRS project began last November, the median response time is two days.

Smaller registrar OwnRegistrar opted out of the program during the month, but the coverage in percentage terms held steady at 59%, with 90 registrars of various sizes still participating.

New gTLDs and ccTLDs drive domain universe growth

The seasonally strong first quarter saw growth return to the domain industry, despite .com’s continuing woes, according to the latest edition of Verisign’s Domain Name Industry Brief.

There were 362.4 million domain registrations across all TLDs at the end of March, up by 2.5 million names or 0.7% from the start of the year, according to the report. Growth over 12 months was 7.5 million or 2.1%.

The growth came in spite of continued shrinkage at Verisign’s own .com and .net. The flagship .com was down from 159.6 million to 159.4 million while .net remained flat at 13.1 million, the DNIB states.

The two TLDs combined lost a total of 0.3 million names over the quarter and 2.3 million names over the year, Verisign said.

ccTLD regs were up to 139.5 million, an increase of 1.2 million or 0.9% from the start of the year and 3.7 million from a year earlier.

Russia’s .ru overtook the Netherlands’ .nl to become fourth largest ccTLD. That’s 6.4 million versus 6.3 million, but Verisign’s methodology sees it count some 770,000 Cyrillic .РФ domains as if they were also .ru.

All of the top 10 ccTLD grew apart from .uk and .it.

New gTLDs also performed strongly, with 33.3 million regs at the end of the quarter, up 1.5 million (4.7%) sequentially and six million (22.1%) year over year.

Perhaps because the raw volume numbers have started make Verisign’s TLDs look terrible in comparison over the last few editions, the DNIB has started reporting an estimated renewal rate for many of the TLDs the DNIB tracks.

As you might expect, the renewal numbers for new gTLDs suck. While established TLDs like .com have the usual mid-70s percent renewal rate, that number plummets to the 20s when you look at big 2012-round TLDs such as .xyz, .online and .top.

RDRS usage hits all-time low

Usage of ICANN’s Registration Data Request Service, which lets people submit Whois queries to registrars, hit a new low in May, six months after its launch.

RDRS was used to submit 156 requests for private Whois data in the period, the lowest number to date. In December, there were 173 requests; the peak was 290 the following month.

While requests from law enforcement held at 46, requests from IP holders, which had peaked at 117 in February, dipped a little between April and May, going from 43 to 37.

The mix between approved and denied requests was pretty much unchanged — about 20% of requests get approved and about 70% get denied.

The number of RDRS queries (domain lookups that don’t necessarily result in a request) was also at at all-time monthly low, at 1,393, from a December peak of 2,349 and April’s 1,435. Only a quarter of queries were for supported domains, down from 30% in April.

The wait time for approval shortened a little, having topped out at a massive 14 days in April, to an average of 11.34 days. Denials took on average 9.77 days.

Three more registrars joined the voluntary service in May, and none left. One of the newcomers was a second Alibaba accreditation, which brought in 3.5 million domains and raised the overall service coverage from 57% to 59% of all gTLD domains.

One way of spinning the numbers would be to say that RDRS users have become disillusioned with the service, another would be to say they are done kicking the tires and seeing what they can get away with, have discovered its limitations, and are now using it as intended.

The people have spoken on RDRS and they said “Meh”

Users of ICANN’s new Whois data request service appear to be overwhelmingly apathetic about it, if the results of the first quarterly user survey are to be believed.

ICANN sent surveys to 861 users of the Registration Data Request Service and 29 of the registrars that support it. Only 17 requesters and 15 registrars responded, and not every respondent answered every question.

With such a small sample size, it’s debatable whether the results can tell ICANN or anyone else whether RDRS is any good or not.

Asked whether having RDRS was better or worse than not having RDRS, only seven requester respondents answered. Two thought it was “much worse”, one thought it was “somewhat worse”, two thought it was “about the same” and two thought it was “somewhat better”.

Nobody clicked the button for “much better”, a fact that would be quite easy to seize upon as a headline if not for the fact that this is a survey of seven people and therefore pretty much worthless.

Responses to free-text questions perhaps shed a little light on the user experience: some people think it’s too slow, they’re not happy that they didn’t get the data they wanted, and the level of registrar support is too low.

Asked the same question about whether RDRS has made handling Whois requests better or worse, 11 registrars responded. The mix was heavily towards the “worse” end of the scale, which is probably not what ICANN wanted to hear.

In free-text responses, some registrars said they found the interface and workflow lacking, making the process of handling requests take more time and effort than doing the same outside RDRS. Pretty much the diametrical opposite of RDRS’s raison d’etre.

RDRS is a two-year pilot that has data-gathering as one of its primary purposes, but with such a lackluster response to the first survey ICANN is surely hoping the seven remaining surveys may produce some more meaningful stats.

The full survey results are available to read here (pdf), if you can be bothered.

DNS Abuse Institute changes name

The DNS Abuse Institute is rebranding around its flagship product in order to make its name shorter and less confusing, according to the organization.

It’s now called the NetBeacon Institute, after a free security service it launched two years ago, and its products are also being renamed accordingly.

The old NetBeacon service, a clearinghouse for DNS abuse reports, is now called NetBeacon Reporter. The old DNSAI Compass abuse metrics reporting service is now the NetBeacon Measurement and Analytics Platform.

“The old name was a bit long, generated confusion, and required explanation,” executive director Graeme Bunton said on social media.

It’s moved its internet presences from dnsabuseinstitute.org to netbeacon.org.

NetBeacon’s services are free and funded by .org registration fees collected by Public Interest Registry.

New Vegas conference “Davos for Web3 interoperability”

Specialist new gTLD consultancy D3 is to hold a two-day conference in Las Vegas at the end of the month it’s describing as the “Davos for Web3 interoperability”.

Imposingly named Dominion, it’s due to take place at the Cesar’s Palace hotel from April 29 to 30. The theme is the interoperability between the traditional domain name system and newer blockchain-based naming systems.

Organizers says it’s invite-only, and limited to about 125 attendees, but an invitation can be requested from the event’s web site.

Keynote speakers include Lily Liu (president of the Solana Foundation) and Fred Gregaard (CEO of the Cardano Foundation) on the blockchain side of things, and Matt Overman of Identity Digital on the domain name side, as well as D3 CEO Fred Hsu.

D3 specializes in arranging gTLD applications for blockchain firms and has five announced clients so far.

GlobalBlock blocking 2.5 million domains

GoDaddy-led brand protection project GlobalBlock says it is already blocking over 2.5 million domains, just a couple of weeks after its formal launch.

The GlobalBlock web site reports that 2,569,815 domains are currently being blocked across 559 extensions (a mix of ccTLDs, gTLDs, third-level domains and blockchain names), for an average of just under 4,600 per extension.

It’s difficult to extrapolate much useful information about rapid market demand for the service from this one number, for a variety of reasons.

First, the more-expensive GlobalBlock+ service can block well north of 10,000 domains, mostly homographic variants of a trademark, for a single fee, which could mean as few as just a couple hundred customers have signed up so far at the most pessimistic interpretation.

Second, GlobalBlock offered pricing incentives to existing customers of GoDaddy’s AdultBlock and Identity Digital’s Domain Protected Marks List, both of which are over a decade old, in the months-long run-up to launch.

The vanilla, single-brand GlobalBlock service retails for about $6,000 per year, with GlobalBlock+ going for closer to $9,000.

GoDaddy’s GlobalBlock supports blockchain names

GoDaddy’s Brand Safety Alliance has finally released the list of TLDs supported by its new GlobalBlock brand protection service, and it’s notable for including a couple dozen extensions that aren’t real TLDs at all.

Formally announcing its launch today, the company said GlobalBlock will initially allow trademark owners and others to block their marks and variants in about 600 “extensions” and published the list on its web site.

The term “extension”, as opposed to “TLD”, is important, as the headline number seems to count zones where names are registerable at the third level — so .bar.pro and .cpa.pro and .com.cx and .net.cx, for examples, are individually counted.

I count a total of 457 TLDs on the currently published list, of which 27 are distinct ccTLDs.

But I also about 20 strings that aren’t real TLDs. As well as pseudo-gTLD .it.com, a lot of supported extensions appear to on blockchain naming systems such as Unstoppable Domains (proving, once again, that Unstoppable chose entirely the wrong brand for its service).

The blockchain TLDs currently listed are: .altimist, .anime, .binanceus, .bitcoin, .blockchain, .crypto, .dao, .go, .hi, .klever, .kresus, .manga, .nft, .polygon, .pudgy, .unstoppable, .wallet, .x and .zil.

About 270 of the real gTLDs on the list belong to Identity Digital, with GoDaddy Registry accounting for about 35.

Google Registry has 28 gTLDs on the list, seven of which aren’t even publicly available yet, such as .search and .map. This in either incredibly cheeky — selling blocks in TLDs in which cybersquatting is literally impossible — or a sign that Google plans to release more of its dormant gTLD inventory soon.

Other registries with multi-TLD representation on the list include Global Registry Services, GMO Registry, Internet Naming Co, ZACR and Nominet (though, while .wales and .cymru are currently listed, .uk is not).

Notable by their absence are portfolio registries Radix, XYZ and ShortDot.

UPDATE: This story was updated several hours after publication to remove the reference to Handshake. Unstoppable Domains is the only blockchain naming system to so far be in the GlobalBlock ecosystem.

Dueling domain blocking services to launch at ICANN 79

Norwegian startup NameBlock is set to launch its suite of brand protection and domain security services later this week, with a somewhat different take on the market to its primary competitor.

Recently appointed CEO Pinky Brand tells me the company plans to formally launch March 1, the day before the ICANN 79 public meeting begins in Puerto Rico.

The company is coming out with two services to begin with — BrandLock, which allows trademark owners to block their marks across multiple TLDs, and AbuseShield, which blocks hundreds of variant domains that are considered at the most risk of abuse.

BrandLock is perhaps most directly comparable to the DPML service offered by Identity Digital, GoDaddy’s AdultBlock, and the multi-registry GlobalBlock service that is also due to formally launch in San Juan next week.

The service requires the buyer to own a verified trademark, and the exact match of that mark will be blocked over a multitude of ccTLDs and gTLDs. Brand said reseller partners may choose to bundle different TLDs thematically or offer them as one-offs.

He said he expects it to retail for $40 to $50 per domain per year, so presumably makes the most sense for the more-expensive TLDs or for buyers who have other reasons to want a block rather than a defensive registration.

The value proposition seems a lot clearer for AbuseShield, which is notable for not requiring a trademark to get protection — it’s more of a security pitch than a brand-protection story.

Under AbuseShield, when a registrant buys a name in a participating TLD, they will be given the option to pay to block a couple hundred potentially abusive variant domains in that same TLD, for a far lower cost than they’d pay to defensively register them individually.

Using data from NameBlock’s majority shareholder iQ Global, the company identifies homographic variants and common “abuse prefixes” — strings such as “login” and “https” — to compile a list of domains to be blocked. A feature called VariantCatcher will automatically block already-registered risky domains at the registry when they expire, for no extra cost.

“We want to make the abuse prevention market much, much wider than it has been before,” Brand said. “You’d pay $89 to $129 a year the block the 100 to 250 variations that we know are most likely to be used by someone to do you harm.”

At first, the service will be available through NameBlock resellers, currently those registrars focused on corporate services, but the company plans to make an API available in a few months that will let retail registrars offer the service as an up-sell in their storefront.

At launch, NameBlock has around 15 resellers, such as MarkMonitor, CSC, 101Domain, Encirca and Gandi, Brand said. Registries for about a dozen TLDs will be on board, but Brand said he expects this to grow to 40 to 50 in a couple months.

CoCCA which makes registry software used by 57 ccTLDs, has already announced its support for NameBlock’s services.

Elsewhere at ICANN 79, you’ll find the Brand Safety Alliance, a GoDaddy-led initiative purveying the new GlobalBlock service, which is more of brand-protection play

As I’ve previously blogged, because portfolio registries GoDaddy and Identity Digital are involved, GlobalBlock can provide blocking coverage in hundreds of TLDs — over 560 at the current count — with prices starting at about $6,000 a year retail.

While GlobalBlock and NameBlock are certainly operating in the same space, there appears to be enough variation between the two services that the market might be able to support both.