Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
CentralNic seeing no impact from coronavirus
CentralNic, the triple-play domain company, has told the markets that the coronavirus pandemic is not having an impact on its financial health.
In a statement yesterday, the company said:
To date, CentralNic has not experienced interruptions in its services to customers or in its supply chain, and the Company confirms that its current trading is in line with market expectations.
CentralNic’s business is expected to remain resilient. Its services are procured and delivered over the internet, and the majority of CentralNic’s revenues are payments from existing subscribers and customers on rolling contracts. The Company’s core product is the sale of domain names, which are core infrastructure that enable the functioning of email and websites — the most important communication tools used between work colleagues working remotely and between companies and their customers.
The company makes most of its money from the retail side of the industry nowadays, largely via a network of thousands of resellers, but it also runs its own TLD registries and acts as a back-end for some high-volume TLDs such as .xyz.
It expects to report its 2019 financial results and a summary of its Q1 performance a few weeks from now.
ICANN expects “significant” budget impact from coronavirus
The ongoing coronavirus pandemic is expected to have a “significant” impact on ICANN’s budget, according to an update from the organization.
The organization published its expectations of a $140.4 million budget for the fiscal year that begins this July last December, and opened it up for public comments.
In its summary of those comments (pdf), which had a February 25 deadline and therefore were not focused on the pandemic’s potential impact, ICANN said:
the COVID-19 pandemic is affecting significantly the entire world. ICANN expects that its activities and financial position will be significantly impacted as well. The ICANN org is working with the Board to assess and monitor the potential impact to ICANN’s funding, and planned work such as face-to-face meetings, travel, etc.
Any pandemic-related changes to the budget will be published prior to board approval, ICANN said.
So where is ICANN expecting the impact? It’s not entirely clear. I would expect to see some minor gains from slashing its travel budget in the wake of social distance rules, but it’s less obvious where a “significant” shortfall could occur.
ICANN had operational revenue — the money it gets from billing registries and registrars — of $136.8 million in the fiscal year ending June 30, 2019, its most recently reported year (pdf).
Of that total, roughly $56 million came from the market leaders in both segments, Verisign and GoDaddy, both of which have been given glowing analyst coverage since the outbreak began.
One commentator recently wrote that Verisign is “immune” from coronavirus and GoDaddy’s CFO told analysts just last week that he expects the impact of coronavirus to be “minimal” in the first quarter. That could of course change in future.
Almost half of ICANN’s revenue, some $65.7 million, comes from the top 10 registries and registrars.
So is ICANN expecting to see weakness in the long tail, the few thousand accredited registrars and gTLD registries that account for under $1 million in ICANN contributions per year? Is it expecting reduced voluntary contributions from the ccTLDs and Regional Internet Registries?
Will coronavirus cause huge numbers of small businesses to abandon their domains as they go out of business? Will it inspire large numbers of the recently unemployed and quarantined to start up web-based businesses in an attempt to put food on the table? Will it cause large portfolio owners to downsize to save costs?
All of these outcomes seem possible, but these are unprecedented times, and I couldn’t being to guess how it will play out.
ICANN’s number two Cyrus Namazi quits. Probably due to sexual discrimination claims.
The head of ICANN’s Global Domains Division, Cyrus Namazi — arguably ICANN’s number-two exec — has resigned from the organization, according to multiple sources. I believe it’s related to allegations of sexual discrimination.
ICANN staffers were told this evening that he’s resigned “effective immediately” and that a public announcement will follow.
Long-time ICANN staffer Theresa Swinehart, currently senior VP of multistakeholder strategy and strategic initiatives, will run GDD while a replacement is sought.
While I don’t expect ICANN to announce the reasons for Namazi’s departure, I believe it’s related to allegations of sexual indiscretions.
I’ve been aware for a few months of allegations against Namazi for sexual discrimination and/or sexual harassment, but I’ve been unable to get sufficient on-the-record information to run a story.
What I do know, from digging around on court web sites, is that ICANN was sued about a year ago by a former staffer called Jennifer Gore for alleged disability and gender discrimination, allegedly carried out by Namazi.
Gore’s complaint can be read here (pdf). ICANN’s response can be read here (pdf).
I’ve also been made aware of a few other female ICANN staffers who have quit allegedly due to Namazi’s behavior.
And I gather he’s been on-leave recently. Anyone who was at ICANN 67 will have noted his absence.
I’ve not heard of any allegations that could be described as remotely criminal. We’re just talking about allegations of inappropriate comments and actions at work.
I have absolutely no idea how many of the allegations, if any, are true. None. I just know that there are a lot of them.
I do know that ICANN’s PR team have been banned from talking to me for the last few weeks, since I learned about these allegations — by senior VP of global communications Sally Newell Cohen — because I talked offensive smack about Namazi to him and to another senior staffer on social media messaging channels.
ICANN grants Verisign its price increases, of course
ICANN has given Verisign its ability to increase .com prices by up to 7% a year, despite thousands of complaints from domain owners.
The amendments give Verisign the right to raise prices in each of the last four years of its six-year duration. The current price is $7.85 a year.
Because the contract came into effect in late 2018, the first of those four years begins October 26 this year, but Verisign last week said that it has frozen the prices of all of its TLDs until 2021, due to coronavirus.
Not accounting for discounts, .com is already already worth $1.14 billion in revenue to Verisign every year, based on its end-of-2019 domains under management.
In 2019, Verisign had revenue of $1.23 billion, of which about half was pure, bottom-line, net-income profit.
In defending this shameless money-grab, ICANN played up the purported security benefits of the deal, while offering a critique of the domainers and registrars that had lobbied against it.
Göran Marby, ICANN’s CEO, said in a blog post.
I believe this decision is in the best interest of the continued security, stability, and resiliency of the Internet.
…
Overall, the decision to execute the .COM Registry Agreement amendment and the proposed binding Letter of Intent is of benefit to the Internet community.
The decision was explained in more detail in a eight-page analysis document (pdf) published late last week.
I’ll summarize this paper in three bullet points (my words, not ICANN’s):
- Domainers are hypocrites.
- The deal is good for DNS security.
- Our hands were tied anyway.
First, while ICANN received over 9,000 comments about the proposed amendment, almost all negative, it said that publicity campaigns from domainer group the Internet Commerce Association and domainer registrar Namecheap were behind many of them.
the Internet Commerce Association (ICA) and Namecheap, are active players in the so called “aftermarket” for domain names, where domain name speculators attempt to profit by “buying low and selling high” on domain names, forcing end users to pay higher than retail prices for desirable domain names
It goes on to cite data from NameBio, which compiles lists of secondary market domain sales, to show that the average price of a resold domain is somewhere like $1,600 (median) to $2,400 (mean).
Both Namecheap and ICA supporter GoDaddy, which sells more .coms than any other registrar, have announced steep increases in their .com retail renewal fees in recent years — 20% in the case of GoDaddy — the ICANN document notes.
This apparent hypocrisy appears to be reason ICANN felt quite comfortable in disregarding many of the negative public comments it received.
Second, ICANN reckons other changes to the .com contract will benefit internet security.
Under a side deal (pdf) Verisign’s going to start giving ICANN $4 million a year, starting next January and running for five years, for what Marby calls “ICANN’s initiatives to preserve and enhance the security, stability, and resiliency of the DNS.” These include:
activities related to root server system governance, mitigation of DNS security threats, promotion and/or facilitation of Domain Name System Security Extensions (DNSSEC) deployment, the mitigation of name collisions, and research into the operation of the DNS.
Note that these are without exception all areas in which ICANN already performs functions, usually paid for out of its regular operating budget.
Because it looks like to all intents and purposes like a quid pro quo, to grease the wheels of getting the contract amendments approved, Marby promised that ICANN will commit to “full transparency” as to how its new windfall will be used.
The new contract also has various new provisions that standardize technical standardization and reporting in various ways, that arguably could provide some minor streamlining benefits to internet security and stability.
But ICANN is playing up new language that requires Verisign to require its registrars to forbid their .com registrants from doing stuff like distributing malware and operating botnets. Verisign’s registrar partners will now have to include in their customer agreements:
a provision prohibiting the Registered Name Holder from distributing malware, abusively operating botnets, phishing, pharming, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law and providing (consistent with applicable law and any related procedures) consequences for such activities, including suspension of the registration of the Registered Name;
Don’t expect this to do much to fight abuse.
It’s already a provision that applies to hundreds of other TLDs, including almost all gTLDs, and registrars typically incorporate it into their registration agreements by way of a link to the anti-abuse policy on the relevant registry’s web site.
Neither Verisign nor its registrars have any obligation to actually do anything about abusive domains under the amendments. As long as Verisign does a scan once a month and keeps a record of the total amount of abuse in .com — and this is data ICANN already has — it’s perfectly within the terms of its new contract.
Third and finally, ICANN reckons its hands were pretty much tied when it comes to the price increases. ICANN wrote:
ICANN org is not a competition authority or price regulator and ICANN has neither the remit nor expertise to serve as one. Rather, as enshrined in ICANN’s Bylaws, which were
developed through a bottom up, multistakeholder process, ICANN’s mission is to ensure the security and stability of the Internet’s unique identifier systems. Accordingly, ICANN must defer to relevant competition authorities and/or regulators, and let them determine if any conduct or behavior raises anticompetition concerns and, if so, to address such concerns, whether it be through price regulation or otherwise. As such, ICANN org has long-deferred to the DOC and the United States Department of Justice (DOJ) for the regulation of wholesale pricing for .COM registry services.
It was of course the DoC, under the Obama administration, that froze Verisign’s ability to raise prices and, under the Trump administration, thawed that ability in November 2018.
If you’re pissed off that the carrying cost of your portfolio is about to go up, you can blame Trump, in other words.
ALL .za domains have to link to government coronavirus web site
The South African government has decreed that every web site using a .za domain name must now carry a link to an official government coronavirus advice site.
The regulation (pdf), which largely focuses on other types of teleconmmunications services, came into effect last Thursday. It states:
Internet sites operating within .zaDNA top level domain name must have a landing page with a visible link to www.sacoronavirus.co.za
The rule applies to every site, not just those purveying health news.
ZADNA’s front page currently features this clickable graphic, slightly below the fold.
ZADNA is the registry for .za, but also the city gTLDs .joburg and .capetown. The wording of the regulation suggests that these two gTLDs are also covered by the rule, but official government communications make no mention of either.
The rules also require fake coronavirus news to be blocked, but that’s on the ISPs to implement.
You may notice that the government’s domain is SAcoronavirus.co.za. This appears to be because coronavirus.co.za currently belongs to a domainer. That bare-bones site has a non-clickable link to the government site, and also an offer to sell the domain.
Namecheap and others banning coronavirus domains
Anyone wanting to buy a coronavirus-related domain for scamming purposes won’t be able to do it via Namecheap, which has preemptively banned keyword domains on its storefront.
For the last several days, the registrar has rejiggered its web site to prevent customers adding domains containing certain keywords — such as “coronavirus” or “covid” or “vaccine” — to their shopping carts.
The company said today that customers wishing to register such domains for legitimate purposes can continue to do so by calling up Namecheap customer service and having the name registered manually.
CEO Richard Kirkendall said in an email to customers that Namecheap is also “actively working with authorities to both proactively prevent, and take down, any fraudulent or abusive domains or websites related to COVID19”.
A GoDaddy spokesperson told DI this week that it has also taken down domains when alerted to their usage as coronavirus scams.
Meanwhile, .uk registry Nominet said that it has added keywords such as “coronavirus” and “covid” to its Domain Watch initiative, the same semi-automated system it uses to flag and suspend phishing and “rape” domains preemptively at point of registration. Nominet said:
Those that look suspicious — based on our algorithm and then a manual check — are suspended until we see evidence of good intentions from the registrants.
So far, we have suspended over 180 domains while we conduct this extra due diligence. A small proportion responded to our satisfaction and had their domain names reactivated. It’s highly likely that those who did not respond were intending to use their domains to manipulate a public in need of information.
Another domain company taking action is aftermarket site Dan.com, which today said on Twitter that it will remove all coronavirus related domains from its marketplace.
Starting from today, we will be removing all Corona Virus related domains from https://t.co/vpmKVzih2D.
We're seeing astronomical high prices being asked for these domains and find that unethical and unacceptable.
— DAN.COM (@Undeveloped) March 26, 2020
Namecheap is also offering some customers payment flexibility when it comes to some products — largely non-domain products such as hosting — if they can convince customer service reps of their coronavirus-related financial hardship.
“I urge you not to abuse this offer, please allow it to be used by those who need it most, who are otherwise unable to pay,” Kirkendall wrote.
Verisign, the .com registry, yesterday hinted that it will be offering its registrars some similar flexibility, which one assumes could be passed on to registrants.
Go here to help fight against coronavirus abuse
A coalition of over 1,000 security experts, domain name providers and others have got together to help coordinate efforts to combat abusive coronavirus-related domains.
A workspace on the collaboration platform Slack has been growing steadily since it was created a week ago, enabling technology professionals to exchange information about the alarming number of sites currently trying to take advantage of the pandemic.
You can join the channel via this link. Thanks to Theo Geurts of RealtimeRegister.com for passing it along.
The collection of chat rooms appears to have been created by Joshua Saxe, chief scientist at security software firm Sophos, March 19. There are currently 1,104 members.
There’s a channel devoted to malicious domains, which is being used to share statistical data and lists of bad and good coronavirus-related domains, among other things.
Across the workspace, a broad cross-section of interested parties is represented. Current members appear to come from security companies, governments, law enforcement, registries, registrars, ICANN, healthcare providers, and others.
It seems like a pretty good way for the technical members of the domain name industry to keep track of what’s going on during the current crisis, potentially helping them to put a stop to threats using domains they manage as they emerge.
As it releases free download, DomainTools says 68,000 dangerous coronavirus domains have been registered
More than 68,000 coronavirus-related domain names have been registered so far in 2020, according to data released by DomainTools today.
The domain intelligence services company has started publishing a list of these domains, updated daily, for free on its web site. You have to submit your email address to get it.
The download comprises a CSV file with three columns: domain, reg date, and Domain Risk Score.
This final field is based on DomainTools’ in-house algorithms that estimate how likely domains are likely to be used in nefarious activities, based on criteria including the domain’s connection to other, known-bad domains.
Only domains with a score of 70 or above out of 100 — indicating they will likely be used for activities such as phishing, malware or spam — will be included on the list, the company said.
The list will be updated daily at 0000 UTC.
You can find out more and obtain today’s list here.
No .com price increases this year. Thanks, coronavirus!
Verisign won’t increase prices on .com or any of its other TLDs this year.
The promise comes as part of a package of coronavirus-related measures the company announced on its blog yesterday. Verisign said:
In order to support individuals and small businesses affected by this crisis, Verisign will freeze registry prices for all of our Top-Level Domains (TLDs), including .com and .net, through the end of 2020. In addition, we will soon deploy a program, available to all retail registrars, to provide support and assistance for domain name registrants whose domain names will be expiring in the coming months.
No additional details on the proposed registrant support program were made available.
The pricing news sounds good, especially for high-volume domain owners such as domainers and trademark owners, but it should be noted that in the case of .com it amounts to a mere two-month price freeze.
Under the terms of its current agreement with ICANN, it can’t raise prices at all. The controversial proposed amendments that recently attracted about 9,000 objections, would reinstate price-raising powers.
However, assuming ICANN approves the new contract, which seems likely, Verisign would only be able to up its fees in the final four years of its six-year deal. The first of those four years begins October 20 this year.
Conceivably, it could have announced a 7% price hike for .com on October 21, but the company has now said that it will not.
Verisign also said yesterday that it’s donating an “initial” $2 million to “first responders and medical personnel in the Northern Virginia area, the United Way’s COVID-19 relief efforts, and the Semper Fi & America’s Fund”.
It is also doubling the funding available to the scheme where it matches employees’ charitable donations, which could increase (and incentivize) giving to coronavirus-related causes.
US officials gunning for coronavirus domains
US state and federal law enforcement are pursuing domain names being used to push bogus products and misinformation related to coronavirus Covid-19.
In separate actions, the US Department of Justice forced Namecheap to take down a scam site that was allegedly using fear of coronivirus to hoodwink visitors out of their cash, while the New York Attorney General has written to registrars to demand they take action against similar domains.
The DoJ filed suit (pdf) against the anonymous “John Doe” registrant of coronavirusmedicalkit.com on Saturday and on Sunday obtained a temporary restraining order obliging Namecheap to remove the DNS from the domain and lock it down, which Namecheap seems to have done.
Namecheap is not named as a defendant, but the complaint notes that the DoJ had requested the domain be taken down on March 19 and no action had been taken by the evening of March 21.
The web site in question allegedly informed visitors that the World Health Organization was giving away free coronavirus vaccines to anyone prepared to pay a $4.95 shipping fee by handing over their credit card details.
This is an identity theft scam and wire fraud, the complaint says.
Meanwhile, NYAG Letitia James has sent letters, signed by IT chief Kim Berger, to several large US registrar groups — including GoDaddy, Dynadot, Name.com, Namecheap, Register.com, and Endurance — to ask them to “stop the registration and use of internet domain names by individuals trying to unlawfully and fraudulently profit off consumers’ fears around the coronavirus disease”.
In the letter to GoDaddy (pdf), Berger asks for a “dialogue” on the following preventative measures:
- The use of automated and human review of domain name registration and traffic patterns to identify fraud;
- Human review of complaints from the public and law enforcement about fraudulent or illegal use of coronavirus domains, including creating special channels for such complaints;
- Revising your terms of service to reserve aggressive enforcement for the illegal use of coronavirus domains; and
- De-registration of the domains cited in the articles identified above that were registered at GoDaddy, and any holds in place on registering new domains related to coronavirus, or similar blockers that prevent rapid registration of coronavirus-related domains.
In other words: try to stop these domains being registered, and take them down if they are.
No specific malicious sites are listed in the letter. Rather, Berger cites a study by Check Point Software that estimates that something like 3% of the more than 4,000 coronavirus-related domains registered between January and March 5 are “malicious” in nature.
Recent Comments