Latest news of the domain name industry

Recent Posts

CentralNic revenue almost doubles

CentralNic has reported its preliminary first-half financial report, showing a top line that almost doubled compared to last year.

The company, which nowadays makes most of its growth from domain monetization, saw revenue up 92% to $335 million, driven by acquisitions. Organic revenue growth was up 62%.

Adjusted EBITDA was up 85% at $38 million, CentralNic said.

The company credited its online marketing segment, which it has built through acquisitions over the last couple of years, for the bulk of the growth.

Speaking of acquisitions, CentralNic also said today that it’s on the hook for $1,138,400 due to the acquisition of KeyDrive — holding company for the likes of registrar Moniker and registry KSRegistry — which was carried out in 2018.

That’s at the low-end of the up to $10.5 million in performance-related acquisition payout announced at the time.

Comment Tagged: , , , ,

Feds warn of Covid risk from “dark” Whois

Kevin Murphy, July 19, 2022, Domain Policy

The US Food and Drug Administration has escalated its beef with ICANN, warning that inaccessible Whois data is making it harder to tackle bogus Covid-19 “cures” and the country’s opioid crisis.

Catherine Hermsen from the FDA’s Office of Criminal Investigations wrote to ICANN CEO Göran Marby last week to complain that some registrars do not adequately respond to abuse complaints and that ICANN ignores follow-up complaints from government agencies.

She doubled down on the FDA’s previous complaint that ICANN’s inaction may be because it is funded by the industry, but back-pedaled on previous insinuations that ICANN’s leadership were putting their own big salaries ahead of public safety.

The beef started in early June, when an organization called Coalition for a Secure & Transparent Internet — basically a front for the likes of DomainTools and other companies whose business models are threatened by privacy legislation — held a one-sided webinar entitled “The Threat of a Dark WHOIS”.

On that webinar, Daniel Burke, chief of the FDA’s Investigative Services Division, lamented the lack of cooperation his agency gets when requesting private Whois data from “certain” registrars, and pointed to cases where the FDA’s inability to quickly get fake pharma sites, including those related to Covid-19, shut down have led to deaths.

He also said that complaints to ICANN about non-compliant registrars fall on deaf ears, to the point that it no longer bothers complaining, and suggested that ICANN and domain companies are financially incentivized to be uncooperative.

Burke quoted the writer Upton Sinclair: “It is difficult to get a man to understand something when his salary depends on his not understanding it.”

“I have found that’s the case with my interactions with ICANN and certain registries and registrars,” Burke said. “They just don’t want to listen… it’s a money-maker for them right now, it’s not profitable for them to deal with it.”

Marby also “spoke” on the CSTI webinar, but his brief intervention was actually just an out-of-context snippet — the “GDPR is not my fault!” T-shirt speech — taken from a recording of an ICANN webinar back in January and presented — dishonestly in my opinion — as if it had been filmed as a contribution to the CSTI discussion.

His inability to directly respond to Burke live led him to write to the FDA (pdf) a couple of weeks later to dispute some of his claims.

First, Marby said the the FDA does not need to obtain a subpoena to get access to Whois data. Registrars are obliged to respond to “legitimate interest” requests, when balanced against the privacy rights of the registrant, he said. He added:

In a few instances, government agencies have submitted complaints to ICANN Contractual Compliance regarding registrars’ refusal to provide non-public registration data. These agencies were ultimately successful in gaining access to the requested data without having to obtain a subpoena or lawful order.

Second, Marby disputed the financial motivation claims, writing: “ICANN’s leadership’s salaries are in no way tied to or dependent upon domain name registrations.”

Third, he offered a (pretty weak, in my view) defense against the claim that ICANN ignores complaints from government agencies, pointing out: “ICANN is not political and, therefore, takes actions to ensure that the workings of the Internet are not politicized.”

He also pointed out that ICANN operates a system called DNSTICR which monitors reports of DNS abuse related to the pandemic and alerts the relevant registries and registrars.

The problem here is that ICANN’s definition of abuse is pretty narrow and does not extend to web sites that sell industrial bleach as a Covid cure. That would count as “content” and ICANN is not the “content police”.

That’s pretty much what Hermsen says in the latest missive (pdf) in this row.

DNS security threats such as malware and phishing, however, were not what SA Burke was referring to in his presentation. Given the agency’s public health mission, FDA has been working during the pandemic to protect Americans from unproven or fraudulent medical products claiming to treat, cure, prevent, mitigate or diagnose COVID-19…

Given your stated concerns regarding COVID-19-related malware and phishing activity, we trust that you are equally concerned about registrars who may not be following the [Registrar Accreditation Agreement’s] requirements to “investigate” and “respond appropriately” following receipt of notifications about abuse, particularly complaints reporting activity involving COVID-19-related fraud or activity exacerbated the current opioid addiction crisis — especially in light of ICANN’s singular ability to enforce the terms of RAAs.

She also comes back, splitting hairs in my opinion, on the ICANN salaries claim, stating: “SA Burke was not referring to ICANN’s leadership salaries… SA Burke was referring more generally to the substantial source of funding ICANN receives from domain name registries and registrars.”

ICANN has just started work on a Whois Disclosure System that, while pretty weak, may make it slightly easier for government agencies to obtain the data they want.

2 Comments Tagged: , , , , , , ,

ICANN names NomCom chairs

Kevin Murphy, July 18, 2022, Domain Policy

ICANN has announced its picks for chair and chair-elect of its influential Nominating Committee, raising questions about the latter role for not the first time.

The board of directors has picked Vanda Scartezini as chair and Amir Qayyum as chair elect, according to a newly published resolution.

It’s the third time in recent years that the previous year’s chair-elect, in this case Damon Ashcraft, has not gone on to become chair, as the ICANN bylaws anticipate.

The bylaws say that the chair-elect, who does not have a vote, is basically an apprentice to the chair who spends a year on the committee to prepare her or him for the big seat. The bylaws also say that the ICANN board can pick another person for chair if it wants to.

In this case, while Scartezini was on the 2022 committee she was not chair-elect.

Something similar happened last year, when the board picked 2021 chair-elect Tracy Hackshaw for chair, then changed its mind two weeks later.

It also caused a controversy in the 2015 cycle when it snubbed Ron Andruff.

The NomCom is responsible for picking several leadership roles in the ICANN community, including three directors per year.

New chair Scartezini is from the At-Large community and Brazil. Qayyum is from the root server community and Pakistan.

Comment Tagged: ,

ICANN’s top brass get pay raises

Kevin Murphy, July 18, 2022, Domain Policy

ICANN’s CEO and several top executives are to receive pay raises amounting to tens of thousands of dollars.

The Org’s board of directors has approved a 4% raise for Göran Marby and four other of the top brass, with CFO Xavier Calvez getting an extra 4.5%.

The board also approved the payment of Marby’s bonus, but the amount — capped at 30% of his salary — will likely not be disclosed until ICANN files its tax returns.

It’s the fourth year in a row the CEO has received a pay rise.

Last year it was 3% andthe year before’s was 5%, but it was not a unanimous decision of the board. It’s not yet known how this year’s vote broke down.

The other execs receiving a raise of up to 4% are general counsel John Jeffrey, senior VPs Theresa Swinehart and David Olive and CIO Ashwin Rangan. None of them earned less than $450,000 in ICANN’s last tax filings.

The board resolution states that Marby’s salary is still lower than the low end of the 50-75th percentile of comparable industry salaries, though this formula is sometimes criticized for weighing tech industry CEOs in with non-profit CEOs.

2 Comments Tagged: ,

New gTLD prep work delayed until December

Kevin Murphy, July 15, 2022, Domain Policy

ICANN has confirmed that the current phase of preparation for the next round of new gTLDs will last six weeks longer than previously expected.

The new deadline for the delivery of the Operational Design Assessment for the project is December 12, almost certainly pushing out board consideration of the document out into 2023.

The extension follows the GNSO’s approval of a new Whois Disclosure System, which will suck Org resources from the new gTLDs ODP as work on both continues in parallel.

ICANN chair Maarten Botterman confirmed the delay yesterday, and the precise length was disclosed by staff in a blog post today. It says in part:

While we’re sharing our best estimate of the impact that the WHOIS Disclosure System design paper work could have on the SubPro ODA in the interest of transparency, rest assured that we are simultaneously moving forward on the ODA and actively seeking ways to streamline and minimize the impact as much as possible.

The updated timetable has been published here.

Comment Tagged: , , , ,

New gTLDs WILL be delayed by Whois work

Kevin Murphy, July 14, 2022, Domain Policy

The next round of new gTLD applications will be delayed by ICANN’s work on Whois reform, ICANN chair Maarten Botterman confirmed today.

In a letter to his GNSO Council counterpart Philippe Fouquart, Botterman states that the new gTLDs Operational Design Phase, which was due to wrap up in October, will have to proceed with an “extended timeline”.

This is because the GNSO has pushed the concept of a Whois Disclosure System, previously known as SSAD Light and meant to provide the foundations of a system for access private Whois data, and ICANN needs time to design it.

Botterman wrote (pdf):

there is an overlap in org resources with the relevant expertise needed to complete these efforts. As a result, work on the [Whois] design paper will impact existing projects. While SubPro [new gTLDs] ODP work will not stop during this period, we anticipate that an extended timeline will be required to account for the temporary unavailability of resources allocated to the design paper work.

Botterman did not put a length of time to these delays, but previous ICANN estimates have talked about six weeks. GNSO members had worried that this estimate might be a low-ball that could be extended.

ICANN had given the GNSO the option to choose to delay Whois work to complete the SubPro ODP, but it could not come to an agreement on which project was more important, and seemed to resent even being asked.

Comment Tagged: , , , , ,

ICANN backtracks on legal waiver for ICANN 75

Kevin Murphy, July 13, 2022, Domain Policy

ICANN has softened the language in the legal waiver it requires all of its public meeting attendees to agree to.

The waiver for ICANN 75, due to take place in Kuala Lumpur in September, no longer requires you to absolve ICANN from blame if you get sick due to the Org’s own gross negligence.

For last month’s ICANN 74 in The Hague, the waiver stated:

I knowingly and freely assume all risks related to illness and infectious diseases, including but not limited to COVID-19, even if arising from the negligence or fault of ICANN.

The Kuala Lumpur waiver states:

I knowingly and freely assume all risks related to illness and infectious diseases, including but not limited to COVID-19.

So if an infected ICANN staffer spits in the coffee, this time you could probably sue.

The 74 waiver caused a fair few complaints when it first emerged. It was accused of being “excessive” by the CEOs of Blacknight and the Namibian ccTLD registry in a Request for Reconsideration that was eventually dismissed by the ICANN board of directors.

It also caused the At-Large Advisory Committee to issue a withering takedown accusing ICANN of insensitivity and intimidation, which ICANN’s chair brushed off (pdf) a couple weeks ago.

There are other language changes in the new waiver, but none seem to be as significant as ICANN making itself legally bullet-proof.

Kuala Lumpur will have substantially the same Covid-19 precautions as The Hague, which includes mandatory mask-wearing indoors, testing, and social distancing, ICANN has confirmed.

Comment Tagged: , , , ,

Community tells ICANN to walk and chew gum at the same time

Kevin Murphy, July 13, 2022, Domain Policy

Whois or new gTLDs? Whois or new gTLDs? Whois or new gTLDs?

It’s the question ICANN has been pestering the community with since early May. ICANN can’t work on developing the proposed Whois Disclosure System (formerly known as SSAD) without delaying work on the next round of new gTLDs, Org said, so the community was given a Sophie’s Choice of which of its babies to sacrifice on the altar of failed resource planning.

And now it has its answer: why the heck can’t you do both, and why the heck are you asking us anyway?

GNSO Council chair Philippe Fouquart has written to Maarten Botterman, his counterpart on the ICANN board of directors, to request that Org figure out how to do both Whois and new gTLDs at the same time, and to existing deadlines:

While Council members might differ on which project should take precedence, there is unanimous agreement that the Subsequent Procedures ODP and SSAD development are among the most important tasks before ICANN. Therefore, we urge that every effort should be undertaken by ICANN Org to complete the work in parallel and to meet currently published milestones.

Fouquart goes on (pdf) to puzzle as to why ICANN decided to “inappropriately include the broad community in the minutiae of ICANN operations planning”.

ICANN had told the GNSO that if it wanted the Whois work to kick off, it would add “at least” six weeks of delay to the new gTLDs Operational Design Phase, which is scheduled to wrap up in October.

Naturally enough, folks such as IP lawyers were very keen that ICANN start to do something — anything — to roll back the damage caused by GDPR, while domain-selling companies are anxious that they get more inventory for their virtual shelves.

The public record has always been a bit sketchy on where the resource bottleneck actually is, in an organization with half a billion bucks in the bank, a $140 million operating budget, and around 400 staff.

Maintaining Whois and the expansion of the root zone are, after all, two of the main things ICANN was founded to do, being unable to do both at once could be seen as embarrassing.

But now it has its answer, as unhelpful as it is.

And it only took two months.

Comment Tagged: , , , , ,

Five things I learned from UK prime minister candidates’ domain names

Kevin Murphy, July 11, 2022, Gossip

Boris Johnson announced he is to resign as UK prime minister after a series of scandals last week, and as of this evening 11 of his former friends have announced their plans to replace him as leader of the Conservative party and therefore UK PM.

I’ll spare you the details of Johnson’s downfall and the process used to find his successor, but domain names became part of the story over the weekend when a so-called “Dirty Dossier” began circulating among Tory MPs, denouncing candidate Rishi Sunak.

Among the allegations was that Sunak, whose resignation as chancellor last week eventually led to the Johnson’s own resignation, had been plotting Johnson’s demise and his own rise to power since last December, using Whois records for his campaign site as a smoking gun.

I thought I’d take a look at all 11 candidates’ registrations to see what else we could learn.

1. Sunak wasn’t the only “plotter”

Sunak came under scrutiny over the weekend when it emerged that the domain name readyforrishi.com has been registered since December 23 last year, a few weeks into the Partygate scandal, when the foundations of Johnson’s premiership began to weaken.

This, it was claimed in the Dirty Dossier, showed that Sunak had been plotting his boss’s downfall for six months.

His team have subsequently claimed that the name wasn’t necessarily registered by them, and his campaign is currently using the similar domain ready4rishi.com, which was registered July 7, the day Johnson announced his resignation.

The December domain forwards to Sunak’s official campaign site, suggesting its registrant is at the least a supporter.

We can’t tell for sure because all Whois records are redacted due to GDPR, which is still in effect in the UK despite Brexit.

But Sunak wasn’t the only prescient registrant in the clown car. Liz Truss’s campaign site is at lizforleader.co.uk, which was registered June 8, a month before there was a leadership job opening available, Whois records show.

Jeremy Hunt, Tom Tugendhat and Sajid Javid have names registered last week. Penny Mordaunt’s pm4pm.com was registered in 2019, but that’s because she also stood for Tory leader in 2019, ultimately losing to Johnson.

2. Not much patriotism on display

Of the 11 candidates, only five are campaigning using .uk addresses.

Kemi Badenoch uses a .org.uk. Suella Braverman uses a .co.uk. While Jeremy Hunt usually uses a .org, he’s using a .co.uk for his campaign. Same for Truss. Javid is using a thoroughly modern .uk, eschewing the third level, at teamsaj.uk.

All the rest use a .com for their sites.

3. Truss and Hunt didn’t register their matching .uk

While Javid appears to have registered the .co.uk matching his .uk, Truss and Hunt have not registered their matching second-level domains, which is just asking for trouble from pranksters and opponents.

That said, while it’s been six or seven years since .uk domains became available from Nominet, they haven’t really caught on in terms of adoption or popular mind-share. It would be a much greater crime to register a 2LD without the matching 3LD than vice versa.

4. Two candidates own their surnames

While all of the candidates own their full names in their chosen TLDs, only Grant Shapps and Nadhim Zahawi own their .com surnames.

Whois records and Archive.org show that Shapps has owned Shapps.com since 2000, years before he won his first parliamentary seat. He has a history of being involved in questionable online get-rich-quick schemes and used to follow me on Twitter, so he’s probably quite domain-savvy.

Zahawi, who’s been Chancellor of the Exchequer since Sunak quit last week, has owned zahawi.com since he first ran for parliament in 2009.

5. Here’s what domains everyone else is using

According to Google and the Twitter accounts of the candidates, these are the URLs used by each candidate for their regular official sites and, if they have one, their premiership campaign sites.

Note that in most cases their regular sites are managed by a company called Bluetree, which specializes in running boilerplate web sites for Tories, so the choice of domain may not necessarily be the choice of the MP in question.

Kemi Badenochkemibadenoch.org.ukfacebook.com/kemibadenoch
Suella Bravermansuellabraverman.co.uk
Rehman Chishtirehmanchishti.com
Jeremy Huntjeremyhunt.orgjeremyhunt2022.co.uk
Sajid Javidsajidjavid.comteamsaj.uk
Penny Mordauntpennymordaunt.compm4pm.com
Grant Shappsshapps.com
Rishi Sunakrishisunak.comready4rishi.com
Liz Trusselizabethtruss.comlizforleader.co.uk
Tom Tugendhattomtugendhat.orgtimefortugendhat.com
Nadhim Zahawizahawi.com

3 Comments Tagged: ,

Universal unacceptance? ICANN lets XYZ dump languages from UNR gTLDs

Even as CEO Göran Marby was accepting an ambassadorship from the Universal Acceptance Steering Group last month, ICANN was quietly approving a registry’s plan to drop support for several languages, potentially putting dozens of domains at risk.

It seems portfolio registry XYZ.com was having problems migrating the 10 gTLDs it recently acquired in UNR’s firesale auction from the UNR back-end to long-time partner CentralNic, so it’s cutting off some language support to ease the transition.

The company told ICANN in a recent Registry Services Evaluation Process request (pdf) that internationalized domain names in Cyrillic, Chinese, Japanese and German were “causing issues with the [Registry System Testing] for the technical transition”.

“So, in order to move forward with the migration to CentralNic, we have no choice but to remove support for these IDNs. This will only impact fewer than 50 registrations in these TLDs,” the company told ICANN.

I asked both XYZ and CentralNic whether this means the IDN domains in question would be deleted but got no response from either.

Support for the four languages will be removed in .christmas, .guitars, .pics, .audio, .diet, .flowers, .game, .hosting, .lol, .mom according to contractual amendments that ICANN has subsequently approved.

The RSEP was published the same week ICANN signed a memorandum of understanding with .eu registry EURid, promising to collaborate on IDNs and universal acceptance.

The same week, Marby, who has stated publicly on several occasions his commitment to IDNs and UA, was named an honorary ambassador of the UASG to “help amplify the importance of UA work to enable a multilingual Internet”.

UPDATE July 24, 2022:
CentralNic CTO Gavin Brown says:

I can confirm that no domains will be deleted or suspended due to the withdrawal of these IDN tables. The RSEP request template we provided to XYZ incorrectly stated that domains would be deleted, however, neither we nor XYZ have any plans to delete or suspend any domains, and we hope to re-enable the IDN tables in the near future.

2 Comments Tagged: , , , , ,