Newly launched .zip already looks dodgy

A trawl through the latest zone file for Google’s newly launched .zip gTLD reveals that it is likely to be used in malware and phishing attacks.

.zip is of course also a filename extension used by the ZIP archive format, often used to compress and email multiple files at once, and many domains registered in the .zip gTLD in the last few days seem ready to capitalize on that potential for confusion.

I counted 3,286 domains in the May 14 zone file, and a great many of them appear to relate to email attachments, financial documents, software updates and employment information.

I found 133 instances of the word “update”, with sub-strings such as “attach”, “statement”, “download” and “install” also quite common.

Some domains are named after US tax and SEC forms, and some appear to be targeting employees at their first day of work.

I don’t know the intent of any of these registrants, of course. It’s perfectly possible some of their domains could be put to benign use or have been registered defensively by those with security concerns. But my gut says at least some of these names are dodgy.

Google went into general availability with eight new TLDs last Wednesday, and as of yesterday .zip was the only one to rack up more than a thousand names in its zone file.

The others were .dad (913 domains), .prof (264), .phd (605), .mov (463), .esq (979), .foo (665) and .nexus (330).

Comment Tagged: .zip, google, malware, new gTLDs, phishing, security

Progress made on next new gTLD round rules

Pace towards finalizing the details of the next new gTLD application round is picking up, with a group of policy-makers close to overcoming some of the ICANN board’s concerns about the program.

A so-called “small team” of GNSO members, aided by a couple of ICANN directors, have drafted a set of recommendations aimed at helping the board approve the 38 community recommendations it has not yet adopted.

The board approved 98 new gTLD “Subsequent Procedures” policy recommendations in March, but was hesitant on issues such as the proposed registry back-end evaluation program, round-based applications, and content policing.

The board had raised the specter of a first-come, first-served model for new gTLD applications, something the community roundly rejected during the Policy Development Process for the next rounds.

Directors in the small group have since clarified that they’re really looking for a “steady state” application process, that may or may not involve FCFS, in order to make planning, hiring and software development more predictable.

There seems to be no question of the next application opportunity being anything other than a round-based process.

Nevertheless, it’s now possible that the GNSO may throw the board a bone by suggesting a PDP that would look into how the new gTLD program could operate in a “steady state” over the long term.

Content policing is another issue that has caused the board pause.

SubPro and the GNSO have recommended that registries be able to add Registry Voluntary Commitments — promises to ban certain types of content from their zone, for example — to their ICANN contracts.

But the board is worried that this may break its 2016 bylaws, which demand ICANN not get involved in content policing, even though the similar Public Interest Commitments from the 2012 round are enforceable.

The GNSO and board currently seem to be leaning towards a bylaws amendment to address RVCs, but it will be a bit of a tightrope, language-wise, to keep ICANN on its ostensibly technical mandate.

The small group has met nine times since late March to try and resolve these and other board concerns ahead of the mid-year ICANN 77 meeting in Washington DC, which starts June 12.

There’s a pretty aggressive schedule of meetings between now and then, with a bilateral between GNSO and board May 22. The board should have the GNSO’s response to its roadblocks by DC, which should allow it to start chipping away at some of the 38 unadopted recommendations.

Comment Tagged: fcfs, ICANN, icann 77, new gTLDs, pics, rvcs, subpro

Brands ask for cheaper ICANN fees

The group representing dot-brand gTLD registries has asked ICANN to relieve its members of millions of dollars of annual fees.

The Brand Registry Group has written to ICANN to complain that the current $25,000 a year fixed registry fee is too high, given that most dot-brands have next to no domains in their zones and pretty much no abuse.

A dot-brand is a gTLD matching a trademark in which only the brand holder may register domains. Most are unused, and those that are used don’t face many of the contractual compliance-related issues as regular gTLDs.

The BRG wants its members’ fees reduced to $5,000 a year, when the registry has fewer than 5,000 names and basically no abuse.
The group notes that 20-year-old gTLDs such as .museum, .coop, and .aero have a base fixed fee of just $500.

Given that there are about 400 contracted dot-brands, it’s basically asking ICANN to throw away about $8 million of annual revenue, paid for by some of the largest and wealthiest multinationals out there.

Comment Tagged: brg, ICANN, new gTLDs

ICANN salary porn: 2022 edition

ICANN has published its fiscal 2022 US tax returns, revealing as usual the big bucks its top brass and contractors are paid for boldly keeping the internet stable and secure.

It was a good year for former CEO Göran Marby, who held the top job until the end of calendar 2022 and saw his total compensation top a million dollars for a second time, having dipped in fiscal 2021.

Marby’s total package was $1,050,755 in salary, bonus and benefits for the year ended June 30, up from $977,540 in the previous year. The performance-related portion was $218,315, up from $202,038. His base salary was $734,579, up from $673,462.

The tax filing lists 17 highly compensated employees, down by two from 2021, who are making $390,000 and up. Seven made over half a million dollars a year, up from five in the previous year.

One of the missing employees this year was CTO David Conrad, who left the Org at the end of 2021. The filing reveals he was paid $115,874 in severance, despite ICANN characterizing his departure as a decision he made himself.

Current interim CEO Sally Costerton’s compensation is not revealed. It’s paid to her consulting company and the sum, whatever it is, presumably does not meet the threshold for disclosure as a top contractor.

(I hope this number is disclosed in future, because I’ve just come up with a funny nickname for her if it’s a very large amount.)

Top contractors are as usual law firm Jones Day ($5,164,603, down from $8,769,608) and software developers Architech, Zensar and OSTechnical, which received $2,857,500, $1,488,077 and $1,169,210 respectively.

ICANN’s total revenue was $167,893,854, up from $163,942,482. Its surplus after expenses was $22,755,179, down from $32,564,762. It had net assets of $539,863,742 at the end of June, down from $555,804,201.

The filing reveals that non-accreditation fees from registries and registrars topped $100 million.

Comment Tagged: ICANN, salaries, tax

Tucows and GoDaddy see weakness in big-ticket aftermarket sales

Two of the industry’s largest registrars saw weakness in their first-quarter revenues which they attributed largely to a lack of high-priced secondary market sales.

This lumpier and less-predictable side of the market saw Tucows overall domains revenue down 4% in the period, while GoDaddy saw its “core platform” revenue down a million bucks or 0.2%.

GoDaddy said a 5% increase in domains revenue was “offset by tough compares for our aftermarket business as well as the continued uneven flow of large transactions.”

Tucows said it has “experienced a weaker aftermarket for domain sales, most notably at the higher end of the price range”.

GoDaddy’s core services revenue was down to $698 million from $699.6 million a year ago. Overall revenue was $1.036 billion, up 3.3%. Its net income was down 30% at $47.4 million.

Tucows’ overall revenue was down 0.8% at $80.4 million, with a net loss of $19.1 million compared to a loss of $3 million a year ago.

Comment Tagged: aftermarket, earnings, financials, godaddy, tucows

Another registrar seemingly vanishes

An accredited registrar appears to have gone bust after its parent company failed.

ICANN has sent a breach notice to Nimzo 98, which while registered as an LLC in the US appears to be Indian-operated, saying the company has not paid its fees and the Compliance folk haven’t been able to reach management since December.

The notice also complains that the company isn’t providing a Whois service as required, which may be a polite way of saying that the entire web site is down — it’s not resolving properly for me.

Digging into the data a little, it seems Nimzo was the in-house registrar of a company called Houm that, according to its press releases, was operating some kind of privacy-oriented social network slash cloud storage service.

Part of Houm’s offering was a personal domain name, which came bundled as part of the monthly service fee.

When Houm seriously started promoting its service last year, it appears to have led to a spike in registrations via Nimzo. Most of its domains were concentrated in new gTLDs such as .live, .xyz, .earth, .world and .space.

Having consistently registered no more than a couple hundred gTLD names per month for years, there was a sudden spike to over 5,000 in July and 12,000 in August, peaking Nimzo’s total domains at 21,000 that month.

But then, in October, the registrar deleted almost all of its names. It went from 21,000 domains under management in August to 190 at the end of October. These were not grace-period deletes, so fees would have been applicable.

Houm’s web site at houm.me also appears inoperable today, showing a server error when I access it, and its Twitter account has been silent since last August.

ICANN has given Nimzo until May 22 to pay up or lose its accrediation.

Comment Tagged: breach, compliance, houm, ICANN, nimzo 98

Verisign “pleased” at ICANN’s .web call

Verisign said it is “pleased” that ICANN has decided it should be awarded the .web gTLD, but hinted that it might not launch this year.

“We now look forward to NDC’s execution of the .web Registry Agreement and submission to ICANN of the request for assignment of the .web Registry Agreement to Verisign,” the company said in a statement this afternoon.

It follows the news this morning that ICANN’s board of directors decided that the company did not break any rules when it won the auction for .web via a secret intermediary company, Nu Dot Co.

Verisign reiterated that its current financial guidance for the year does not include any impact from .web.

Comment Tagged: .web, ICANN, verisign

.hiphop returns to GoDaddy after Uniregistry snub

The new gTLD .hiphop is back on GoDaddy’s storefront, more than six years after the company stopped carrying it in a controversy over prices.

Dot Hip Hop, which took over the registry from UNR (formerly Uniregistry) last year, announced the deal in a press release today.

The exposure should be good for the TLD, which has barely scraped together net growth of 400 domains since its relaunch with new drastically reduced pricing a year ago.

It currently has barely over 1,000 names in its zone file. It had about 650 this time last year.

GoDaddy is not nearly the cheapest place to grab a .hiphop, with its web site showing a retail price of $44, compared to about $25 at Namecheap and $35 at Hover.

.hiphop was on of 23 gTLDs managed by Uniregistry kicked out by GoDaddy in 2017 after Uniregistry massively increased its pricing without grandfathering on renewals.

A lot of those gTLDs are now owned by GoDaddy, after UNR sold off its portfolio two years ago. Ten that were acquired by XYZ.com do not appear to have returned to the leading registrar.

Most of the nine former UNR strings owned by newcomer and management successor Internet Naming Co also appear to be back on GoDaddy, apart from .forum, .hiv and .sexy.

Comment Tagged: .hiphop, dot hip hop, godaddy, new gTLDs, uniregistry, unr

Danish national registry changes its name. Don’t laugh.

DK Hostmaster, the ccTLD registry for Denmark, is changing its name to Punktum dk.

The company, which has been running .dk since 1999, said that it’s a move to modernize the brand away from the old days where it only had one narrowly technical task.

Google Translate tells me “punktum” is the Danish word for “period” and I’m absolutely not suppressing an adolescent giggle right now.

The registry’s new domain is punktum.dk.

Comment Tagged: .dk, dk hostmaster, punktum

ICANN signs Whois’ death warrant in new contracts

Whois as we have known it for decades will be phased out of gTLDs over the next couple of years, after ICANN approved changes to its contracts at the weekend.

The board of directors signed off on amendments to the base Registry Agreement and Registrar Accreditation Agreement after they were approved by the requisite majority of registries and registrars earlier this year.

The changes outline how registries and registrars must make the move away from Whois, the technical specification, toward the functionally similar RDAP, the Registration Data Access Protocol.

After the amendments go into effect, contracted parties will have about 18 months to make the migration. They’ll be allowed to run Whois services in parallel if they wish after the transition.

People will in all likelihood carry on referring to such services as “Whois”, regardless, rather than the official replacement term “Registration Data Directory Services” or RDDS.

The RAA amendment will also require registrars to provide full RDAP output, rather than relying on “thick” registries to do it for them.

None of the changes affect how much personal information is returned for domain ownership lookups.

Comment Tagged: icann. whois, ra, raa, rdap, rdds