Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
Dot Vegas sells $2m of premiums
New gTLD registry operator Dot Vegas says it has sold over $2 million worth of “premium” .vegas domain names to date.
The registry, which went to general availability in September, has also registered 1,000 additional premiums to itself in an effort to drum up more sales.
The list is available at the registry’s web site (pdf).
As you might expect, gambling and tourism related keywords feature heavily, but there are also names geared towards locals.
The names don’t appear to have buy-now prices. Rather, Dot Vegas is soliciting interested potential buyers via the reserved sites.
.vegas zone files show just over 12,000 names currently. That number will include the registry-reserved ones. According to DomainTools, Dot Vegas owns about 2,200 names across all TLDs.
Two legit registrars held to account for lack of abuse tracking
ICANN Compliance’s campaign against registrars that fail to respond to abuse reports continued last week, with two registrars hit with breach notices.
The registrars in question are Above.com and Astutium, neither of which one would instinctively bundle in to the “rogue registrar” category.
Both companies have been told they’ve breached section 3.18.1 of their Registrar Accreditation Agreement, which says: “Registrar shall take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse.”
Specifics were not given, but it seems that people filed abuse reports with the registrars then complained to ICANN when they did not get the response they wanted. ICANN then was unable to get the registrars to show evidence that they had responded.
Both companies have until February 12 to come back into compliance or risk losing their accreditations.
Domain investor-focused Above.com had over 150,000 gTLD domains on its books at the last official count. UK-based Astutium has fewer than 5,000 (though it says the current number, presumably including ccTLD names, is 53,350).
It’s becoming increasingly clear that registrars under the 2013 RAA are going to be held to account by ICANN to the somewhat vague requirements of 3.18.1, and that logging communications with abuse reports is now a must.
New ccTLDs may have to block name collisions
ICANN is thinking about expanding its controversial policy on name collisions from new gTLDs to new ccTLDs.
The country code Names Supporting Organization has been put on notice (pdf) that ICANN’s board of directors plans to pass a resolution on the matter shortly.
The resolution would call on the ccNSO to “undertake a study to understand the implications of name collisions associated with the launch of new ccTLDs” including internationalized domain name ccTLDs, and would “recommend” that ccTLD managers implement the same risk mitigation plan as new gTLDs.
Because ICANN does not contract with ccTLDs, a recommendation and polite pressure is about as far as it can go.
Name collisions are domains in currently undelegated TLDs that nevertheless receive DNS root traffic. In some cases, that may be because the TLDs are in use on internal networks, raising the potential of data leakage or breakages if the TLDs are then delegated.
ICANN contracts require new gTLDs to block such names or wildcard their zones for 90 days after launch.
Some new gTLD registry executives have mockingly pointed to the name collisions issue whenever a new ccTLD has been delegated over the last year or so, asking why, if collisions are so important, the mitigation plan does not apply to ccTLDs.
If the intent was to persuade ICANN that the collisions management framework was unnecessary, the opposite result has been achieved.
Pop-ups boost most-popular new gTLD domains, and it’s not just .xyz any more
The .xyz and .country gTLDs are currently dominating the league table of most-popular new gTLDs, but massive pop-up advertising campaigns using junk domains can account for the majority of their leading sites.
Today, Amazon’s Alexa site popularity tool sees 2,425 new gTLD domains in its top one million. Of those, 163 are in the top 50,000 sites.
But almost two thirds of those 163 domains appear to be throwaways that receive traffic not because they’re attracting visitors, but because they’re used to serve pop-up advertising, in some cases via adware.
The trend has been visible for a few months now, restricted almost exclusively to .xyz, but over the last two weeks .country has also started to be used in this way.
That’s interesting because, unlike .xyz, .country is not a low-cost gTLD. Go Daddy currently sells it for $39.95 per year.
(UPDATE: As Andrew points out in the comments, Uniregistry is selling .country names for $1 for the first year, which almost certainly explains the .country bump.)
Almost 100 of the top 163 new gTLD domains comprise two unrelated dictionary words put together to make something nonsensical.
Domains such as iciclecellar.country, laborervolcano.country, classkitten.country, sweepstakesglove.country, rewardmen.country, installationdesk.country have recently joined have joined the likes of vasegiraffe.xyz, cactusstew.xyz, bedcrow.xyz, notebookwrist.xyz, wishgrass.xyz, pencilkite.xyz and basketriver.xyz on this list.
As far as I can tell, they’re all registered via Uniregistry and using its free Whois privacy service to mask the identities of the registrants.
Visiting these domains in your browser will either result in an error — where I suspect the site is checking the referrer before deciding whether to show a page — or will send you on a merry redirect chain that terminates in an affiliate marketing sign-up page.
Some of the domains have been discussed in online forums as serving up pop-up ads, which would account for large amounts of traffic and high popularity.
Some have alleged that they’ve seen adware serve up ads from some of these domains.
Pop-up ads may be annoying, but they’re legal and — unlike spam and malware — not usually a violation of gTLD registries’ terms of service.
Whether benefiting from adware would leave a registrant in violation of a registrar or registry’s ToS is also a fuzzy area.
But for the new gTLD industry, which is currently in a mindshare-building mode, this kind of use does not make for great optics. If internet users see new gTLDs most often in an unwanted context, it could impair their trust in the new gTLD environment.
Jeff Neuman quits Neustar for Valideus
Neustar’s top domain name guy is moving to UK new gTLD consultancy Valideus.
Jeff Neuman, who’s been with Neustar for over 15 years, will become Valideus’ senior vice president for North America, starting this coming Monday, according to Valideus managing director Nick Wood.
I don’t know who’s replacing him at Neustar, where he’s been in charge of the company’s domain name business for the last couple of years, overseeing the company’s business as a registry back-end provider and registry for New York’s .nyc new gTLD.
Neuman was previously Neustar’s longstanding VP of policy, a role which also saw him heavily involved in ICANN’s GNSO Council and Neustar’s application for and launch of .biz, back in 2000.
He’s been quite a pivotal and sometimes outspoken figure over the years.
Valideus is the new gTLD service provider sister company to Com Laude, the brand-focused registrar. It provides application consulting and ongoing registry/registrar management for dot-brand gTLD applicants and registries, Amazon among them.
I gather that Neuman will remain based in the US, as his new job title implies.
.gay is gay enough after all? ICANN overturns community panel decision
One of the applicants for .gay has won a significant battle in the fight for the controversial new gTLD.
In a shock move, a committee of ICANN’s board of directors has overturned the rejection of dotgay LLC’s Community Priority Evaluation, ordering that the case should be re-examined by a new panel of experts.
As you may recall, dotgay’s CPE was kicked out in October after the Economist Intelligence Unit panel decided that the company’s defined community was too broad to be described by “gay” as it included a lot of people who aren’t gay, such as straight people.
The decision — which I thought was probably correct — caused an uproar from dotgay’s myriad supporters, which include dozens of international equal rights and gay community organizations.
dotgay filed a Request for Reconsideration, ICANN’s cheapest but least reliable form of appeal, and today found out it actually won.
ICANN’s Board Governance Committee, which handles the RfR process, this week ruled (pdf):
The BGC concludes that, upon investigation of Requester’s claims, the CPE Panel inadvertently failed to verify 54 letters of support for the Application and that this failure contradicts an established procedure. The BGC further concludes that the CPE Panel’s failure to comply with this established CPE procedure warrants reconsideration. Accordingly, the BGC determines that the CPE Panel Report shall be set aside, and that the EIU shall identify two different evaluators to perform a new CPE for the Application
The successful RfR appears to be based on a technicality, and may have no lasting impact on the .gay contention set.
Under the EIU’s process rules: “With few exceptions, verification emails are sent to every entity that has sent a letter(s) of support or opposition to validate their identity and authority”.
It seems that the EIU was sent a bundle of 54 letters of support for dotgay, but did not email the senders to verify they were legit. The BCG wrote:
Over the course of investigating the claims made in Request 14-44, ICANN learned that the CPE Panel inadvertently did not verify 54 of the letters of support it reviewed. All 54 letters were sent by the Requester in one correspondence bundle, and they are publicly posted on ICANN’s correspondence page.36 The 54 letters were deemed to be relevant by the EIU, but the EIU inadvertently failed to verify them.
If an applicant wins a CPE it means all the other applicants are automatically excluded, and the door is now open for the EIU to rethink its earlier decision.
So do competing applicants Rightside, Minds + Machines and Top Level Design now have genuine cause for concern? Not necessarily.
CPE applicants need to score at least 14 out of 16 available points in order to win, and dotgay only scored 10 points in its original evaluation.
Crucially, the EIU panel said that because the “community” as defined by dotgay included transgender, intersex, asexual and straight “allies” of equal rights, it was too broad to score any of the available four points on the “Nexus” criteria.
The BCG could find no fault with the EIU’s determination on Nexus, so even if dotgay’s letters of support are verified according to procedure, it would not necessarily lead to dotgay picking up any more Nexus points.
The BCG wrote on Nexus: “Requester’s substantive disagreement with the CPE Panel’s conclusion does not support reconsideration”.
However, given that the EIU is going to do the entire CPE all over again with new panelists, it seems entirely possible that dotgay could win this time.
Domain hijacking bug found in Go Daddy
Go Daddy has rushed out a fix to a security bug in its web site that could have allowed attackers to steal valuable domain names.
Security engineer Dylan Saccomanni found several “cross site request forgery” holes January 17, which he said could be used to “edit nameservers, change auto-renew settings and edit the zone file entirely”.
He reported it to Go Daddy (evidently with some difficulty) and blogged it up, with attack code samples, January 18. Go Daddy reportedly patched its site the following day.
A CSRF vulnerability is where a web site fails to adequately validate data submitted via HTTP POST. Basically, in this case Go Daddy apparently wasn’t checking whether commands to edit name servers, for example, were being submitted via the correct web site.
Mitigating the risk substantially, attackers would have to trick the would-be victim domain owner into filling out a web form on a different site, while they were simultaneously logged into their Go Daddy accounts, in order to exploit the vulnerability, however.
In my experience, Go Daddy times out logged-in sessions after a period, reducing the potential attack window.
Being phishing-aware would also reduce your chance of being a victim.
I’m not aware of any reports of domains being lost to this attack.
NCC buys Open Registry for up to $22.6m — a gTLD registry now owns part of the TMCH
NCC Group has acquired registry back-end provider Open Registry in a deal that could be worth as much as £14.9 million ($22.6 million).
The deal means that NCC, which runs the new gTLD .trust via subsidiary Artemis Internet, now owns a back-end, a registrar and a piece of the Trademark Clearinghouse, in addition to its original core domain business of providing data escrow services to registries.
According to NCC, the acquisition is for a minimum of £7.9 million ($12 million), with the rest to be paid over three years if Open Registry meets performance targets.
Open Registry had revenue of €3.7 million ($4.3 million) in 2014, turning a profit of €15,000 ($17,300).
Its core business is as a back-end provider for new gTLD applicants. It has about 20 on its books, mostly European dot-brands and cities.
Part of the company’s business is CHIP, the Clearinghouse of Intellectual Property, which along with IBM and Deloitte runs the ICANN-sanctioned TMCH, which all new gTLD registries must use in their Sunrise and Trademark Claims launch periods.
It also owns a small registrar, Nexperteam, which has about 8,000 domains under management.
The Benelux company employs eight people.
Open Registry’s founding CEO Jean-Christophe Vignes joined Artemis as head of domain operations in 2013.
ICANN audit claims two more registrar scalps
Two tiny registrars — WebZero and Black Ice Domains — have had their registrar accreditations terminated for a failure to respond to a routine ICANN audit.
Israel-based Black Ice had just a couple thousands gTLD domains under management; US-based WebZero had fewer than 100.
Both registrars stood accused of not providing documents to ICANN in response to an audit, per their Registrar Accreditation Agreements.
ICANN will now look for a registrar or registrars to take over these registrars’ domains.
A quarter of registrar’s names are “illicit pharmacies”
One in four of the domain names registered with the registrar NetLynx are linked to current, past or potential future rogue drug sites, according to online pharmacy monitor LegitScript.
The Mumbai-based registrar was hit with a breach notice by ICANN Compliance last week, over an alleged failure to investigate an abuse complaint about a single customer domain, tnawsol24h.com.
NetLynx did not adequately respond to ICANN’s calls from November 26 to January 5, according to the notice (pdf).
While ICANN did not identify the source or nature of the complaint, according to LegitScript it was filed by the UK Medicines and Healthcare products Regulatory Agency and it claimed that the domain was being used as a “rogue internet pharmacy”.
LegitScript did some research into NetLynx’s domains under management and now claims that it is not an isolated case.
Company president John Horton blogged:
at least a quarter of the registrar’s business is dependent on rogue Internet pharmacy registrations, with roughly 3,000 of the 12,000 domain names under the registrar’s portfolio taggable as current, past or “holding sites” for illicit online pharmacies.
Horton clarified for DI that the 3,000 number is extrapolated from the fact that LegitScript managed to categorize 1,820 out of the 7,000 NetLynx domains it could find as problematic.
Of those, 820 were “online and active” rogue pharmacies, he said. He gave canadian-drug-pharmacy.com, pills-delivery.net and pillsforlife.net as examples.
Another 780 were hosting rogue pharmacies in the past but have since been shut down, he said.
Finally, LegitScript categorized 220 as “meeting known patterns” for “holding sites” where illicit pharmacies may be launched in future. Horton said:
many of the spam pharma organizations use “holding domain names” (not all are online at any one time), so if the website was NOT currently online, we looked to a variety of data — known domain name patterns, screenshots, known rogue name servers, known rogue IP addresses, etc. — to determine the likelihood that a domain name is likely to be a rogue Internet pharmacy, and gave NetLynx the benefit of the doubt if there was any lack of certainty
LegitScript classifies online pharmacies as “rogue” if they offer to ship medicines without a prescription to people in jurisdictions where prescriptions are required.
Horton is now calling for ICANN to look into terminating NetLynx’s accreditation.
Recent Comments