Latest news of the domain name industry

Recent Posts

Radix targets a million .online names in 2-3 years

Kevin Murphy, August 27, 2015, Domain Registries

Having just finished the most-successful new gTLD launch day to date, Radix Registry reckons it can get .online to seven figures in two to three years.
“We’re at 37,170 names as of an hour ago,” Radix CEO Bhavin Turakhia told DI at about 1000 UTC this morning.
That represents less than a full day of general availability. The company said last night that 28,000 names were registered in the first 30 minutes.
UPDATE: At the 24-hour mark, Radix tweeted this:


That beats .club’s 25,000-ish, which was Radix’s publicly stated goal, but it also tops .berlin’s 31,000 first-day names.
The CEOs of both these rival registries had publicly predicted their positions would be toppled and actively encouraged Radix to claim the crown.
Turakhia said that the majority of names registered came from pre-orders, largely at 1&1.
“Fourteen thousand names came from 1&1, 6,000 from Go Daddy, 2,700 from United Domains, 1,900 from Name.com and 1,400 from Tucows,” he said, partially breaking down the 37,170 figure by registrar.
He said the goal is to have a .online zone measured in the millions of names.
“I estimate that we should be able to get to a million names in a period of two to three years,” he said. “That’s on a conservative basis.”
Depending on how you count domains, .xyz may have already been the first to hit one million. Its zone never got as high as a million names, but it may have briefly crossed a million in terms of domains under management earlier this year.
At auction, .online sold for what is believed to be an eight-figure sum, originally to a joint venture of Radix, Tucows and Namecheap.
Radix bought out its partners earlier this year.
That was an increase in risk exposure Radix business head Sandeep Ramchandani said made him nervous. He said launch day’s numbers show .online’s potential.
Turahkhia said that there are 680,000 names in the .com zone that end in “online” today, and a million that have “online” somewhere in the second level, showing that the string is desirable to registrants.
Radix said last night that its Early Access Period — during which names are sold for a higher price — ended with 1,130 sales.
Turahkhia said that of these, about 1,000 were registered in the last three days, during which time the price was $100. Regular .online pricing is around the same as .com ($14.99 at 1&1 and Go Daddy), but some registrars are selling for as much at $50.

ZACR hits a million .za names

Kevin Murphy, August 20, 2015, Domain Registries

South Africa’s .za ccTLD has crossed the one million domain mark, according to the registry.
ZA Central Registry is currently reporting on its web site that 1,000,666 names have been registered.
The millionth name was reportedly vulindlela-hpt.co.za, registered to a consulting firm and inexplicably redirecting to the typo vulindlela-htp.co.za.
CEO Lucky Masilela reportedly said: “ZACR has now joined a small group of registry operators worldwide who administer a six-figure domain space.”
So perhaps the numbers the company are reporting are not entirely reliable. [/snark]

US gives ICANN an extra year to complete transition

Kevin Murphy, August 18, 2015, Domain Policy

US government oversight of ICANN and the domain name system will end a year later than originally expected.
The National Telecommunications and Information Administration said last night that it has extended ICANN’s IANA contract until September 30, 2016, giving the community and others more time to complete and review the transition proposals.
NTIA assistant secretary Larry Strickling wrote that “it has become increasingly apparent over the last few months that the community needs time to complete its work, have the plan reviewed by the U.S. Government and then implement it if it is approved.”
Simultaneously, NTIA has finally published a proposal — written by ICANN and Verisign — for how management of the DNS root will move away from hands-on US involvement.
The extension of the IANA contract from its September 30, 2015 end date was not unexpected. The current contract allows for such extensions.
As we recently reported, outgoing ICANN CEO Fadi Chehade had guessed a mid-2016 finalization of the transition.
Regardless, expect op-eds in the coming days to claim this as some kind of political victory against the Obama administration.
Part of the reason for the extension, beyond the fact that the ICANN community hasn’t finished its work yet, is legislation proposed in the US.
The inappropriately named DOTCOM Act, passed by the House but frozen for political reasons in the Senate by Tea Party presidential hopeful Sen Ted Cruz, would give Congress 30 legislative days (which could equal months of real time) to review the IANA transition proposals.
There are basically three prongs to the transition, each with very long names.
The “Proposal to Transition the Stewardship of the Internet Assigned Numbers Authority (IANA) Functions from the U.S. Commerce Department’s National Telecommunications and Information Administration (NTIA) to the Global Multistakeholder Community” is the first.
That was created by the multistakeholder IANA Stewardship Transition Coordination Group (ICG) and deals with how the IANA contract will be managed after the US government goes away.
The second prong comes from the Cross Community Working Group on Enhancing ICANN Accountability, which deals with how ICANN itself can improve its accountability to the internet community without the Damoclean sword of US intervention hanging over it.
The CCWG’s latest draft report would strengthen the ICANN board against capture by, for example, making certain bylaws harder to amend and giving the community the right to fire directors.
Both of these proposals are currently open for public comment here.
The third prong, which only appears to have been published this week, deals with the nuts and bolts of how changes to the DNS root zone are made.
The current system is a tripartite arrangement between IANA, NTIA and Verisign.
When a TLD operator needs a change to the DNS root — for example adding a name server for its TLD — the request is submitted to and processed by IANA, sent to NTIA for authorization, then actually implemented on the primary root server by Verisign.
Under the new proposal (pdf) to phase the NTIA out of this arrangement, the NTIA’s “authorization” role would be temporarily complemented by a parallel “authentication” role.
The proposal is not written in the clearest English, even by ICANN standards, but it seems that the current Root Zone Management System would be duplicated in its entirety and every change request would have to be processed by both systems.
The output of both would be compared for discrepancies before Verisign actually made the changes to the root.
It seems that this model is only being proposed as a temporary measure, almost like a proof of concept to demonstrate that the NTIA’s current authorization role isn’t actually required and won’t be replaced in this brave new world.

New gTLDs not an illegal conspiracy, court rules

Kevin Murphy, August 5, 2015, Domain Policy

ICANN has beaten off a lawsuit from alternate root provider name.space for a second time, with a US appeals court ruling that the new gTLD program was not an illegal conspiracy.
name.space sued ICANN in 2012, claiming that the program broke competition laws and that “conflicted” ICANN directors conspired with the industry in an “attack” on its business model.
The company runs an alternate DNS root containing hundreds of TLDs that hardly anyone knows about, cares about, or has access to.
Almost 200 of the strings in its system had matching applications in the 2012 new gTLD round; many have since been delegated.
The company’s complaint asked for an injunction against all 189 matching TLDs.
But a court ruled against it in 2013, saying that name.space had failed to make a case for breaches of antitrust law.
Last week, an appeals court upheld that ruling, saying that the company had basically failed to cross the legal threshold from simply making wild allegations to showing evidence of an illegal conspiracy.
“We cannot… infer an anticompetitive agreement when factual allegations ‘just as easily suggest rational, legal business behavior.’,” the court ruled, citing precedent.
“Here, ICANN’s decision-making was fully consistent with its agreement with the DOC [US Department of Commerce] to operate the DNS and the Root,” it wrote. “In transferring control to ICANN, the DOC specifically required it to coordinate the introduction of new TLDs onto the Root. This is exactly what ICANN did in the 2012 Application Round”.
“The 2012 rules and procedures were facially neutral, and there are no allegations that the selection process was rigged,” the panel ruled.
The court further ruled that ICANN is not a competitor in the markets for domain names as registry, registrar or defensive registration services, therefore it could not be subject to antitrust claims for those markets.
A few other claims against ICANN were also dismissed.
In short, it’s a pretty decisive victory for ICANN. General counsel John Jeffrey said in a statement that ICANN is “pleased” to have won.
All the major documents in the case, including the latest opinion, can be downloaded here.
While the lawsuit has been making its way through the courts, the .space gTLD has actually been delegated and the domain name.space is owned by its new registry, Radix.
There’s some salt in the wounds.

Neustar becomes “world’s largest registry” with $87m ARI buy

Consolidation in the domain name industry continued last night with Neustar’s $87 million acquisition of Bombora Technologies, the holding group for ARI Registry Services and AusRegistry.
Bombora CEO Adrian Kinderis told DI that the deal makes Neustar the “biggest registry services back-end provider on the market”, as measured by the number of TLDs on its platform, which now weighs in at over 400.
Kinderis and Neustar registry VP Sean Kaine said that the acquisition — conceived as so many deals are, Kinderis joked, in a “drunken ICANN bar” — is not so much about consolidation and more about growth opportunities.
Neustar will be able to cross-sell its suite of identity, security and marketing services, which Bombora does not offer, into ARI’s 100+ TLD client base. It will also be able to pitch ARI’s consulting services to its own clients.
Neustar also gets a “beachhead” in the Asia-Pacific region. While Bombora may not be a hell of a lot closer to Asia than Neustar, it’s in a much more convenient time zone.
Neustar currently faces the losing about half of its annual revenue — some $475 million — due to the loss of its contract to administer telephone number portability in North America.
That contract has been won by Ericsson, but Neustar has sued the US Federal Communications Commission in an attempt to keep it.
The Bombora acquisition won’t exactly fill the gap. The company had $20.6 million in revenue in 2014 and is expected to contribute $8 million to Neustar’s top line in 2015.
The deal is for AUD 118 million, which works out to roughly USD 87 million. Kinderis and business partner Simon Delzoppo will be the primary beneficiaries — between them they held a majority shareholding in Bombora.
The deal includes all of the company’s subsidiaries: ARI, AusRegistry and new gTLD operators such as dotShabaka.
ARI clients will notice a change of branding — the ARI and Bombora brands are to go almost immediately — but no technical changes at first.
“We’re going to continue to operate two registry systems right now,” Kaine said.
One business where there will be even less visible change is AusRegistry, which operates .au.
The AusRegistry brand is staying and .au will continue to be run in Australia, per the terms of the company’s contract with ccTLD policy overseer auDA.
“The .au contract is very important to Bombora,” Kinderis said. “If we had thought there would be any negative impact to that contract we would not have embarked on a deal.”
Kinderis, whose new job title has yet to be agreed, said he expects to take a “prominent role” in Neustar’s registry business. He said he expects to stay with the company “for a long time yet”.
“I want to see Neustar snapping at the heels of Verisign and I’d love to be able to contribute to that,” he said. “We’ve been punching above our weight and now we’re one of the heavyweights.”

Grogan hopeful of content policing clarity within “a few weeks”

ICANN may be able to provide registrars, intellectual property interests and others with clarity about when domain names should be suspended as early as next month, according to compliance chief Allen Grogan.
With ICANN 53 kicking off in Buenos Aires this weekend, Grogan said he intends to meet with a diverse set of constituents in order to figure out what the Registrar Accreditation Agreement requires registrars to do when they receive abuse complaints.
“I’m hopeful we can publish something in the next few weeks,” he told DI. “It depends to some extent on what direction the discussions take.”
The discussions center on whether registrars are doing enough to take down domains that are being used, for example, to host pirated content or to sell medicines across borders.
Specifically at issue is section 3.18 of the 2013 RAA.
It requires registrars to take “reasonable and prompt steps to investigate and respond appropriately” when they receive abuse reports.
The people who are noisiest about filing such reports — IP owners and pharmacy watchdogs such as LegitScript — reckon “appropriate action” means the domain in question should be suspended.
The US Congress heard these arguments in hearings last month, but there were no witnesses from the ICANN or registrar side to respond.
Registrars don’t think they should be put in the position of having to turn off what may be a perfectly legitimate web site due to a unilateral complaint that may be flawed or frivolous.
ICANN seems to be erring strongly towards the registrars’ view.
“Whatever the terms of the 2013 RAA mean, it can’t really be interpreted as a broad global commitment for ICANN to enforce all illegal activity or all laws on the internet,” Grogan told DI.
“I don’t think ICANN is capable of that, I don’t think we have the expertise or resources to do that, and I don’t think the ICANN multistakeholder community has ever had that discussion and delegated that authority to ICANN,” he said.
CEO Fadi Chehade recently told the Washington Post that it isn’t ICANN’s job to police web content, and Grogan has expanded on that view in a blog post last week.
Grogan notes that what kind of content violates the law varies wildly from country to country — some states will kill you for blasphemy, in some you can get jail time for denying the Holocaust, in others political dissent is a crime.
“Virtually everybody I’ve spoken with has said that is far outside the scope of ICANN’s remit,” he said.
However, he’s leaving some areas open for discussion,
“There are some constituents, including some participants in the [Congressional] hearing — from the intellectual property community and LegitScript — who think there’s a way to distinguish some kinds of illegal activities from others,” he said. “That’s a discussion I’m willing to have.”
The dividing line could be substantial risk to public health or activities that are broadly, globally deemed to be illegal. Child abuse material is the obvious one, but copyright infringement — where Grogan said treaties show “near unanimity” — could be too.
So is ICANN saying it’s not the content police except when it comes to pharmacies and intellectual property?
“No,” said Grogan. “I’m saying I’m willing to engage in that dialogue and have that conversation with the community to see if there’s consensus that some activities are different to others.”
“In a multistakeholder model I don’t think any one constituency should control,” he said.
In practical terms, this all boils down to 3.18 of the RAA, and what steps registrars must take to comply with it.
It’s a surprisingly tricky one even if, like Grogan, you’re talking about “minimum criteria” for compliance.
Should registrars, for example, be required to always check out the content of domains that are the subject of abuse reports? It seems like a no-brainer.
But Grogan points out that even though there could be broad consensus that child abuse material should be taken down immediately upon discovery, in many places it could be illegal for a registrar employee to even check the reported URL, lest they download unwanted child porn.
Similarly, it might seem obvious that abuse reports should be referred to the domain’s registrant for a response. But what of registrars owned by domain investors, where registrar and registrant are one and the same?
These and other topics will come up for discussion in various sessions next week, and Grogan said he’s hopeful that decisions can be made that do not need to involve formal policy development processes or ICANN board action.

US Congresspeople tell ICANN to ignore GAC “interference”

Kevin Murphy, June 12, 2015, Domain Policy

A bispartisan group of US Congresspeople have called on ICANN to stop bowing to Governmental Advisory Committee meddling.
Showing characteristic chutzpah, the governmental body advises ICANN that advice from governments should be viewed less deferentially in future, lest the GAC gain too much power.
The members wrote (pdf):

Recent reports indicate that the GAC has sought to increase its power at the expense of the multistakeholder system. Although government engagement in Internet governance is prudent, we are concerned that allowing government interference threatens to undermine the multistakeholder system, increasing the risk of government capture of the ICANN Board.

The letter was signed by 11 members of the House Judiciary Subcommittee on Courts, Intellectual Property and the Internet, which is one of the House committees that most frequently hauls ICANN to Capitol Hill to explain itself.
Most of the signatories are from the Republican majority, but some are Democrats.
It’s not entirely clear where they draw the line between “engagement” and “interference”.
The letter highlights two specific pieces of GAC input that the signatories seem to believe constitute interference.
First, the GAC’s objection to Amazon’s application for .amazon. The letter says this objection came “without legal basis” and that ICANN “succumbed to political pressure” when it rejected the application.
In reality, the GAC’s advice was consensus advice as envisaged by the Application Guidebook rules. It was the US government that succumbed to political pressure, when it decided to keep its mouth shut and allow the rest of the GAC to reach consensus.
The one thing the GAC did wrong was filing its .amazon objection outside of the window envisaged by the Guidebook, but that’s true of almost every piece of advice it’s given about new gTLD applications.
Second, the Congresspeople are worried that the GAC has seized for its members the right to ban the two-letter code representing their country from any new gTLD of their choosing.
I’ve gone into some depth into how stupid and hypocritical this is before.
The letter says that it has “negative implications for speech and the world economy”, which probably has a grain of truth in it.
But does it cross the line from “engagement” to “interference”?
The Applicant Guidebook explicitly “initially reserved” all two-letter strings at the second level in all new gTLDs.
It goes on to say that they “may be released to the extent that Registry Operator reaches agreement with the government and country-code manager.”
While the rule is pointless and the current implementation convoluted, it comes as a result of the GAC engaging before the new gTLD program kicked off. It was something that all registries were aware of when they applied for their gTLDs.
However, the GAC’s more recent behavior on the two-letter domain subject has been incoherent and looks much more like meddling.
At the ICANN meeting in Los Angeles last October, faced with requests for two-character domains to be released, the GAC issued formal advice saying it was “not in a position to offer consensus advice on the use of two-character second level domain names”.
ICANN’s board of directors accordingly passed a resolution calling for a release mechanism to be developed by ICANN staff.
But by the time February ICANN meeting rolled around, it had emerged that registries’ release requests had been put on hold by ICANN due to letters from the GAC.
The GAC then used its Singapore communique to advise ICANN to “amend the current process… so that relevant governments can be alerted as requests are initiated.” It added that “Comments from relevant governments should be fully considered.”
ICANN interpreted “fully considered” to mean an effective veto, which has led to domains such as it.pizza and fr.domains being banned.
So it does look like thirteenth-hour interference but that’s largely because the GAC is often incapable of making its mind up, rarely talks in specifics, and doesn’t meet frequently enough to work within timelines set by the rest of the community.
However, while there’s undoubtedly harm from registries being messed around by the GAC recently, governments don’t seem to have given themselves any powers that they did not already have in the Applicant Guidebook.

.bank doing surprisingly well in sunrise

The forthcoming .bank gTLD has received over 500 applications for domains during its sunrise period, according to the registry.
fTLD Registry Services tweeted the stat earlier this week.


Its sunrise period doesn’t even end until June 17. Sunrise periods tend to be back-weighted, so the number could get a lot higher.
Five hundred may not sound like a lot — and applications do not always convert to registrations — but in the context of new gTLDs it’s very high.
Discounting .porn and .adult, both of which racked up thousands of names across their various sunrise phases, the previous high for a sunrise was .london, with just over 800 names registered.
It’s not unusual for a sunrise to get under 100 names. A year ago, I calculated that the average was 144.
The 500+ .bank number is especially surprising as it’s going to be a very tightly controlled gTLD where the chance of cybersquatting is going to be virtually nil.
All .bank registrants will be manually vetted to ensure they really are banks, substantially mitigating the need for defensive registrations.
Could this be an indication that .bank will actually get used?

Businesses call on regulators to stop .sucks “extortion”

ICANN’s Business Constituency wants US and Canadian regulators to intervene to prevent Vox Populi Registry, which runs .sucks, “extorting” businesses with its high sunrise fees.
The BC wrote to ICANN, the US Federal Trade Commission and the Canadian Office for Consumer Affairs on Friday, saying .sucks has employed “exploitive [sic] pricing and unfair marketing practices”.
The constituency adds its voice to Intellectual Property Constituency, which complained last month, causing ICANN to refer the matter to US and Canadian regulators.
Now, the BC has told the OCA and FTC:

We do not believe that exploitative and unfair business practices are conducive either to promoting end-user confidence in the Internet or to fair competition in the domain name space. On the contrary, the pricing structure adopted by Vox Populi for .sucks domain names is predicated purely on expecting the businesses and brands that drive global growth to pay extortionate fees for no consumer or market benefit.

Vox Populi’s tactics exploit businesses that neither want nor need these domain name registrations but feel unfairly pressured to register purely for defensive purposes.

The BC’s letter chooses to focus on saying sunrise names cost “$2,499 and up” (original emphasis). That’s based on the MSRP Vox Pop publishes on its web site.
In reality, Vox Pop is charging a registry fee of $1,999 per year for .sucks sunrise registrations.
Retail registrars can add hundreds of dollars in mark-up fees, but the leading corporate registrars that are selling the most .sucks sunrise names — MarkMonitor, CSC and Com Laude among them — have said that as a matter of principle they are only charging a nominal $20 to $25 processing fee.
It’s not the highest sunrise fee I’ve come across. The Chinese registry behind .top asked for $3,500 during its sunrise.
But the semantics of the .sucks TLD makes brand owners nervous and makes many of them feel that a defensive registration is a must-have.
The BC now write to regulators to “urge the FTC and OCA to expeditiously determine whether these practices constitute unfair trade practices”.
The letter points to US and Canadian regulations covering consumer protection for examples of where Vox Pop’s practices may fall short of the law.
The free speech opportunities afforded by .sucks do not outweigh the harms, the BC says.
It’s also interesting to note that while the BC appears to be running to regulators for assistance, it notes that it still fully supports the ICANN model.
There may be a degree of cognitive dissonance within the BC.
In a separate letter to ICANN, also signed by BC chair Elisa Cooper and sent yesterday, the BC seems to take issue with the fact that ICANN felt the need to report .sucks to regulators in the first place, writing:

We would like to understand the rationale for doing so. ICANN has ample authority, a clear obligation and the resources available to stop rogue practices through its contractual agreements with registries, its Compliance Department, and its broad duty to protect the public interest and the security and stability of the Internet, particularly for issues with global reach. Like all other gTLDs launched under ICANN’s program, .sucks has a global reach. It is not clear why ICANN feels it should seek clarification from these two North American agencies.

It’s worth noting that Vox Pop CEO Berard is a member of the BC via his PR agency, Credible Context. He was Cooper’s immediate predecessor as BC chair, leaving the post last year.
Correction: Thanks to the many readers who pointed out that Berard was actually the BC’s representative to the GNSO, not its chair. Apologies for the error.
The letter tells Global Domains Division president Akram Atallah that “viewed in its entirety, Vox Populi’s pricing scheme is a violation of the Rights Protection Mechanisms (RPMs)” developed for the new gTLD program, alleging it discourages use of the RPMs and encourages cybersquatting.
It claims that if Vox Pop populated its Sunrise Premium list (now known as Market Premium, it seems) with data from the Trademark Clearinghouse it could be in violation of its Registry Agreement with ICANN.
My sense has been that the names on that list were actually culled from zone files. Vox Pop has said it was compiled from lists of names that have previously been defensively registered. Most of the names in the TMCH have not been defensively registered.
The BC asks for ICANN “to take strong action”, but does not specify what, exactly, it wants.
The letter to the OCA and FTC can be read here. The letter to ICANN is here. Both are PDF files.

Most ICANN new gTLD breaches were over a year ago

Almost three quarters of the security breaches logged against ICANN’s new gTLD portal occurred over a three-month period in early 2014, DI can reveal.
Almost every incident of a new gTLD applicant coming across data they weren’t supposed to see — 322 of the 330 total — happened before the end of October last year, ICANN told DI.
Most — 244 of the 330 — happened before April 30 last year.
The first breach, discovered by an independent audit of the portal, was January 22 2014.
ICANN says it was first notified of there being a problem on February 27, 2015.
The improper data disclosures were announced by ICANN last week.
As we reported, a simple configuration error by ICANN in third-party software allowed users of the Global Domains Division portal — all new gTLD applicants — to view confidential data belonging to other applicants.
Documents revealed could have included sensitive financial projections and registry technical details.
My first assumption was that the majority of the incidents — which have been deliberate or accidental — were relatively recent, but that turns out not to be the case.
In fact, if anyone did download data they weren’t supposed to see, most of them did it over a year ago.
ICANN has been notifying applicants and registries about whether their own data was compromised and expects to have told each affected applicant which other applicants could have seen their data before May 27.
Ninety-six applicants and 21 registries were affected.