Latest news of the domain name industry

Recent Posts

Travel expenses push ICANN into the red again

Kevin Murphy, May 16, 2024, Domain Policy

ICANN is spending millions of dollars more than expected in its current financial year, which it blames mainly on inflation pushing up the price of flights and hotels.

The latest quarterly financial report, for the nine months to March 31, shows ICANN operations spent $112 million in the period, which was $6 million more than it had budgeted for. Funding was $113 million, $3 million more than expected, leading to a total deficit of $3 million.

ICANN said the costs were “driven by higher than planned costs for ICANN78, ICANN 79, community programs, and support of meetings other than ICANN Public meetings… primarily due to inflationary increases to travel and venue costs”.

ICANN 79, which took place in Puerto Rico in March, cost $600,000 more than budget. This was due to higher flight and hotel prices and more sessions than had been planned. ICANN said in February that October’s meeting in Hamburg had come in $900,000 over budget.

Funding for the nine months came in ahead of budget largely due to better-than-expected registrar fees, most likely related to drop-catching registrar Gname’s decision to buy 150 more registrar accreditations last December.

The report, which covers the third quarter of ICANN’s fiscal 2024, also breaks out how much some of the Org’s important projects have cost.

The Grant Program, which launched at the end of the quarter, has cost almost $1.4 million in development and operating expenses since July 2022, about $18,000 over budget. That’s obviously a big chunk of the $10 million ICANN intends to hand out this year, but nothing compared to the auction proceeds fund that the grants come from — that was up $9 million to $226 million since last July based on investment gains.

The Registration Data Request Service, which launched last November, has cost just shy of $2 million to develop and run since December 2022. Compare this to the $100 million a year ICANN had predicted before the ambitions of the original proposed project were massively scaled back.

Overall, ICANN’s financial position is still incredibly healthy. Its total funds under management was up $11 million to $529 million over the nine months due to investment gains.

Comment Tagged: ,

ICANN preparing for ONE HUNDRED registry back-ends

The number of gTLD registry back-end providers could more than double during the next new gTLD application round, ICANN’s board of directors has been told.

There are currently about 40 registry services providers serving the gTLD industry, but ICANN is preparing for this to leap to as many as 100 when it launches its Registry Service Provider Evaluation Program for the 2026 application round.

“We’re preparing, I think, for roughly a hundred or so applications which will include the 40 existing providers that we’re aware of, and another 60 or so is sort of our rough market sizing,” Russ Weinstein, a VP at ICANN’s Global Domains Division, told the board during a meeting in Paris last week.

The number is based on what ICANN is preparing to be able to handle, rather than confirmed applicants to the RSP program, it seems.

“We are hoping to see some diversification and new entrants into the space,” Weinstein said.

Board member Edmon Chung elaborated that he expects most of the new entrants to be ccTLD registries hoping to break into the gTLD market.

“We can expect a few more ccTLD registries that might be be interested,” he said. “We’re probably not expecting a completely new startup that just comes in and becomes a registry, but beyond the 40, probably a few more ccTLDs.”

ccTLD registries already active in the gTLD market following the 2012 application round include Nominet, Nic.at and AFNIC, which tend to serve clients that are based in the same timezone and use the same native language.

2 Comments Tagged: , , ,

DNS Abuse Institute changes name

Kevin Murphy, May 14, 2024, Domain Services

The DNS Abuse Institute is rebranding around its flagship product in order to make its name shorter and less confusing, according to the organization.

It’s now called the NetBeacon Institute, after a free security service it launched two years ago, and its products are also being renamed accordingly.

The old NetBeacon service, a clearinghouse for DNS abuse reports, is now called NetBeacon Reporter. The old DNSAI Compass abuse metrics reporting service is now the NetBeacon Measurement and Analytics Platform.

“The old name was a bit long, generated confusion, and required explanation,” executive director Graeme Bunton said on social media.

It’s moved its internet presences from dnsabuseinstitute.org to netbeacon.org.

NetBeacon’s services are free and funded by .org registration fees collected by Public Interest Registry.

Comment Tagged: ,

A new way to game the new gTLD program

Kevin Murphy, May 13, 2024, Uncategorized

It may not help you win a gTLD, but a new method for screwing over your enemies in ICANN’s new gTLD program has emerged.

As I reported earlier today, it seems quite likely that ICANN is going to add a new step in the new gTLD evaluation process for the next round — testing each applied-for string in the live DNS to see if it causes significant name collision problems, breaking commonly deployed software or leading to data leaks.

The proposed new Technical Review Team would make this assessment based in part on how much query traffic non-existent TLDs receive at various places in the DNS, including the ICANN-managed root. A string with millions of daily queries would be flagged for further review and potentially banned.

The Name Collision Analysis Project Discussion Group, which came up with the new name collisions recommendations, reckons this fact could be used against new gTLD applicants as a form of sabotage, as it might be quite difficult for ICANN to figure out whether the traffic is organic or simulated.

The group wrote in its final report (pdf):

In the 2012 round, the issue of name collisions included an assumption that the existence of any name collision was accidental (e.g., individuals and organizations that made a mistake in configuration). In future rounds, there is a concern on the part of the NCAP DG that name collisions will become purposeful (e.g., individuals and organizations will simulate traffic with an intention to confuse or disrupt the delegation process)…

Determining whether a name collision is accidental or purposeful will be a best-effort determination given the limits of current technologies.

We’re basically talking about a form of denial of service attack, where the DNS is flooded with bogus traffic with the intention of breaking not a server or a router but a new gTLD application filed by a company you don’t like.

It probably wouldn’t even be that difficult or expensive to carry out. A string needs fewer than 10 million queries a day to make it into the top 25 non-existent TLDs to receive traffic.

It would make no sense if the attacker was also applying for the same gTLD — because it’s the string, not the applicant, that gets banned — but if you’re Pepsi and you want to scupper Coca-Cola’s chances of getting .coke, there’s arguably a rationale to launch such an attack.

The NCAP DG noted that such actions “may also impact the timing and quantity of legal objections issued against proposed allocations, how the coordination of the next gTLD round is designed, and contention sets and auctions.”

“Name collisions are now a well-defined and known area of concern for TLD applicants when compared to the 2012 round, which suggests that individuals and organizations looking to ‘game’ the system are potentially more prepared to do so,” the report states.

I’d argue that the potential downside of carrying out such an attack, and getting found out, would be huge. Even if it turns out not to be a criminal act, you’d probably find yourself in court, with all the associated financial and brand damage that would cause, regardless.

Comment Tagged: , , ,

.home, .mail and .corp could get unbanned

Kevin Murphy, May 13, 2024, Domain Tech

The would-be new gTLDs .home, .mail and .corp — which were some of the most hotly contested strings in the 2012 application round before ICANN banned them — could get a new lease of life if ICANN adopts the recommendations of a panel of security experts.

More than 20 applications for the three strings were first put on hold, and then rejected outright in 2018, due to the risk of name collisions — where a TLD in the public DNS clashes with a domain used extensively on private networks.

The three non-existent TLDs receive more than 100 million queries per day at the DNS root due to queries leaking out from private networks, creating the risk of stuff breaking or sensitive data being stolen if they were to ever be delegated.

But now ICANN has been told that it “should not reject a TLD solely based on the volume of name collisions” and that it should submit .home, .mail and .corp to a new, more nuanced “Name Collision Risk Assessment Process”.

The recommendations comes in a newly published and rather extensive final report (pdf) from the Name Collision Analysis Project Discussion Group, which has been looking into the name collisions problem for the last four years.

While NCAP says ICANN should create a Collision String List of high-risk strings that new gTLD applicants could consult, it stopped short of recommending that the Org preemptively ban strings outright with a “do not apply” list, writing:

Regarding .CORP, .HOME, and .MAIL, high query volume is not a sufficient indicator of high-risk impact. The complexity and diversity of query sources further complicate the assessment of risk and impact. It is impractical to create a pre-emptive “do-not-apply” list for gTLD strings due to the dynamic nature of the DNS and the need for real-time, comprehensive analysis.

.corp might have a relatively easier time getting unblocked. NCAP figured out that most queries for that TLD are due to one “globally dominant software package” made by Microsoft that uses .corp as a default setting. This problem would be easier to fix than .home, which sees bogus traffic from a huge range of sources.

.mail also might be safe to delegate. NCAP noted that at least six gTLDs with more pre-delegation query traffic — .network, .ads, .prod, .dev, .office and .site — were subsequently delegated and received very low numbers of collision reports from live deployment.

Instead of banning any string, NCAP instead proposes a new Name Collision Risk Assessment Framework.

Under the framework, a new Technical Review Team would be in charge of testing every applied-for gTLD not already considered high risk for collision risks and placing the high-risk ones on a Collision String List of essentially banned strings.

To do so, the applied-for gTLD string would have to be actually delegated to the live DNS root zone, under the control of the TRT rather than a registry or applicant, while data is gathered using four different methods of responding to query traffic not unlike the “controlled interruption” method currently in use.

This would be a huge break from the current system, under which gTLDs only get delegated after ICANN has contracted with a registry operator, but it would mean that IANA would be able to quickly yank a gTLD from the DNS, if it started causing serious problems, without stepping on anyone’s commercial interests or inviting legal action.

There’s little doubt that the proposed framework would add friction to the new gTLD evaluation process in the next round, but the fact that NCAP has delivered its recommendations ahead of its original schedule is good news for those hoping for no more delays to the next round actually launching.

The NCAP study was considered on the critical path to the next round. It’s already been approved by the Security and Stability Advisory Committee and is expected to be considered by ICANN’s board of directors at an upcoming meeting. Implementing the recommendations would obviously take some time, but I doubt that would delay the expected Q2 2026 opening of the next application window.

The new recommendations on .corp, .home and .mail mean those gTLDs could well come back into play in the next round, which will come as cold comfort to the applicants who had their $185,000 application fees tied up for years before ICANN finally decided to ban them in 2018, offering a full refund.

There were seven applicants for .mail, six for .corp, and a whopping 11 for .home. Applicants included GoDaddy, Google, Amazon, and Identity Digital.

According to ICANN’s web site, Google never actually withdrew its applications for .home, .corp and .mail, and Amazon never withdrew its application for .mail. If that’s accurate, it could lead to some interesting disputes ahead of the 2026 application round.

Comment Tagged: , , , ,

Unstoppable to apply for Women in Tech gTLD

Unstoppable Domains and Women in Tech Global have announced that they plan to apply for a new gTLD when ICANN opens the next application round.

They want .witg, which Unstoppable has already launched on its blockchain-based naming system. They cost $10 a pop.

Unstoppable says the names come with some social networking features, as well as the usual ability to address cryptocurrency wallets.

The company has also recently announced gTLD application partnerships with POG Digital for .pog, Clay Nation for .clay and Pudgy Penguin for .pudgy.

Unstoppable is mainly competing here with D3 Global, which is also recruiting blockchain businesses that want to embrace the DNS when the next round opens.

Comment Tagged: , , , , , , ,

Bob Parsons publishes autobiography

GoDaddy founder and former CEO Bob Parsons has published his rags-to-riches autobiography, Fire in the Hole!

Subtitled The Untold Story of My Traumatic Life and Explosive Success, the book is co-written with jobbing celebrity biographer Laura Morton, who’s previously worked with GoDaddy-sponsored racing driver Danica Patrick.

It promises to detail “the exploits of his youth, his hellish days at the mercy of Catholic school nuns, his harrowing tour of combat duty in Vietnam as a US Marine, his pioneering contributions to the software and internet industries, and his latest ventures in power sports, golf, real estate, and marketing.”

“This is a story of how I started with absolutely nothing and made over $3 billion,” Parsons said in a press release.

Published yesterday by Forefront Books, it’s already ranked #1 in Golf Biographies on Amazon.

I’m going to wait for the paperback, so I can’t speak to its contents, but cover quotes reveal that Jada Pinkett-Smith, Rob Lowe and Nick Jonas all enjoyed it.

3 Comments Tagged:

GoDaddy getting a free pass from porn jail?

ICANN has shirked its compliance duties and is handing GoDaddy a “Get Out of Jail Free” card with proposed changes to their .xxx registry agreement, according to critics.

A recently closed public comment period saw a mixed response from the community on whether GoDaddy should be allowed to throw out inconvenient and costly terms of its 10-year-old registry contract and operate .xxx more of less like any other open gTLD.

While the deal’s chief critic, consultant and former ICANN director Michael Palage, has made a detailed case explaining why he thinks the amendments should not go ahead, other commenters agree with GoDaddy that some of its stricter registration policies are no longer needed.

Tucows said that the current .xxx rules, which require registrants to verify their identities, are “cumbersome or non-transparent”, not only adding unnecessary friction to the registration path but also amounting to the “surveillance of sex workers”.

Palage managed to persuade the At-Large Advisory Committee to submit its own comments, in which ALAC claims that GoDaddy has already “walked away” from three important contractual commitments on registrant verification and abuse reporting “unilaterally and without consequence from ICANN Contractual Compliance”.

According to Palage, when GoDaddy acquired ICM Registry from MMX a few years ago it unilaterally decided to stop verifying the identities of its registrants and did away with the unique community membership IDs that enabled it to deactivate a registrant’s entire portfolio if it was found to be in breach of the rules by, for example, publishing child sexual abuse material.

ICM also stopped donating $10 for every registration to its oversight body, IFFOR, which in turn spent the money it did receive on director salaries rather than making cash grants to child protection causes, Palage says. I’ve previously gone into some depth on this.

“I am concerned that instead of ICANN compliance holding ICM Registry accountable to these representations, they’re essentially giving them a get out of jail card free and potentially removing the ability for third parties to hold ICM Registry accountable to those representations,” Palage said during a March presentation to the ALAC.

His draft comments for the ALAC were subsequently submitted under his own name; ALAC submitted a shorter, somewhat watered down version drafted by chair Jonathan Zuck.

But ALAC and Palage are in agreement that GoDaddy should have gone through the usual Registry Services Evaluation Process if it wanted to change the terms of its contract, and that the proposed amendments set a terrible precedent. ALAC wrote:

ALAC believes that commitments made in order to operate a TLD by a Registry Operator should be enforceable, subsequently implemented by the Registry Operator, and enforced by ICANN Contractual Compliance… The ALAC is concerned that the removal of commitments, through a contract renewal, could set a precarious precedent for non-compliance without repercussion for existing Registry Operators

The Business Constituency echoed ALAC’s concerns in its own comments, as did registry operator CORE Association.

Comments in favor of the .xxx amendments came from two veteran, dissenting voices from the At-Large community, Evan Leibovitch and Carlton Samuels. They said removing the extra requirements from the .xxx contract would reduce confusion and were worthless anyway:

Given the benefit of hindsight, the “Sponsored gTLD” program and designation have not on the whole provided any significant benefit to the Internet-using public. As such, we welcome the removal of this designation — and any associated extra contract requirements — from all applicable Registry Agreements going forward.

Tucows’ support for the amendments are based largely on what a pain in the neck it can be — for registrant and registrar — to register a .xxx domain. Its comments explain:

Currently, to register a .xxx domain, one must become a member of the Sponsored Community, which involves a separate application process to verify eligibility. This extra step is a barrier for those looking to quickly secure a domain. Additionally, the domain cannot resolve—meaning it cannot be used to host a website—without a valid Membership ID, which is only issued after this verification process… This activation involves additional interactions between the registry, the registrant, and the registrar. Additional steps in the registration process can be a significant deterrent as they introduce complexity and time delays.

I’m not really buying the “surveillance of sex workers” claim. Porn producers in many jurisdictions, including the US, already routinely verify the identities of their performers, and keep copies of their identity documents on file, as a legal requirement to ensure their employees are not underage.

ICANN is due to publish its summary of the public comment period by May 20.

How ICANN handles the renewal of and amendments to the .xxx contract will be interesting to watch. Will the Governmental Advisory Committee get a chance to weigh in before the deal is signed? Will the board pass a resolution, or will we see a repeat of the .org renewal debacle?

Comment Tagged: , , ,

Correction: Sinha’s seat is safe

Kevin Murphy, May 3, 2024, Domain Policy

Last Friday, I speculated that, based on my back-of-the-envelope calculations, ICANN chair Tripti Sinha could find herself ineligible to continue on the ICANN board of directors this November, due to geographic diversity quotas.

My calculations were incorrect, it turns out. While she still needs to be reappointed by the Nominating Committee, Sinha is not limited by the geographic diversity limits. I’ve deleted the article and apologize for the error.

Comment Tagged: , , , ,

Chinese domains plummet again in 2023

There was almost no movement in the number of .cn domain names registered in 2023, according to the registry.

CNNIC had 20,125,764 .cn names under management at the end of last year, compared to 20,101,491 at the end of 2022, according to its recently published end-of-year report.

That’s an increase of under 25,000 domains, about a tenth as many net regs as fellow leading ccTLD .de, the domain for far less-populous Germany.

CNNIC also tracks the overall number of domains registered in-country, regardless of TLD, and that dropped dramatically again, following the trend of years.

There were 31,595,563 domains registered in China at the end of December, compared to 34,400,483 a year earlier, according to the report.

Comment Tagged: ,