.xyz starts to plummet — NetSol freebies to blame?

XYZ.com has been seeing its .xyz zone file shrink rapidly over the last five days, likely as a result of free domains pushed out to Network Solutions customers starting to expire.
DI PRO stats show that .xyz has shrunk by 49,658 domains this week — today at 888,413 names compared to a June 4 peak of 942,927.
It was June 4 last year when the industry become aware that NetSol was automatically pushing .xyz names into the accounts of its existing customers without their explicit consent.
Renewal rates usually do not become clear for 45 days after expiration, due to grace periods, but domains can delete earlier.
On June 9, 2014, one year ago today, .xyz had 87,073 domains in its zone file. It’s difficult to see where a loss of almost 50,000 names this week could come from if not the NetSol freebies deleting.
It is believed that the NetSol giveaway contributed about 350,000 names to .xyz’s zone over the period of its offer.
NetSol has been bundling .xyz renewals — which along with the free year of email and privacy comes to a whopping $57 — when it asks its customers to renewal their matching .com/.net/.org domains.
.xyz likely hasn’t seen the worst of its total shrinkage yet.
When eNom pushed free .info domains into its customers’ accounts about 10 years ago the renewal rate on those names was virtually zero.

ICANN’s new gTLD survey gives new gTLD awareness numbers

ICANN has released the results of a huge survey focusing on awareness and trust in gTLDs new and old.
The headline number is 46% — that’s the how many of the 6,144 international survey respondents said they were aware of new gTLDs.
The respondents were asked this question:

As you may or may not know, new domain name extensions are becoming available all the time. These new extensions are called new gTLDs.
Which of the following new gTLDs, if any, have you heard of? Please select all that apply.

They were presented with a list comprising .email, .photography, .link, .guru, .realtor, .club and .xyz. These were the biggest seven Latin-script new gTLDs when the survey was developed in January.
Tellingly, .email and .link stole the show, with 28% and 24% awareness respectively. The other five options ranged from 13% for .club to 5% for .xyz.
I think the numbers were influenced by some respondents not quite understanding the question. People are familiar with email and with links as internet concepts, which may have swayed the results.
Akram Atallah, president of ICANN’s Global Domains Division, acknowledged this potential problem in ICANN’s announcement last night, saying:

The survey found that domains with an implied purpose and functional associations, such as .EMAIL, were most often recalled by Internet users. While some of the drivers may be linked to familiarity and general association versus awareness of the extension, we believe it’s a signal that people are receptive to the names.

It’s also notable that, almost 15 years after launch, .biz and .info only have 50% awareness, according to the survey. For .mobi. .pro, .tel and .asia, all released between 2004 and 2008, the awareness was at 37%.
It’s not impossible that new 2012 round — which has generated thousands of headlines — has raised more awareness of new gTLDs.
The survey found that 38% of internet users who were aware of new gTLDs have visited a .email web site in the last year. The number was 28% for .link.
The survey also found that 52% of respondents would consider using a new gTLD if they were setting up a web site in the next six months. The number ranged from 40% for .email to 22% for .xyz.
Among the plethora of other findings, the survey discovered that only 92% of internet users have heard of .com.
Go figure.
The entire survey, carried out by Nielsen, can be found here.
UPDATE: This article was substantially revised a few hours after publication to remove references to the numbers being “nonsense”. This was due to my misreading of the survey questionnaire. My apologies for the confusion.

New gTLD phishing still tiny, but .xyz sees most of it

New gTLDs are not yet being widely used to carry out phishing runs, but most such attacks are concentrated in .xyz.
That’s one of the conclusions of the Anti-Phishing Working Group, which today published its report for the second half of 2014.
Phishing was basically flat in the second half of the year, with 123,972 recorded attacks.
The number of domains used to phish was 95,321, up 8.4% from the first half of the year.
However, the number of domains that were registered maliciously in order to phish (as opposed to compromised domains) was up sharply — by 20% to 27,253 names.
In the period, 272 TLDs were used, but almost 54% of the attacks used .com domains. In terms of maliciously registered domains, .com fared worse, with over 62% share.
According to APWG, 75% of maliciously registered domains were in .com, .tk, .pw, .cf and .net.
Both .tk and .cf are Freenom-administered free ccTLDs (for Tokelau and the Central African Republic) while low-cost .pw — “plagued” by Chinese phishers — is run by Radix for Palau.
New gTLDs accounted for just 335 of the maliciously registered domains — 1.2% of the total.
That’s about half of what you’d expect given new gTLDs’ share of the overall domain name industry.
Twenty-four new gTLDs had malicious registrations, but .xyz saw most of them. APWG said:

Almost two-thirds of the phishing in the new gTLDs — 288 domains — was concentrated in the .XYZ registry. (Of the 335 maliciously registered domains, 274 were in .XYZ.) This is the first example of malicious registrations clustering in one new gTLD, and we are seeing more examples in early 2015.

XYZ.com aggressively promoted cheap or free .xyz names during the period, but APWG said that only four .xyz phishing names were registered via freebie partner Network Solutions.
In fact, APWG found that most of its phishing names were registered via Xin Net and used to attack Chinese brands.
But, normalizing the numbers to take account of different market shares, .xyz shapes up poorly when compared to .com and other TLDs, in terms of maliciously registered domains. APWG said:

XYZ had a phishing-per-10,000-domains score of 3.6, which was just slightly above the average of 3.4 for all TLDs, and lower than .COM’s score of 4.7. Since most phishing domains in .XYZ were fraudulently registered and most in .COM compromised, .XYZ had a significantly higher incidence of malicious domain registrations per 10,000 coming in at 3.4 versus 1.4 for .COM.

APWG said that it expects the amount of phishing to increase in new gTLDs as registries, finding themselves in a crowded marketplace, compete aggressively on price.
It also noted that the amount of non-phishing abuse in new gTLDs is “much higher” than the phishing numbers would suggest:

Tens of thousands of domains in the new gTLDs are being consumed by spammers, and are being blocklisted by providers such as Spamhaus and SURBL. So while relatively few new gTLD domains have been used for phishing, the total number of them being used maliciously is much higher.

The number of maliciously registered domains containing a variation on the targeted brand was more or less flat, up from 6.6% to 6.8%.
APWG found that 84% of all phishing attacks target Chinese brands and Chinese internet users.
The APWG report can be downloaded here.
UPDATE: XYZ.com CEO Daniel Negari responded to the report by pointing out that phishing attacks using .xyz have a much shorter duration compared to other TLDs, including .com.
According to the APWG report, the average uptime of an attack using .xyz is just shy of 12 hours, compared to almost 28 hours in .com. The median uptime was a little over six hours in .xyz, compared to 10 hours in .com.
Negari said that this was due to the registry’s “aggressive detection and takedowns”. He said XYZ has three full-time employees devoted to handling abuse.

.xyz dismisses own ads as “puffery”

XYZ.com has dismissed its own claim that .xyz is the “next .com” as “mere opinion or puffery”, in an attempt to resolve a false advertising lawsuit filed by Verisign.
Attempting to get the lawsuit resolved without going to the expense of a full trial, the registry has filed with the court a lengthy, rather self-deprecating deconstruction of its own marketing.
It says among other things that the blog posts and videos at issue are “not statements of fact but rather mere puffery, hyperbole, predictive, or assertions of opinion”.
Verisign sued XYZ and its CEO, Daniel Negari, in December, claiming that the video embedded below reflects “a strategy to create a deceptive message to the public that companies and individuals cannot get the .COM domain names they want from Verisign, and that XYZ is quickly becoming the preferred alternative.”

Last week XYZ filed a motion asking the court to rule on the pleadings only, meaning it would not go to trial. It appears to be an effort by the smaller company to avoid any more unnecessary legal fees.
“Verisign is attempting to litigate XYZ out of business complaining about a vanity video, website blog posts, and opinions stated to a reporter,” the motion says.
The document goes to great lengths to argue that the video, blog posts and interviews given by Negari are not “statements of fact”, but rather mere “hyperbole”.
It even goes to the extent of arguing that its ads make Verisign look good:

XYZ’s claim to be “the next .com” could not plausibly harm Verisign’s commercial interest because the claim reinforces that Verisign’s .COM is the most-popular, most-successful domain. Perhaps consumers think that since .XYZ is the next .COM, they should not buy other new domains. Perhaps consumers buy more .COM domains because XYZ has promoted Verisign as the market leader. But Verisign suffering any injury as a result of XYZ’s statements is implausible.
…
Some might view the old Honda in the video with the “COM” license plate as trusty and reliable, and the Audi sports car with “XYZ” as high maintenance, impracticable, and too trendy.

Verisign may or may not win the lawsuit, but it does seem to have succeeded in getting XYZ to cut the balls off of its own marketing.
Verisign has not yet filed a response to XYZ’s motion, which will be heard in court May 8.
You can download the PDF of the motion here.

.xyz helps CentralNic double its revenue

CentralNic’s revenue almost doubled in 2014, helped by the launch of new gTLDs.
The UK-based registry today reported annual operating profit of £497,000 ($759,000), down from £694,000 ($1.05 million) in 2013, on the back of revenue up 99% at £6.06 million ($9.25 million).
Billings– money taken but not yet recorded as revenue — was up a whopping 154% at £9.89 million ($15.1 million).
Part of the reason for the growth was the launch of new gTLDs last year.
CentralNic acts as the registry back-end for eight TLDs that launched last year, including runaway volume leader .xyz, which has about 880,000 domains in its zone file today.
Another big contributor was Internet.bs, the Bahamas-based registrar that CentralNic acquired for $7.5 million last year.
The registrar had about 400,000 legacy gTLD domains under management at the end of the year, according to DI’s records.
Both new gTLDs and Internet.bs started contributing to revenue in the second half of the year.
CentralNic also said that its new “enterprise” division, which sells premium domains and offers consulting and software, was a growth factor.
CEO Ben Crawford told the markets that the new gTLD opportunity has so far been “softer” than expected.

Only a small number of retailers received their accreditations from ICANN to sell domains under the new TLDs in 2014, and a lack of public awareness pending the launches of the “superbrand TLDs” such as .google, .apple and .sony, meant that the market for new TLDs in 2014 was softer than had been projected by ICANN and other industry experts. It was essentially limited to domain investors and other early adopters.

Opinion in split in the industry on how much reliance can be put on what Crawford calls “super-brands” to do the heavy lifting when it comes to public awareness of new gTLDs.

New gTLD zones top five million names

There are now more than five million new gTLD domain names live in the DNS.
That’s according to zone files collated by ICANN, which I’m told show 5,002,252 names across the 597 new gTLD registries providing data.
That works out to a mean of 8,378 domains per TLD, a median of 1,254.
The largest zone file is .xyz, with 877,450 names. There’s at least 100 new gTLDs with only one domain in their zones.
Due to the way ICANN’s Centralized Zone Data Service works (or doesn’t work) with access rights expiring on a pretty much daily basis, it’s virtually impossible for a third party such as DI to count up zone file numbers across every new gTLD with 100% daily accuracy.
Today, DI PRO reports a count of 4,999,024 names.
The total number of zone file domains in this post was provided by ICANN, which does not have the same CZDS restrictions as the rest of us.

NetSol’s free .xyz bundle renews at $57

Network Solutions is charging a total of $57.17 for renewing the .xyz domain names and associated services it gave away for free as part of .xyz’s controversial launch last year.
A little over a year ago, NetSol found controversy when it pushed hundreds of thousands of .xyz domain names into its customers’ accounts without their explicit consent.
The offer, which required customers to opt out if they didn’t want it, included a year of private registration and a year of email.
The move allowed XYZ.com, the .xyz registry, to report itself as the largest new gTLD registry.
It’s been the subject of some speculation how renewals would be treated by NetSol, but now we know.
Customers, at least in cases reported by DI readers, are being sent renewal notices for their .xyz bundles in the same mailshots as for their .com domains.
Clicking the “Renew” button in these emails takes registrants to a NetSol page on which they can select which of their products they would like to renew.
All, including the .xyz products, are pre-selected for renewal but may be deselected.
Pricing is set at $15.99 for the .xyz domain, $15.99 for the private registration and $25.19 for the email service. That’s a total of $57.17.
Here’s a screenshot of the shopping cart with the pricing (I’ve redacted the domain). Click to enlarge.

The original email sent by NetSol to customers last June, said:

We want to show you how much we appreciate your loyalty by rewarding you with complimentary access to a 1-year registration of a .XYZ domain, one of the hottest new domain extensions. .XYZ domains are proving to have broad appeal and also be extremely memorable. In addition to your complimentary domain, you’ll also receive Professional Email and Private Registration for your .XYZ domain – free of charge.
…
If you choose not to keep this domain no action is needed and you will not be charged any fees in the future. Should you decide to keep the domain after your complementary first year, simply renew it like any other domain in your account.

The fine print read:

Offer applies to first year of new registrations only. The offer is not transferable and is only available to the recipient. After the complimentary first year the .XYZ domain name and its related services shall expire unless you actively renew the .XYZ domain name and its related services at the then-current rates.
Please note that your use of this .XYZ domain name and/or your refusal to decline the domain shall indicate acceptance of the domain into your account, your continued acceptance of our Service Agreement located online at http://www.networksolutions.com/legal/static-service-agreement.jsp, and its application to the domain.

There’s concern from some registrants that customers may renew their .xyz services without really understanding how they ended up in their account in the first place.
.xyz currently has over 857,000 domains in its zone file.
XYZ.com CEO Daniel Negari was recently quoted as saying that roughly 500,000 of those were not freebies.
The company is being sued by .com registry Verisign for using its reg numbers in “false advertising” that seeks to compare .xyz to .com.

Rightside slashes new gTLD prices to $0.99

Rightside registrar eNom is to offer domains in several Rightside gTLDs for $0.99 over the coming days.
Today, .rocks domains can be obtained for the special price. They’re usually $12.99 a year.
The price does not apply to renewals. Customers have to use the promo code “pocketchange”.
Rightside stablemates .forsale, .reviews, .ninja and .social will get the $0.99 treatment for one day each over the coming week.
As we’ve learned over the last several months, super-cheap domains boost TLDs’ numbers as some of the internet’s less than ethical characters bulk-register thousands of throwaway domains at once.
So far, gTLDs such as .xyz, .country and .kim have been affected by these spikes, which I currently believe are related to typosquatting campaigns in legacy gTLDs.
I would not be at all surprised if Rightside becomes the latest registry to see its volume swell for similar reasons.

ICANN slashes new gTLD revenues by 57%, forecasts renewals at 25% to 50%

ICANN has dramatically reduced the amount of revenue it expects to see from new gTLDs in its fiscal 2015.
According to a draft 2016 budget published this morning, the organization now reckons it will get just $300,000 from new gTLD registry transaction fees in the year ending June 30, 2015.
That’s down 75% from the $1.2 million predicted by its FY 2015 budget, which was approved in December.
Transaction fees are paid on new registrations, transfers and renewals, but only by gTLDs with over 50,000 billable transactions per year.
Today, only 14 of the 522 delegated new gTLDs have added more than 50,000 names. ICANN says that only 17 registries are currently paying transaction fees.
It’s not only the transaction fees where ICANN has scaled back its expectations, however.
The organization also expects its fixed new gTLD registry fees — the $6,250 each registry must pay per quarter regardless of volume — to come in way below targets.
The new budget anticipates $12.7 million from fixed registry fees in FY15, down 24% from the $16.7 million in its adopted FY15 budget.
This is presumably due to larger than expected numbers of would-be registries either withdrawing or dragging their feet in the path to delegation.
Registrar transaction fees are now anticipated at $1.1 million, compared to $2 million and $3.2 million predicted by the adopted and draft FY15 budgets respectively.
Taking all three revenue sources together, ICANN now expects new gTLDs to contribute just $14.1 million to its fiscal 2015 revenue, down 29% from the $19.8 million forecast in its adopted FY15 budget.
That’s down 57% from the $32.7 million in the original draft budget for the period.
The current budget assumes 15 million new gTLD registrations in the 12-month period, revised down from the 33 million domains predicted in its draft FY15 budget a year ago.
With just a few months left until the end of the fiscal year, there are currently fewer than 4.5 million domains in published new gTLD zone files.
ICANN plainly no longer expects new gTLDs to get anywhere close to 15 million domains.
Renewals expected to be weak, weak, weak
The organization is taking a conservative view about renewals for 2016.
The 2016 budget expects renewals at just 50% for regular gTLDs and 25% for registries — presumably ICANN has .xyz in mind — that gave away domains for free at launch.
That 50% is both ICANN’s “best” and “high” estimate. Its “low” estimate is 35% for non-free domains.
Obviously, 50% is a very low renewal number for any registry (70%+ is the norm). Even شبكة. (.shabaka) told us recently that 55% of its registrants are renewing before their domains expire.
Conversely, 25% may be a very optimistic number for free domains (when Afilias gave away free .info names a decade ago, almost all of them dropped rather than being renewed).
For fiscal 2016, which begins July 1, 2015, ICANN expects new gTLD revenue to be $24.1 million — about a quarter off its original plan for 2015.
That breaks down as $19.9 million from registry fixed fees, $2 million from registry transaction fees, and $2.3 million from registrar transaction fees.
ICANN said it is is assuming that it will start the year with 602 registries and end it with 945.
The proposed FY16 budget, now open for comment, can be found here.
For comparison purposes, the adopted FY15 budget is here (pdf) and the draft FY15 budget is here (pdf).

Adware dominating popular new gTLD ranks

Afilias’ .kim has become the latest victim (beneficiary?) of adware, as robo-registrations boost the gTLD’s zone file and apparent popularity.
It’s the latest new gTLD, after .xyz and .country, to see its rankings soar after hundreds of gibberish, bulk-registered domains started being used to serve ads by potentially unwanted software.
.kim is today the 4th most-popular new gTLD, with 85 domains in the top 100,000 on the internet and 264 in the top one million.
A month ago, it had a rank of 223, with just 16 domains in the top one million.
The domain names involved — gems such as oatmealsmoke.kim, vegetableladybug.kim and tubhaircut.kim — have seen a boat-load of traffic and rocketing Alexa rank.
The reason for the boost seems to be a one-off bulk registration of about 1,000 meaningless .kim domain names in early February, which now appear to be being used to serve ads via adware.
In this chart (click to enlarge), we see .kim’s zone file growth since the start of 2015.

The spike on February 5, which represents over 1,000 names, is the date almost all of the .kim names with Alexa rank were first registered.
They all appear to be using Uniregistry as the registrar and its free privacy service to mask their Whois details.
These domains often do not resolve if you type them into your browser. They’re also using robots.txt to hide themselves from search engines.
But they’ve been leaving traces of their activity elsewhere on the web, strongly suggesting their involvement in adware campaigns.
It seems that the current (ab?)use of .kim domains is merely the latest in a series of possibly linked campaigns.
I noted in January that gibberish .country domains — at the time priced at just $1 at Uniregistry — were suddenly taking over from .xyz in the popularity charts.
The following three charts, captured from DI PRO’s TLD Health Check, show how the three TLDs’ Alexa popularity rose and fell during what I suspect were related adware campaigns..
First, .xyz, which was the first new gTLD to show evidence of having robo-registrations used in adware campaigns, saw its popularity spike at the end of 2014 and start of 2015:

Next, Minds + Machines’ .country, which saw its zone file spike by 1,500 names around January 6, starts to see its Alexa-ranked total rocket almost immediately.
.country peaks around February 9, just a few days after the .kim robo-registrations were made.

Finally, as .country’s use declines, .kim takes over. Its popularity has been growing day by day since around February 13.

I think what we’re looking at here is one shadowy outfit cycling through bulk-registered, throwaway domain names to serve ads via unwanted adware programs.
It seems possible that domains are retired when they become sufficiently blocked by security countermeasures, and other domains in other TLDs are then brought online to take over.
None of this necessarily reflects badly on any of the new gTLDs in question, or even new gTLDs as a whole, of course.
For starters, I’ve reason to believe that TLDs such as .eu and .biz have previously been targeted by the same people.
The “attacks”, for want of a better word, are only really noticeable because the new gTLDs being targeted are young and still quite small.
It takes much longer to build up genuine popularity for a newly launched web site than it does to merely redirect exist captive traffic to a newly registered domain.
What it may mean, however, is that .kim and .country are going to be in for statistically significant junk drops about a year from now, when the first-year registrations expire.
For .kim, 1,000 names is about 14% of its current zone file. For .country, it’s more like a quarter.
The daily-updated list of new gTLD domains with Alexa rank can be explored by DI PRO subscribers here. The charts in this post were all captured from the respective TLD’s page on TLD Health Check.