Latest news of the domain name industry

Recent Posts

ICANN asks registries to freeze Net 4 India’s expired domains

Kevin Murphy, April 26, 2021, Domain Registrars

ICANN has asked all domain registries to exempt from deletion expired names registered via collapsed Indian registrar Net 4 India.

The company has been in receipt of an ICANN termination notice since the end of February, but it’s in insolvency proceedings and ICANN says the insolvency court is preventing it from carrying out the execution.

Net4’s customers have been plagued with problems such as the inability to renew or transfer their domains for well over half a year, and ICANN has issued three public breach notices since December.

ICANN says it has received more than 8,000 complaints related to the registrar — which does not even seem to have a functioning web site any more — since things got real bad last September.

Today, ICANN’s head of compliance Jamie Hedlund blogged:

While we await a final order from the insolvency court, ICANN has requested that all registries not delete expired domain names registered through Net 4 India that registrants have not been able to renew or transfer.

While this may not solve every technical issue experienced by Net4 customers, it should at least prevent them permanently losing their domains, assuming a high level of registry compliance with ICANN’s request.

Registrants won’t be fully safe until ICANN is able to carry out the termination and move Net4’s domains to a stable third-party registrar.

While ICANN disputes whether the Indian insolvency court has jurisdiction over it, it is nevertheless currently complying with its instruction to delay termination until further notice.

Hedlund wrote:

ICANN org is taking actions permitted by its agreements, policies, and law to protect registrants and to facilitate the bulk transfer of the Net 4 India registrations to a functioning registrar that can service its customers. ICANN also is being respectful of the [National Company Law Tribunal’s] processes with this case, which have not yet concluded.

He wrote that the next scheduled hearing of the NCLT is tomorrow, April 27. It appears to have been called due to Hedlund recently impressing upon the court the importance of the crisis.

Comment Tagged: , , , ,

UNR cuts $5.2 million from price of new gTLD portfolio

Kevin Murphy, April 26, 2021, Domain Registries

UNR has reduced the opening bids on almost all of the gTLDs it plans to auction off later in the week, to the tune of a whopping $5.2 million.

According to the minimum opening bids listed on the auction web site today, the job lot of 23 TLD contracts could go for as little as $11.65 million, if there’s no competitive bidding whatsoever.

That’s compared to the $16.87 million total when the TLDs were first announced for auction back in January.

It’s a no-reserve auction of UNR’s entire portfolio of gTLDs that runs from Wednesday to Friday this week.

Some gTLDs, such as .hiv and .juegos, have no minimum bids.

The only TLD to receive a price increase since January is .llp, which had a $0 listing back then but is now listed at $200,000. There’s been no change in .llp’s fortunes since then — it’s still unlaunched.

The music-themed .country, which had no list price in January, now has a $300,000 tag.

The biggest discount comes on .link, once listed with a $3 million opener, now reduced to $2 million.

Nine of the gTLDs are now priced at below the original ICANN application fee of $186,000.

Here’s a table comparing the January minimum bid to today’s pricing.

[table “66” not found /]

UNR, which sold off its registrar and secondary market businesses to GoDaddy and its stakes in three car-themed gTLDs to XYZ.com last year, plans to remodel itself as a back-end operator post-auction.

UPDATE: According to UNR, the January prices were preliminary and published accidentally, and no changes have been made since late January or early February.

2 Comments Tagged: , , ,

Formerly massive drop-catcher faces ICANN probe

Kevin Murphy, April 26, 2021, Domain Registrars

Pheenix, which used to operate a network of hundreds of accredited registrars, now faces potentially losing its last remaining accreditation, due to an ICANN probe.

ICANN told the US-based company in a breach notice last week that it faces additional action unless it fixes a bunch of problems related to domain transfers and Whois before May 14.

According to ICANN, for over a year Pheenix has been declining to provide data showing it is in compliance with the Expired Registration Recovery Policy and the Transfer Policy, related to dozens of domains.

Pheenix was told about at least one such disputed domain as far back as February last year, but ICANN says it’s been unresponsive to its outreach.

It’s also failed to implement an RDAP server, which ICANN has been nagging it about since October 2019. RDAP, the Registration Data Access Protocol, is the successor protocol to Whois.

A quick spot-check reveals that the disputed names are traffic domains once belonging to legitimate organizations, usually with inbound Wikipedia links, that were captured after the organization in question folded and its domains expired. Most were repurposed with low-quality content and advertising.

That fits in with Pheenix’s registrar business model. It was until a few years ago a huge drop-catching player, with over 500 shell accreditations it used to gain speedy access to dropping domains.

But it dumped almost 450 of these in November 2017, and another 50 the following April.

Since then, Pheenix’s primary IANA number (the coveted “888”) has been associated with fewer and fewer domains.

It had 6,930 domains under management at the end of 2020, down from a November 2017 peak of 71,592.

It hasn’t recorded any new domain adds in any gTLDs since April 2020.

According ICANN’s chronology of events, it’s sent dozens of emails, faxes and voicemails over the last year, related to multiple domain names, and it’s only received a single email in response. And that was in May 2020.

2 Comments Tagged: , , , ,

Verisign expects huge domain growth in 2021

Kevin Murphy, April 22, 2021, Domain Registries

Verisign tonight significantly upgraded its estimate of how many .com and .net domains it expects to sell this year, citing an improving economy and increased growth in online commerce.

CEO Jim Bidzos told analysts that it’s now expecting its domain base to increase by 4% to 5.5% this year. Three months ago, it had cautiously predicted growth would be between 2.5% and 4.5%.

That’s a minimum of 6.6 million net new domains this year.

The upgrade was inspired by its first-quarter performance, in which .com and .net base grew by 4.6% when compared to Q1 2020, to 168 million names.

That was an increase of 2.8 million names during the quarter, which compares to 1.83 million net new domains in Q1 2020 and 1.46 million in Q4 2020. A pretty damn good showing, in other words.

For Q1, Verisign tonight reported net income of $150 million, down from $334 million in Q1 last year, when it experienced a one-off tax benefit.

Revenue was up 3.6% on last year at $324 million.

Comment Tagged: , , , ,

Decision on $135 million .web auction expected in weeks

Kevin Murphy, April 22, 2021, Domain Registries

ICANN, Verisign, Donuts, and the other applicants for .web will find out who gets to control the fiercely contested gTLD by the first week of June at the latest, according to Verisign’s CEO.

Jim Bidzos told analysts tonight that the Independent Review Process panel currently handling a complaint filed by Afilias declared its case closed April 7, and said that a decision will come within 60 days.

Afilias, now owned by Donuts, came second in an ICANN “auction of last resort” in which a Verisign-backed company called Nu Dot Co agreed to pay $135 million for the coveted string.

Afilias wants the auction declared invalid because ICANN, it claims, did not sufficiently pursue allegations that NDC was being secretly bankrolled by Verisign, which it says broke ICANN bylaws and new gTLD application rules.

This is denied by ICANN, as well as NDC and Verisign, which have filed legal documents with the IRP panel despite not being parties.

Afilias and others suspect that Verisign wants .web in order to bury it, keeping what could be a strong .com competitor weak, which Verisign also denies.

The IRP panel held a seven-day virtual hearing last August, but has continued to receive briefs from ICANN and Afilias since then.

1 Comment Tagged: , , , , , , , , ,

Net4’s “complete breakdown” is bringing India to a screeching halt, and ICANN could have prevented it

Kevin Murphy, April 20, 2021, Domain Registrars

Domains belonging to hospitals, power grids, public transit services, banks, and other critical services have gone offline due to the collapse of a major local registrar whose troubles ICANN has been aware of for years.

Net 4 India, which has been slowly imploding over the last year, saw a number of its name servers stop functioning last week, leading to customers’ web sites and email services ceasing to work.

Affected customers are not only domainers, web developers, mom-n-pop stores, and small businesses. We’re talking about major players in India’s physical infrastructure, some with billions of dollars of annual revenue.

Power Grid Corporation of India, for example, has complained to ICANN that its primary web site, at powergridindia.com, has gone down, and that its email at that domain is no longer working.

That’s a government-owned company that according to Wikipedia takes in $5.4 billion per year and is responsible for transmitting 50% of the electricity generated in India, a nation of almost 1.4 billion people.

“We are facing problems with DNS of Net4India and due to non availability of email service our operations would affect badly,” a Power Grid employee told ICANN, according to papers filed with Net4’s insolvency court at the weekend.

Others to inform ICANN of outages include:

  • The Delhi Metro Rail Corporation, which with over four million passengers per day is India’s largest mass transit rail network.
  • Multi-billion-dollar conglomerate Bharti Group, which has its fingers in pies such as telecoms, insurance and food, said its “email and other essential business services have been rendered defunct”.
  • The Punjab National Bank, which had revenue of over $9 billion last year, named eight domains, seven of which were in gTLDs, that were with Net4 but no longer work.
  • Global Hospitals India, a private healthcare provider that sees to 18,000 transplant surgeries per year, has seen its .com domain stop working and has been unable to secure an auth code for a transfer out.

I’ve not seen any reports of these internet-based problems spilling over into actual life-threatening issues such as power outages or failures of critical hospital functions, but one can only assume that not having functional email represents a risk of this kind of thing happening.

The customer testimonies cited above were part of a second batch (pdf) sent to the insolvency court handling Net4’s case by ICANN’s head of compliance, Jamie Hedlund, on Sunday.

And those are just a sampling of the over 2,400 complaints about Net4 that ICANN said it received between April 14 and April 16 last week.

Net4’s own web site appears to have been dark for most or all of this month.

And this is all happening as India’s struggle with the coronavirus pandemic hits a low point. Not only have many heavily-populated areas of the country been forced into lockdown in recent days, but the country seems to have spawned its own virus variant, which is raising concerns among scientists worldwide.

A major internet infrastructure crisis couldn’t come at a worse time, but ICANN not only could fix it now but could have prevented it years ago.

ICANN on February 26 told Net4 it would terminate the company’s Registrar Accreditation Agreement, after the company did not get its act together to fix three previous breach notices detailing its customers’ woes, the first of which was issued December 10.

That meant — or should have meant — that after March 13 ICANN would kick off its process of transferring Net4’s domains and customers to a third-party registrar, where none of this downtime nonsense would have occurred.

But the “resolution professional” trying to keep Net4 alive long enough to service its corporate creditors asked the insolvency court to ask ICANN to halt the termination, and the court complied.

Even though neither ICANN nor the court seems to be claiming that the court has any jurisdiction over a California non-profit and an RAA governed by California law, ICANN has nevertheless spent the last five weeks noticeably NOT terminating Net4 and saving its customers as promised.

Hedlund told the court (pdf) at the weekend:

Unfortunately, ICANN currently is not in a position to assist these individuals, businesses and organizations in transferring their domain names from Net 4 to another registrar because ICANN has no access to AuthInfo codes or the technical ability to generate them the way that registry operators, like the National Internet Exchange of India (NIXI), and registrars, like Net 4, can. Rather, ICANN can only assist these registrants by transitioning all of Net 4’s registrations to a functioning registrar through a bulk transfer in connection with ICANN’s termination of Net 4’s RAA, which ICANN has been prevented from doing as a result of this Hon’ble Tribunal’s Ad Interim Order of 16 March 2021

It’s not at all clear from the record why ICANN’s lawyers are allowing Net4’s customers to suffer — and its own compliance department to turn into a de facto replacement for Net4’s absentee customer service department — to abide by the suggestion of a court they claim has no power over it.

In fact, it’s not even clear why ICANN has been playing softball with Net4 since it first issued a breach notice against the firm in June 2019.

At that time, ICANN threatened to suspend Net4 for going into insolvency proceedings — the RAA gives it the right to do so unilaterally when “proceedings are instituted by or against Registrar under any bankruptcy, insolvency, reorganization or other laws relating to the relief of debtors”.

If it had wanted to, ICANN could have terminated Net4 and transferred its domains to a safe registrar in 2019, a year before its troubles (arguably exacerbated by the pandemic) started to cause serious problems for the registrar’s customers.

But ICANN did not act at that time. Instead, court filings and other documents suggest, it chose to cooperate with Net4 and the resolution professional, allowing Net4 to continue to market itself to new customers as an accredited registrar.

Hindsight is a wonderful thing, and it’s something ICANN didn’t have in June 2019.

But now that we do have that luxury, surely we can say that the Net4 debacle is going to have to go down as one of ICANN’s all-time most humiliating and potentially dangerous failures.

3 Comments Tagged: , , , ,

Everything.sucks publishes transfer auth codes for thousands of domains in latest .sucks pimpage

Kevin Murphy, April 19, 2021, Domain Registries

Everything.sucks, which is quickly emerging as one of the world’s most prominent organized cybersquatting projects, has a novel new way to sell .sucks domains without, technically, selling them.

The company, which casts itself as a “non-profit organization and communications forum for social activism” has published the transfer authorization codes for what appears to be the thousands of .sucks domains in its portfolio.

This means that anyone can transfer any of the company’s .sucks domains into their own registrar account with just a few clicks and without asking the current registrant — if they can afford the exorbitant transfer fee and don’t mind legal exposure.

You may recall that Everything.sucks is a Wikipedia-style web site that is fed by traffic from thousands of .sucks domains that, as the company freely admits, match the trademarks of famous companies.

Typing poptarts.sucks into your browser address bar will take you to the Everything.sucks wiki pages for Pop-Tarts, which contains content critical of the brand scraped from third-party web sites.

Everything.sucks emerged last year, and in October I reported that hundreds of .sucks domains were pointing there.

At the time, the web site carried banner ads on each brand’s page that took visitors to secondary-market sales pages at Sedo or Uniregistry, where the price was usually the same as the .suck’s registry’s wholesale price of $200.

I thought it was weird that a registrant at the very least flirting with cybersquatting would put up their domains at cost price, but Vox Populi, the registry, denied any involvement with the domains.

The registrant of these names, according to several UDRP decisions that it lost, is a probably fictitious individual named Pat Honeysalt, from a company called Honey Salt Ltd based in either Turks & Caicos or the UK.

Honey Salt has told UDRP panels that it registers the names on behalf of Everything.sucks. Given the volume of registrations, it must have spent many millions of dollars.

In any event, shortly after the UDRP cases started trickling in and not long after DI’s initial coverage, the banner ads on the .sucks pages disappeared.

And now, the auth codes have appeared. It looks like this:

Poptarts

Publishing auth codes right there on its web site appears to be the latest stage in a cat-and-mouse game Everything.sucks is playing with the trademark lawyers pursuing it through the UDRP process.

The boilerplate reads:

We occasionally buy a dot sucks domain and point it at a specific page. We do this to bring awareness to our site and because, well, we love the dot sucks domain. If you ask us if we would sell the domain, our answer is simple. Absolutely not. We will give it to you.

It’s not technically offering to sell these domains any more, right? As far as this nominal non-profit is concerned, it’s giving them away for free to anyone who wants them, including the brand’s owner.

But if you want the names, you’ve still got to pay for the transfer, of course. In the case of poptarts.sucks, it’s $2,399 at the registrar screen-capped below. Another registrar has the same name priced at $2,599.99.

Poptarts

If we’re following the money here, the only beneficiaries that spring to mind are Vox Pop, which gets its fat-margin registry fee, and the hapless registrar, which gets whatever its markup on a .sucks domain transfer is.

I tried these auth codes at six leading registrars and found that four of their shopping carts informed me point-blank that they do not support .sucks transfers at all.

2 Comments Tagged: , , , , , , ,

Kiwis finally making the switch to EPP with Canadian deal

Kevin Murphy, April 19, 2021, Domain Registries

InternetNZ has picked the winner in its registry replacement project RFP, which will see it switch the entire .nz back-end to the industry standard EPP protocol by the end of next year.

It’s selected the CIRA Registry Platform from Canadian .ca registry CIRA, but will continue to run its own back-end in-house in New Zealand.

InternetNZ had said last October that it planned to overhaul its outdated infrastructure, and put out its feelers for would-be vendors or service providers.

At that time, 65% of its over 720,000 .nz registrations and about 65% of its registrars were still using its old, proprietary Shared Registration System protocol.

Now, SRS is to be deprecated in favor of the CIRA platform and the Extensible Provisioning Protocol that has been industry standard across all gTLDs and many ccTLDs for the better part of two decades.

And they say New Zealand is progressive.

InternetNZ plans to make the switch fully by the end of next year. This is of course going to require some implementation work by registrars, which will have to code new hooks into the .nz registry.

UPDATE: This article was updated April 20 to correct “this year” to “next year”. InternetNZ plans to finish the switch before the end of 2022, not 2021.

Comment Tagged: , , , ,

Squarespace files to go public in New York

Kevin Murphy, April 19, 2021, Domain Registrars

Web site tools maker and registrar Squarespace has filed its papers for an initial public offering on the New York Stock Exchange.

The company is focused on serving small businesses by simplifying the process of building web sites. It sells domains as a value-added service, but it’s not its core competency.

In filing for its IPO, the company said its revenue last year was $621 million, up 28% on 2019. It had a net profit of $30.6 million, down from $58.2 million the previous year.

Squarespace said it has 3.7 million unique subscriptions, but it did not break down how many of those are domain registrations.

Squarespace has been an ICANN-accredited registrar since 2018, but it has historically acted as a Tucows/OpenSRS reseller. That dynamic changed a little last year.

It sold about 10,000 .com domains per month on its own accreditation in the fourth quarter. It’s accredited in many other gTLDs, but has yet to sell any domains there on its own IANA tag.

Comment Tagged: ,

Facebook gunning for Web.com in latest $27 million-plus cybersquatting lawsuit

Kevin Murphy, April 16, 2021, Domain Registrars

Facebook has sued what it believes is a Web.com subsidiary, claiming the company has been engaged in wholesale cybersquatting for well over a decade.

The complaint, filed in a Pennsylvania District Court, alleges that New Venture Services Corp current owns 74 domains, and has previously owned 204 more, that infringe its Facebook, Instagram and WhatsApp trademarks.

While no other named defendants are listed, the complaint makes it abundantly clear that it believes NVSC is a subsidiary of Web.com and a sister of Network Solutions, Register.com, SnapNames and Perfect Privacy.

Facebook is suing partly under the Anti-Cybersquatting Consumer Protection Act, allowing it to claim $100,000 damages per infringing domain, so we’re looking at a floor of $27.8 million of potential damages should the lawsuit be successful.

But it’s also looking for NVSC to hand over any profits it’s made from the domains in question, which are generally parked with ads and listed for sale via the SnapNames network for premium fees.

While NVSC is registered in the British Virgin Islands and uses a Pennsylvania post office box as its mailing address, there’s a wealth of evidence going back to 2007 that it’s been affiliated first with NetSol and then Web.com.

Web.com’s last regulatory filing before it went private in 2017 lists NVSC as a subsidiary, which is probably the most compelling piece of evidence establishing ownership.

It appears that NVSC is a shell company that Web.com uses to hold potentially valuable or traffic-rich domains that its customers have allowed to expire. The names are then parked and put up for resale.

Example domains listed in the complaint include httpinstagram.com, faceebbok.com, facebooc.net, instagram-login.com, and installwhatsapps.com.

One would have to assume these names were captured using a fully automated process; even a cursory human review would clock that they’re useful only to bad actors.

The lawsuit is the latest in Facebook’s crusade against mainstream registrars it believes are profiting by infringing its trademarks, which has already ensnared Namecheap a year ago and OnlineNIC in October 2019.

Namecheap recently filed a counterclaim in which it tries to get some of Facebook’s trademarks cancelled.

Facebook has all but admitted that putting legal pressure on registrars is part of its strategy when it comes to getting the policies it wants out of ICANN on privacy and Whois access, where there’s currently an impasse.

Here’s the complaint (pdf).

Comment Tagged: , , , , , , , , , , , , ,