Famous Four is DEAD! New registry promises spam crackdown

Famous Four Media’s portfolio of gTLD registries is now under the control of a new company, Global Registry Services Ltd, which has promised to abandon its failed penny-domain strategy and crack down on spam.
(August 9 update: This article contains some incorrect assumptions and speculation. Please read this follow-up piece for clarifications.)
The company, which goes by the name GRS Domains, told registrars yesterday that FFM’s 16 gTLDs are now “controlled by the same parties that control Domain Venture Partners PCC Limited, and are no longer under the management of FFM.”
DVP also owned FFM, so it’s not clear how big of a deal this restructuring is from a management point of view.
My sense is that there’s not really been a substantial change, but it’s certainly more than a simple rebranding exercise.
I’ve learned that DVP was placed into administration under the Insolvency Act back in April, with management of the TLDs handed to a PricewaterhouseCoopers administrator, more or less as I speculated in June.
The TLDs affected are: .loan, .win, .men, .bid, .stream, .review, .trade, .date, .party, .download, .science, .racing, .accountant, .faith, .webcam and .cricket.
GRS told registrars:

Moving forward there are several changes being made with regard to the overall strategy of the portfolio of gTLDs, the main one being a change to a “quality over quantity” ethos and focusing on working with our Registrar Partners to sharply reduce abuse and spam registrations.

As such, all of its current pricing promotions will end August 20 and a “much more transparent and sensible pricing strategy” will come into play.
That means a wholesale reg fee of $9.98 across the board, at least until February 2019.
GRS also plans to take a lot of its lower-priced reserved “premium” names out of the premium program altogether, and to reprice “a considerable portion” of the more expensive ones.
Finally, the company, not known to attend ICANN meetings in the past, said it plans to show up at the Barcelona meeting in October to formally relaunch itself.
Famous Four has become notorious over the last few years for its deep-discounted TLDs, which have become a haven for spammers who want to register large numbers of super-cheap, throwaway domains.
As such, its gTLDs’ volumes have been huge — many racking up hundreds of thousands of names — but their renewals poor and their reputation worse.
If GRS’ new strategy is effective, we’re almost certainly going to see the industry-wide overall number of active new gTLD domains tank over the next year or so, giving more ammunition to those who think the new gTLD program was a huge waste of effort.
It could also have an impact on ICANN’s budget — no matter how cheap FFM sold its names, it still had to pay its ICANN fees on a per-domain basis. Fewer domains equals less money in ICANN’s coffers. FFM’s registries paid over $1.6 million in ICANN fees in the organization’s fiscal 2017.
While GRS is now apparently “controlled by the same parties that control Domain Venture Partners PCC Limited”, it’s not abundantly clear to me whether that’s the same people who’ve been running FFM for the last eight years.
DVP has not immediately responded to a request for comment today.
The DVP web site has not resolved in months. The new grs.domains site doesn’t name anyone, and the NIC sites for the gTLDs in the portfolio only identify a PwC bankruptcy accountant as the primary contact.
All the companies in question are based in tax haven Gibraltar, which isn’t particularly forthcoming about identifying company directors, partners or owners.
DVP’s directors were originally Adrian Hogg, Charles Melvin, Iain Roache, Douglas Smith, Peter Young, Joseph Garcia and a company called Domain Management II (itself chaired by Roache), according to an investor presentation (pdf) DI obtained back in 2013.
I believe Melvin at least, after a legal dispute with the others, is no longer involved.
And it appears that DVP is or was in fact in administration.
I noted back in June that the 16 gTLDs were now all being administered by PwC accountant Edgar Lavarello, and wondered aloud whether this meant FFM was bankrupt.
Today I obtained (read: paid an extortionate sum for) a Gibraltar court order dated April 23 putting DVP into administration under the Insolvency Act and appointing PwC as the administrator.
The application had been made by an investor called Christina Mattin and fellow investor Braganza, a private vehicle owned by a wealthy Scandinavian family, which was (at least last year) a 10% owner.
Other named investors the court heard from were the mysterious Liechtenstein-based Rennes Foundation, something called Northern Assets Investments Limited and Dutch multimillionaire Francis Claessens.
Overall, it smells a bit to me like DVP’s principals, having seen their previous venture put out of business by disgruntled investors, have snapped up its assets and are going to try to make a second go of running the business.
As for FFM? Well, it looks rather like we won’t be hearing that name again.
UPDATE: This article was updated several hours after it was originally posted to clarify that DVP was/is “in administration”.

Fight over Whois access starts early

Starting as they mean to go on? The new ICANN working group on Whois this week saw early, if predictable, divisions on the issue of access to private data in a post-GDPR world.
The so-called Whois EPDP (for Expedited Policy Development Process) held its first teleconference on Wednesday and while not really getting around to the nitty-gritty of policy managed to quickly start squabbling about its schedule and rules of engagement.
It’s already not looking promising that blanket cross-community consensus is going to be reached in the time permitted.
The group is tasked with turning the current Temporary Specification for Whois, which was created by the ICANN board of directors, into a formal consensus policy that in principle has the support of the whole community.
Group chair Kurt Pritz laid out three targets for the group.
First up is a “triage” document, which will basically see the community decide, line by line, what it likes and does not like about the Temp Spec.
In theory, the EPDP could just rubber-stamp the whole shebang and be done with it, but that’s highly unlikely.
Second is an Initial Report, which will include the agreements reached in the triage document and the agreements reached in subsequent discussions.
That’s due in October at ICANN’s meeting in Barcelona, which is ambitious but not necessarily impossible.
The Temp Spec was written with guidance from lawyers and European data protection authorities, so there’s a limit to how far the EPDP can stray, in my view.
Thirdly, and most controversially, is an “Initial Report outlining a proposed model of a system for providing accredited access to non-public Registration Data.”
This is the proposed standardized system that will allow security and intellectual property interests, and possibly others, to see unredacted Whois data like we all could just a few months ago.
Many stakeholder groups are in favor of such a system, but the Non-Commercial Stakeholders Group are decidedly not.
The NCSG, given voice principally by academic Milton Mueller, objected to the Pritz/ICANN plan to start soliciting comments on access from the EPDP group later this month, before the group has come to consensus on the so-called “gating questions”.
The gating questions are rather less thorny issues such as whether the purposes registrars collect personal data as mandated by the Temp Spec are in fact legitimate under the GDPR and what data should be transferred from registrars to their registries.
Mueller said that the gating issues represent a “crisis situation” — the EPDP group has just a few months to come to consensus on which parts of the Temp Spec it agrees with — and that discussions about access can be safely pushed back until later.
Perhaps predicting an impasse in future, he also warned Pritz not to over-sell the level of consensus the group reaches if there are still dissenting voices at the end of the process.
Mueller yesterday told the group that NCSG — there are six members on the EPDP team — will refuse to engage on the access issue until consensus had been found on the gating issues.
But NCSG faced push-back from pro-access groups including the Business Constituency, Governmental Advisory Committee and At-Large Advisory Committee.
Alan Greenberg of the ALAC said access talks are “really important” and intertwined with the gating questions. Groups may change their positions on one set of questions based on the discussions of the other, he said.
As it stands today, the group has been asked to fill out four sets of questionnaires, polling their support for various parts of the Temp Spec, over the next few weeks.
The controversial fourth questionnaire covers the access model, but ICANN staff facilitating the group have assured the NCSG these responses will be essentially sat on until the working group is ready to address them.
The group is planning twice-weekly teleconferences in its effort to get its first and second deliverables ready in time for Barcelona.

Chaotic scenes as ‘Grumpies’ lose auDA board fight

Three directors of .au registry auDA managed to keep their seats on the board despite losing the “popular vote” of members late last week.
The vote happened at the conclusion of an occasionally chaotic three-hour meeting that saw former AusRegistry chief Adrian Kinderis kicked out of the room barely a minute into proceedings.
The results in each of the three votes to fire directors Suzanne Ewart, Sandra Hook and chair Chris Leptos were 57 or 58 in favor and 51 or 52 against, which would have been a narrow win for the so-called “Grumpies” who originally called for the sackings.
However, auDA rules require, Leptos said, a simple majority of both “Supply” and “Demand” classes of members, and the Supply class (ie, registrars) voted against the motions by 30 to 2 or 31 to 1.
Therefore, all three directors get to keep their jobs.
auDA noted in a statement that a greater proportion of Supply class members (the substantially smaller constituency) turned out to vote compared to Demand class, adding:

It is time now for all members to get behind the reform of auDA as demanded by the federal government.
auDA is not the plaything of a small group of self-interested parties.
It can no longer be run as a club type organisation with a small membership who wield undue influence.

A “club type organization” was pretty much what came across during the meeting, which was audio-only webcast Friday morning. ICANN, auDA ain’t.
I was left with the impression of something a bit like Nominet circa 2010 or my first ICANN meeting back in 1999. Not so much herding cats, as [RACIST JOKE ALERT] herding wallabies.
At times it felt like an ICANN Public Forum, with an infinite number of Paul Foodys lining up at the mic.
At the same time, the meeting was chaired by somebody who, despite never losing his cool, seemed set on limiting criticism from members to the greatest extent possible.
There was controversy from the very outset, with the former CEO of former .au back-end provider AusRegistry (now part of Neustar) getting kicked out in the opening minute.
Kinderis, who no longer works for Neustar and has vowed publicly to be a thorn in auDA’s side, said he was “unlawfully removed” from the meeting by venue security, at the instruction of Leptos.
Leptos disputed Kinderis’ claim that he was there as a proxy for a legit member and said he believed he had acted “entirely appropriately” in ordering his removal.
There was no suggestion of physical force being used. His exit was recorded by chief Grumpy Josh Rowe, who then posted a brief video to Twitter.

pic.twitter.com/zvfJhuqUm9

— Josh Rowe (@joshrowe) July 27, 2018

Leptos then threatened to throw out fellow Grumpy Jim Stewart, who was protesting Kinderis’ removal, before warning non-member attendees that they would not be permitted to ask questions.
Forty-five minutes later, he repeatedly threatened to kick out Stewart for live-streaming video of the meeting from his phone, having apparently received complaints from other members.
Fifteen minutes later, the threats returned after Stewart and another member attempted to engage Leptos in an argument about auDA’s member recruitment policy.
The words “take a seat Mr…” were a recurring meme throughout the meeting.
The original reasons for the call for the directors to be fired were myriad, ranging from lack of transparency to projects such as the Neustar-Afilias registry transition and auDA’s desire to start selling direct second-level .au domains.
But the bulk of the meeting was taken up with discussions, and attempted discussions, about auDA’s recent membership spike.
The Grumpies have audited the new member list — which has grown from 300-odd to 1,345 in just a few weeks — and found that the vast majority of new members are employees of just three registrars and one registry (Afilias, the new back-end).
They reckon these new members, many of whom do not live in Australia, represent an attempt by auDA leadership to capture the voting community, and that foreigners are not technically members of the “Australian internet community” that auDA is supposed to represent.
Leptos responded to such criticisms by saying that employees of Australia-focused registrars are indeed members of the Australian internet community, regardless of their country of residence.
He added that auDA is under the instruction of the Australian government to diversify its membership — he said that registrars have no board representation currently — and that the recently added members are a first step on that path.
The Grumpies had shortly before the meeting started making accusations that the membership influx amounts to “potential cartel behaviour”.
Leptos addressed this directly during the meeting, saying they had “accused the CEO of criminal conduct” and categorically denying any wrongdoing.
auDA later issued a statement saying:

This is a very serious allegation to have been made and auDA strongly disagrees that by encouraging others to join the auDA membership, or by approving membership applications which satisfy its constitutional requirements, auDA or its officers have engaged in cartel behaviour or otherwise acted improperly.

KeyDrive reverses into CentralNic in $55 million deal

CentralNic this morning confirmed that it has signed a deal to merge with KeyDrive to dramatically grow its market share in the registrar and registry markets.
The deal, technically a reverse takeover, is worth up to $55 million, $10.5 million of which is performance-related.
KeyDrive is the holding company for brands including the registrars Key-Systems, Moniker and BrandShelter and the registries OpenRegistry and KSRegistry.
It is by far the bigger player in the registrar space. The combined company will have 7.1 million domains under management, 5.8 million of which will come from the Luxembourg-based firm.
“The acquisition of KeyDrive is transformative for CentralNic, significantly increasing the Company’s scale and giving it significant extra firepower in the domain name industry to rival the traditional major players,” CentralNic CEO Ben Crawford said in a statement.
CentralNic says the deal will make it the 11th-largest registrar in terms of gTLD domains under management and the fifth-largest registry back-end in terms of TLDs managed (which will hit 118).
KeyDrive had 2017 revenue of $58.26 million and adjusted EBITDA of $5.87 million. Operating profit was $4.3 million.
CentralNic had 2017 revenue of £24.3 million ($32.2 million), adjusted EBITDA of £6.6 million ($8.7 million) and operating profit of £1.8 million ($2.4 million). These numbers do not include the £3.2 million-a-year SKNIC business, which CentralNic acquired right at the end of last year.
KeyDrive CEO Alexander Siffrin will become COO of CentralNic and one of its largest shareholders, owning 16.4% of the combined company’s shares.
The acquisition itself is fairly complex.
CentralNic will raise $16.5 million cash in a share placement and it will issue $19.3 million of shares to a holding company majority-owned by Siffrin. The remaining $10.5 million is performance related and may be paid in a combination of cash and shares, mostly shares.
It’s all subject to shareholder approval at an August 1 general meeting.
Assuming the deal closes, CentralNic says its plan is to become the “GoDaddy of Emerging Markets”, though what this means in practice is not immediately clear.
It does seem that there will be some job losses as the company rationalizes staffing across its various locations.
As far as technical integration goes, CentralNic’s registrars will migrate to KeyDrive’s platform and KeyDrive’s registries will migrate to CentralNic’s registry platform.
The potential for a deal was first revealed in March, after a leak. Trading in its shares was halted as a result, but resumed this morning.

Could crypto solve the Whois crisis?

Could there be a cryptographic solution to some of the problems caused by GDPR’s impact on public Whois databases? Security experts think so.
The Anti-Phishing Working Group has proposed that hashing personal information and publishing it could help security researchers carry on using Whois to finger abusive domain names.
In a letter to ICANN, APWG recently said that such a system would allow registries and registrars to keep their customers’ data private, but would still enable researchers to identify names registered in bulk by spammers and the like.
“Redacting all registration records which were formerly publicly available has unintended and undesirable consequences to the very citizens and residents that electronic privacy legislation intends to protect,” the letter (pdf) says.
Under the proposed system, each registry or registrar would generate a private key for itself. For each Whois field containing private data, the data would be added to the key and hashed using a standard algorithm such as SHA-512.
For items such as physical addresses, all the address-related fields would be concatenated, with the key, before hashing the combined value.
The resulting hash — a long string of gibberish characters — would then be published in the public Whois instead of the [REDACTED] notice mandated by current ICANN policy.
Security researchers would then be able to identify domains belonging to the same purported registrant by searching for domains containing the same hash values.
It’s not a perfect solution. Because each registry or registrar would have their own key, the same registrant would have different hash values in different TLDs, so it would not be possible to search across TLDs.
But that may not be a huge problem, given that bad guys tend to bulk-register names in TLDs that have special offers on.
The hashing system may also be beneficial to interest groups such as trademark owners and law enforcement, which also look for registration patterns when tracking down abuse registrants.
The proposal would create implementation headaches for registries and registrars — which would actually have to build the crypto into their systems — and compliance challenges for ICANN.
The paper notes that ICANN would have to monitor its contracted parties — not all of which may necessarily be unfriendly to spammers — to make sure they’re hashing the data correctly.

New gTLD fees could be kept artificially high

More windfalls for ICANN? It’s possible that application fees for new gTLDs could be artificially propped up in order to discourage gaming.
In the newly published draft policy recommendations for the next new gTLD round, ICANN volunteers expressed support for keeping fees high “to deter speculation, warehousing of
TLDs, and mitigating against the use of TLDs for abusive or malicious purposes”.
It’s one of the ideas posed in the the Initial Report on the New gTLD Subsequent Procedures Policy Development Process, published this week.
It recommends that ICANN continues to price its application fees on a revenue-neutral basis, but with one big exception.
The report notes that there’s support for an “application fee floor” — a minimum fee threshold that would not be crossed no matter how cheap application processing actually becomes:

there might be a case where a revenue neutral approach results in a fee that is “too low,” which could result in an excessive amount of applications (e.g., making warehousing, squatting, or otherwise potentially frivolous applications much easier to submit), reduce the sense of responsibility and value in managing a distinct and unique piece of the Internet, and diminish the seriousness of the commitment to owning a TLD.

The subgroup looking at fees was “generally supportive” of the notion of a floor, the report says.
If the fee floor were used, excess funds would have to be pumped into efforts such as “universal acceptance”, the ongoing outreach project that hopes to persuade developers to ensure their software supports all TLDs.
It could also be used to support applications from the poorer regions of the world.
I wonder how much of a deterrent to warehousing an artificially high application fee would be; deep-pocketed Google and Amazon appear to have warehoused dozens of TLDs they applied for in the 2012 round.
The application fee in 2012 was $185,000 per string, priced on a “cost recovery” basis. The idea was that ICANN shouldn’t use the fees to subsidize its regular operations and vice versa.
But with roughly one third of that amount earmarked for unexpected contingencies — basically a legal defense fund — ICANN currently has close to $100 million in unspent fees sitting idle in a dedicated bank account.
The Initial Report also discusses whether application fees should be varied based on application type, as well as posing dozens of other questions for the community on the rules for the next round of new gTLDs.
Comment here.

No, I don’t get what’s going on with GDPR either

GDPR comes into effect next week, changing the Whois privacy landscape forever, and like many others I still haven’t got a clue what’s going on.
ICANN’s still muddling through a temporary Whois spec that it hopes will shield itself and the industry from fines, special interests are still lobbying for special privileges after May 25, EU privacy regulators are still resisting ICANN’s begging expeditions, and registries and registrars are implementing their own independent solutions.
So what will Whois look like from next Friday? It’s all very confusing.
But here’s what my rotting, misfiring, middle-aged brain has managed to process over the last several days.
1. Not even the ICANN board agrees on the best way forward
For the best part of 2018, ICANN has been working on a temporary replacement Whois specification that it could crowbar into its contracts in order to enforce uniformity across the gTLD space and avoid “fragmentation”, which is seen as a horrific prospect for reasons I’ve never fully understood (Whois has always been fragmented).
The spec has been based on legal advice, community and industry input, and slim guidance from the Article 29 Working Party (the group comprising all EU data protection authorities or DPAs).
ICANN finally published a draft (pdf) of the spec late last Friday, May 11.
That document states… actually, forget it. By the time the weekend was over it and I had gotten my head around it, it had already been replaced by another one.
Suffice it to say that it was fairly vague on certain counts — crucially, what “legitimate purposes” for accessing Whois records might be.
The May 14 version came after the ICANN board of directors spent 16 hours or so during its Vancouver retreat apparently arguing quite vigorously about what the spec should contain.
The result is a document that provides a bit more clarity about that it hopes to achieve, and gets a bit more granular on who should be allowed access to private data.
Importantly, between May 11 and May 14, the document started to tile the scales a little away from the privacy rights of registrants and towards towards the data access rights of those with the aforementioned legitimate purposes for accessing it.
One thing the board could agree on was that even after working all weekend on the spec, it was still not ready to vote to formally adopt it as a Temporary Policy, which would become binding on all registries and registrars.
It now plans to vote on the Temporary Policy tomorrow, May 17, after basically sleeping on it and considering the last-minute yowls and cries for help from the variously impacted parts of the community.
I’ll report on the details of the policy after it gets the nod.
2. ICANN seems to have grown a pair
Tonally, ICANN’s position seems to have shifted over the weekend, perhaps reflecting an increasingly defiant, confident ICANN.
Its weekend resolution asserts:

the global public interest is served by the implementation of a unified policy governing aspects of the gTLD Registration Data when the GDPR goes into full effect.

For ICANN to state baldly, in a Resolved clause, that something is in the “global public interest” is notable, given what a slippery topic that has been in the past.
New language in the May 14 spec (pdf) also states, as part of its justification for continuing to mandate Whois as a tool for non-technical purposes: “While ICANN’s role is narrow, it is not limited to technical stability.”
The board also reaffirmed that it’s going to reject Governmental Advisory Committee advice, which pressured ICANN to keep Whois as close to its current state as possible, and kick off a so-called “Bylaws consultation” to see if there’s any way to compromise.
I may be reading too much into all this, but it seems to me that having spent the last year coming across as a borderline incompetent johnny-come-lately to the GDPR conversation, ICANN’s becoming more confident about its role.
3. But it’s still asking DPAs for a moratorium, kinda
When ICANN asked the Article 29 Working Party for a “moratorium” on GDPR enforcement, to give itself and the industry some breathing space to catch up on its compliance initiatives, it was told no such thing was legally possible.
Not to be deterred, ICANN has fired back with a long list of questions (pdf) asking for assurances that DPAs will not start fining registrars willy-nilly after the May 25 deadline.
Sure, there may be no such thing as a moratorium, ICANN acknowledges, but can the DPAs at least say that they will take into account the progress ICANN and the industry is making towards compliance when they consider their responses to any regulatory complaints they might receive?
The French DPA, the Commission Nationale de L’informatique & Libertés, has already said it does not plan to fine companies immediately after May 25, so does that go for the other DPAs too? ICANN wants to know!
It’s basically another way of asking for a moratorium, but one based on aw-shucks reasonableness and an acknowledgement that Whois is a tricky edge case that probably wasn’t even considered when GDPR was being developed.
4. No accreditation model, yet
There’s no reference in the new spec to an accreditation model that would give restricted, tiered access to private Whois data to the likes of security researchers and IP lawyers.
The board’s weekend resolution gives a nod to ongoing discussions, led by the Intellectual Property Constituency and Business Constituency (and reluctantly lurked on by other community members), about creating such a model:

The Board is aware that some parts of the ICANN community has begun work to define an Accreditation Model for access to personal data in Registration Data. The Board encourages the community to continue this work, taking into account any advice and guidance that Article 29 Working Party or European Data Protection Board might provide on the topic.

But there doesn’t appear to be any danger of this model making it into the Temporary Policy tomorrow, something that would have been roundly rejected by contracted parties.
While these talks are being given resource support by ICANN (in terms of mailing lists and teleconferencing), they’re not part of any formal policy development process and nobody’s under any obligation to stick to whatever model gets produced.
The latest update to the accreditation model spec, version 1.5, was released last Thursday.
It’s becoming a bit of a monster of a document — at 46 pages it’s 10 pages longer than the ICANN temporary spec — and would create a hugely convoluted system in which people wanting Whois access would have to provide photo ID and other credentials then pay an annual fee to a new agency set up to police access rights.
More on that in a later piece.
5. Whois is literally dead
The key technical change in the temporary Whois spec is that it’s not actually Whois at all.
Whois is not just the name given to the databases, remember, it’s also an aging technical standard for how queries and responses are passed over the internet.
Instead, ICANN is going to mandate a switch to RDAP, the much newer Registration Data Access Protocol.
RDAP makes Whois output more machine-readable and, crucially, it has access control baked in, enabling the kind of tiered access system that now seems inevitable.
ICANN’s new temporary spec would see an RDAP profile created by ICANN and the community by the end of July. The industry would then have 135 days — likely a late December deadline — to implement it.
Problem is, with a few exceptions, RDAP is brand-new tech to most registries and registrars.
We’re looking at a steep learning curve for many, no doubt.
6. It’s all a bit of a clusterfuck
The situation as it stands appears to be this:
ICANN is going to approve a new Whois policy tomorrow that will become binding upon a few thousand contracted parties just one week later.
While registries and registrars have of course had a year or so’s notice that GDPR is coming and will affect them, and I doubt ICANN Compliance will be complete assholes about enforcement in the near term, a week’s implementation time on a new policy is laughably, impossibly short.
For non-contracted parties, a fragmented Whois seems almost inevitable in the short term after May 25. Those of us who use Whois records will have to wait quite a bit longer before anything close to the current system becomes available.

MMX rejected three takeover bids before buying .xxx

MMX talked to three other domain name companies about potentially selling itself before deciding instead to go on the offensive, picking up ICM Registry for about $41 million.
The company came out of a year-long strategic review on Friday with the shock news that it had agreed to buy the .xxx, .adult, .porn and .sex registry, for $10 million cash and about $31 million in stock.
CEO Toby Hall told DI today that informal talks about MMX being sold or merged via reverse takeover had gone on with numerous companies over the last 11 months, but that they only proceeded to formal negotiations in three cases.
Hall said he’d been chatting to ICM president and majority owner Stuart Lawley about a possible combination for over two years.
ICM itself talked to four potential buyers before going with MMX’s offer, according to ICM.
Lawley, who’s quitting the company, will become MMX’s largest shareholder following the deal, with about 15% of the company’s shares. Five other senior managers, as well as ICM investor and back-end provider Afilias, will also get stock.
Combined, ICM-related entities will own roughly a quarter of MMX after the deal closes, Hall said.
ICM, with its high-price domains and pre-2012 early-mover advantage, is the much more profitable company.
It had sales of $7.3 million and net income of $3.5 million in 2017, on approximately 100,000 registrations.
Compared to MMX, that’s about the same amount of profit on about half the revenue. It just reported 2017 profit of $3.8 million on revenue of $14.3 million.
There’s doesn’t seem to be much need or desire to start swinging the cost-cutting axe at ICM, in other words. Jobs appear safe.
“This isn’t a business in any way that is in need of restructuring,” Hall said.
He added that he has no plans to ditch Afilias as back-end registry provider for the four gTLDs. MMX’s default back-end for the years since it ditched its self-hosted infrastructure has been Nominet.
The deal reduces MMX’s exposure to the volatile Chinese market, where its .vip TLD has proved popular, accounting for over half of the registry’s domains under management.
It also gives MMX ownership of ICM’s potentially lucrative portfolio of reserved premium names.
There are over 9,700 of these, with a combined buy-now price of just shy of $135 million.
I asked Hall whether he had any plans to get these names sold. He laughed, said “the answer is yes”, and declined to elaborate.
ICM currently has a sales staff of three people, he said.
“It’s a small team, but their track record is exceptional,” he said.
The company’s record, I believe, is sex.xxx, which sold for $3 million. It has many six-figure sales on record. Premiums renew at standard reg fee, around $60.
With the ICM deal, MMX has recast itself after a year of uncertainty as an acquirer rather than an acquisition target.
While many observers — including yours truly — had assumed a sale or merger were on the cards, MMX has gone the other route instead.
It’s secured a $3 million line of credit from its current largest shareholder, London and Capital Asset Management Ltd, “to support future innovation and acquisition orientated activity”.
That’s not a hell of a lot of money to run around snapping up rival gTLDs, but Hall said that it showed that investors are supportive of MMX’s new strategy.
So does this mean MMX is going to start devouring failing gTLDs for peanuts? Not necessarily, but Hall wouldn’t rule anything out.
“Our long-term strategy is ultimately based around being an annuity-based business,” he said. He’s looking at companies with a “strong recurring revenue model”.
About 78% of ICM’s revenue last year came from domain renewals. The remainder was premium sales. For MMX, renewal revenue doubled to $4.8 million in 2017, but that’s still only a third of its overall revenue (though MMX is of course a less-mature business).
So while Hall refused to rule out looking at buying up “struggling” gTLDs, I get the impression he’s not particularly interested in taking risks on unproven strings.
“You can never say never to any opportunity,” he said. “If we come across and asset and for whatever reason we believe we can monetize it, it could become an acquisition target.”
The acquisition is dependent on ICANN approving the handover of registry contracts, something that doesn’t usually present a problem in this kind of M&A.

ICANN flips off governments over Whois privacy

ICANN has formally extended its middle finger to its Governmental Advisory Committee for only the third time, telling the GAC that it cannot comply with its advice on Whois privacy.
It’s triggered a clause in its bylaws used to force both parties to the table for urgent talks, first used when ICANN clashed with the GAC on approving .xxx back in 2010.
The ICANN board of directors has decided that it cannot accept nine of the 10 bulleted items of formal advice on compliance with the General Data Protection Regulation that the GAC provided after its meetings in Puerto Rico in March.
Among that advice is a direction that public Whois records should continue to contain the email address of the registrant after GDPR goes into effect May 25, and that parties with a “legitimate purpose” in Whois data should continue to get access.
Of the 10 pieces of advice, ICANN proposes kicking eight of them down the road to be dealt with at a later date.
It’s given the GAC a face-saving way to back away from these items by clarifying that they refer not to the “interim” Whois model likely to come into effect at the GDPR deadline, but to the “ultimate” model that could come into effect a year later after the ICANN community’s got its shit together.
Attempting to retcon GAC advice is not unusual when ICANN disagrees with its governments, but this time at least it’s being up-front about it.
ICANN chair Cherine Chalaby told GAC chair Manal Ismail:

Reaching a common understanding of the GAC’s advice in relation to the Interim Model (May 25) versus the Ultimate Model would greatly assist the Board’s deliberations on the GAC’s advice.

Of the remaining two items of advice, ICANN agrees with one and proposes immediate talks on the other.
One item, concerning the deployment of a Temporary Policy to enforce a uniform Whois on an emergency basis, ICANN says it can accept immediately. Indeed, the Temporary Policy route we first reported on a month ago now appears to be a done deal.
ICANN has asked the GAC for a teleconference this week to discuss the remaining item, which is:

Ensure continued access to the WHOIS, including non-public data, for users with a legitimate purpose, until the time when the interim WHOIS model is fully operational, on a mandatory basis for all contracted parties;

Basically, the GAC is trying to prevent the juicier bits of Whois from going dark for everyone, including the likes of law enforcement and trademark lawyers, two weeks from now.
The problem here is that while ICANN has tacit agreement from European data protection authorities that a tiered-access, accreditation-based model is probably a good idea, no such system currently exists and until very recently it’s not been something in which ICANN has invested a lot of focus.
A hundred or so members of the ICANN community, led by IP lawyers who won’t take no for an answer, are currently working off-the-books on an interim accreditation model that could feasibly be used, but it is still subject to substantial debate.
In any event, it would be basically impossible for any agreed-upon accreditation solution to be implemented across the industry before May 25.
So ICANN has invoked its bylaws fuck-you powers for only the third time in its history.
The first time was when the GAC opposed .xxx for reasons lost in the mists of time back in 2010. The second was in 2014 when the GAC overstepped its powers and told ICANN to ignore the rest of the community on the issue of Red Cross related domains.
The board resolved at a meeting last Thursday:

the Board has determined that it may take an action that is not consistent or may not be consistent with the GAC’s advice in the San Juan Communiqué concerning the GDPR and ICANN’s proposed Interim GDPR Compliance Model, and hereby initiates the required Board-GAC Bylaws Consultation Process required in such an event. The Board will provide written notice to the GAC to initiate the process as required by the Bylaws Consultation Process.

Chalaby asked Ismail (pdf) for a call this week. I don’t know if that call has yet taken place, but given the short notice I expect it has not.
For the record, here’s the GAC’s GDPR advice from its Puerto Rico communique (pdf).

the GAC advises the ICANN Board to instruct the ICANN Organization to:
i. Ensure that the proposed interim model maintains current WHOIS requirements to the fullest extent possible;
ii. Provide a detailed rationale for the choices made in the interim model, explaining their necessity and proportionality in relation to the legitimate purposes identified;
iii. In particular, reconsider the proposal to hide the registrant email address as this may not be proportionate in view of the significant negative impact on law enforcement, cybersecurity and rights protection;
iv. Distinguish between legal and natural persons, allowing for public access to WHOIS data of legal entities, which are not in the remit of the GDPR;
v. Ensure continued access to the WHOIS, including non-public data, for users with a legitimate purpose, until the time when the interim WHOIS model is fully operational, on a mandatory basis for all contracted parties;
vi. Ensure that limitations in terms of query volume envisaged under an accreditation program balance realistic investigatory crossreferencing needs; and
vii. Ensure confidentiality of WHOIS queries by law enforcement agencies.
b. the GAC advises the ICANN Board to instruct the ICANN Organization to:
i. Complete the interim model as swiftly as possible, taking into account the advice above. Once the model is finalized, the GAC will complement ICANN’s outreach to the Article 29 Working Party, inviting them to provide their views;
ii. Consider the use of Temporary Policies and/or Special Amendments to ICANN’s standard Registry and Registrar contracts to mandate implementation of an interim model and a temporary access mechanism; and
iii. Assist in informing other national governments not represented in the GAC of the opportunity for individual governments, if they wish to do so, to provide information to ICANN on governmental users to ensure continued access to WHOIS.

.com adds 5.5 million names, renewals back over 70%

Verisign reported first-quarter financial results that reflected a healthier .com namespace following the spike caused by Chinese speculation in 2016.
The company Friday reported that .com was up to 133.9 million domains at the end of March, an increase of 5.5 million over the year.
The strong showing was tempered slightly by a further decline in .net, where domains were down from 15.2 million to 14.4 million.
Over the quarter, there was a net increase of 1.9 million names across both TLDs and the renewal rate was an estimated 74.9%, a pretty damn good showing.
Actual renewals for Q4, measurable only after Verisign announced its earnings, were confirmed at 72.5%, compared to a worryingly low 67.6% in Q4 2016.
In a call with analysts, CEO James Bidzos confirmed that the turnaround was due to the surge in Chinese domainer speculation that drove numbers in 2016 finally working its way out of the system.
In Q1, the cash-printing company saw net income of $134 million, compared to $116 million a year earlier, on revenue up 3.7% at $299 million.
Bidzos told analysts that it’s “possible” that the company may get to launch .web in 2018, but said Verisign has not baked any impact from the contested gTLD into its forecasts.