Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
Four of the top 100 brands have insecure domain names
Some of the world’s most famous global brands have domain names that are still vulnerable to the Kaminsky exploit and could be hijacked by others.
Earlier today, I ran all of the brands on Deloitte’s list of the top 100 brands through a vulnerability testing tool provided by IANA.
The results show that four of these brands – all household names – have domains classed as “highly vulnerable” to the Kaminsky exploit.
If the IANA test is reliable, this means that false data could be injected into their name servers, potentially redirecting users to a web site belonging to the attacker.
Another eight brands had domains that the IANA tool reported might be “vulnerable” to attacks, but which had measures in place to mitigate the risk.
The Kaminsky bug has been public for almost two years. It’s a cache poisoning attack in which a recursive name server is tricked into providing false data about a domain.
It becomes particularly scary when a domain’s authoritative name servers also have their recursive functions turned on. A successful attack could redirect all traffic to a compromised domain to a server managed by the attacker.
The surest way to avoid vulnerability is to turn off recursion. IANA says: “Authoritative name servers should never be configured to provide recursive name service.”
Alternatively, a method known as source port randomization can make the risk of being compromised by the Kaminsky exploit so small it’s barely a threat at all.
The IANA tool reports that four of the top 100 brands have at least one “highly vulnerable” authoritative name server that has recursion enabled and no source port randomization.
The other eight “vulnerable” domains were identified as running on at least one authoritative server that had recursion turned on and source port randomization enabled.
I’m not an expert, but I don’t believe this second category of companies has a great deal to worry about in terms of Kaminsky.
I picked the Deloitte brand list for this experiment because it is the list of brands Deloitte believes require the most trademark protection under ICANN’s new TLD process.
.CO Internet is already using the list during its sunrise period for the .co domain.
Michele Neylon of Blacknight has found some more vulnerable servers over here.
dotSport complains to ICANN about other .sports
One of the companies that intends to apply for the .sport top-level domain has written to ICANN, begging that it does not approve any TLDs for individual sports.
dotSport’s Policy Advisory Committee, which appears to think it already has rights in the .sport string, said ICANN should respect “sport solidarity”.
In other words, please don’t allow .tennis or .golf to be approved.
The company wrote:
The PAC members reiterate our concern that ICANN may be prematurely entertaining a process that will allow proliferation of names in sub-categories or individual sports, which will lead to a number of detrimental effects
The detrimental effects, referenced in this letter last August, basically boil down to the potential for user confusion and the need for defensive registrations by sports teams and personalities.
You could apply the same arguments to pretty much any potential new TLD – what would .music mean for the .hiphop community?
The dotSport PAC is filled with high-level appointees from more than half a dozen sports federations, representing sports from basketball to rugby to archery, so its views are far from irrelevant.
Its position appears to be that the DNS hierarchy should be used for taxonomic purposes, at least when it comes to sports.
It’s an argument that was floated all the way back in the 2000 round of TLD applications, and probably before.
Purely from a marketing point of view, it seems like a self-defeating objective to mandate the use of www.example.hockey.sport when www.example.hockey is an option.
The main example of such a mandatory multi-level taxonomy, the old-style .us ccTLD, was a spectacular commercial failure.
Could it be that dotSport wants to be the registry for all .sports for the price of one? It certainly appears that way.
DotAsia wants lower ICANN fees
As its active base of .asia domain name registrations continues to plummet, the DotAsia Organization wants to reduce its ICANN fees by a third.
CEO Edmon Chung has written to ICANN’s Kurt Pritz, asking if the annual transaction fee it pays per domain can be reduced from $0.75 to $0.50.
“A lower fee would enable DotAsia to invest further into meaningful community projects as well as to extend the awareness and adoption of the .ASIA domain,” Chung wrote. “The suggested amendment would also bring the fees into line with other gTLDs.”
I don’t expect the proposed changes to be especially controversial, but they do highlight how tough it is to launch a new TLD.
The .asia TLD has proved to be a bit of a damp squib, especially since the early-mover speculators started jumping ship, so the company could probably use being thrown a bone.
After .asia’s landrush, the company grew its registration base to a peak of 243,000 in April 2009, according to HosterStats.com, but it currently stands at around 183,000.
.CO Internet scores TechCrunch marketing coup with Disrupt.co
The newly relaunched .co domain has won itself a whole bunch of free publicity by signing up TechCrunch to its Founders Program.
The tech news blog will use the domain Disrupt.co as part of its startup conference of the same name that kicks off today.
The web site will host “Startup Battlefield”, a competition during TechCrunch Disrupt for new companies and services.
.CO Internet is marketing Colombia’s .co ccTLD as a generic. The launch is currently in its trademark sunrise period, with registrations opening to other registrants next month.
Its Founders Program is a marketing scheme designed to get the word out about the availability of .co domains. Few partners could be as useful to this end as TechCrunch.
Founders get a free premium domain if they promise to promote it properly. CO Internet is still looking for more partners, with applications closing June 15.
I expect disrupt.com, currently parked, will also be getting a lot of traffic today.
UrbanBrain proposes first properly generic new gTLD
Japanese registry wannabe UrbanBrain will apply for .site under ICANN’s first round of new top-level domain applications.
Of all the registries to so far show their hands for the new TLD round, .site is probably the first that could properly be described as both new and “generic”.
UrbanBrain said the namespace will be targeted at “Internet users, hobbyists, and business owners”. A pretty generic constituency.
Also, the dotSiTE launch page currently contains a bullet-pointed list of three reasons why .site will indeed be as generic as they come.
The dotSiTE internet extension is full of possibilities.
* Optimize your SiTE with great keywords
* Some other text
* Another reason
All the other 100-odd new TLD applications to have been publicly disclosed to date address specific geographical, cultural or niche interest markets.
There are also two (for now) applications for .web, which I’m not counting as “new” gTLD applications because they’ve been on the table for over a decade.
UrbanBrain is affiliated with Japanese ISP Interlink, and registry-in-a-box venture RegistryASP.
Go Daddy tech support is a cash cow
Go Daddy’s call center support staff make the company hundreds of thousands of dollars a day in up-sells, according to documents revealed as part of an employee class-action lawsuit.
I covered the lawsuit (PDF), filed by three former Go Daddy employees, for The Register on Friday.
One of the plaintiffs, Toby Harris, was fired after he leaked “confidential” screenshots of the company’s CRM system to his home email address.
I’m not going to get into the details of the lawsuit, which concerns labor practices, here.
But the screenshots, which offer a bit of insight into how much revenue these front-line call center staff make for Go Daddy, are worth looking at.
According to one, Harris delivered over $10,000 in gross sales for the company over nine working days in January, taking about 5% of that for himself in commission.
Not bad for a rookie $12-an-hour support guy, considering how cheap most Go Daddy products are.
Another CRM screen shows the performance of a couple dozen members of Harris’ team, including how much commission they made over a two-week period and how many customer calls they handled.
These 23 employees made between $1,290 and $255 in commissions over the period, averaging $564 each, dealing with on average 31 calls each per day.
If that’s 5% of the gross, over 10 business days, you could try to extrapolate some company-wide data, but the screenshot probably represents too small a sample to make any precise calculations.
Still, it’s pretty clear that that a substantial chunk of Go Daddy’s revenue is generated by call center staff.
Harris told me he was expected to shift $250 to $450 worth of product every day, the equivalent of selling at least one new $8 domain name to every caller.
Domain Name Wire reported last December that the company had 1,600 support staff. At the low end of $250 a day, that would equate to $400,000 a day or $146 million a year from the phones alone.
I guess I found this a little surprising because while I always knew Go Daddy’s web site was a cash machine, I had assumed its call center spent most of its time providing technical support.
As a customer, I often wondered how the company managed to run such a high-quality support service on such a pitifully low-margin loss-leader.
Now I know. Judging by these leaked numbers, those guys more than pay for themselves.
Verizon hires investigator to track down DirectNIC bosses
Verizon has won a delay in its cybersquatting lawsuit against domain registrar DirectNIC, because it can’t seem to track down and serve its CEO, Sigmund Solares.
In its latest filings with the Florida District Court, Verizon says that it had to hire a private detective to track down DirectNIC director Michael Gardner, and ended up serving his wife instead.
But, two months after filing the suit, the company still hasn’t managed to track down Solares.
“Plaintiff continues to diligently attempt to serve the lone remaining Defendant yet to be served, Sigmund Solares… Plaintiffs continue to diligently try to locate and serve this Defendant.”
DirectNIC, previously known as Intercosmos Media Group, relocated to the Cayman Islands from New Orleans in 2008, which may explain some of Verizon’s difficulty.
Indeed, when Verizon turned up to serve the company in New Orleans, it found its old office (from where employees attracted global attention for live-blogging Hurricane Katrina) closed.
Verizon sued DirectNIC, along with several directors and alleged aliases, in March, claiming they had squatted on at least 288 domains that included Verizon trademarks.
The case is of note because Verizon alleges that DirectNIC broke US cybersquatting laws when it parked expired domains that contained Verizon trademarks.
Parking pre-delete expired names is a common practice among registrars, which makes the lawsuit puzzling.
But Verizon does appear to be digging for something else, its complaint suggesting a connection between DirectNIC and its nominal registrants that may not be entirely kosher.
Without legal discovery, its hunches could go nowhere. And before Solares is served, it cannot proceed to discovery.
The court has granted an extension until late August, or 30 days after Solares is served, for the first case management meeting.
Africa gets its third ICANN registrar
It’s been over eight years since ICANN held its public meeting in Accra, but only now has Ghana got its first accredited domain name registrar.
Ghana Dot Com becomes Africa’s third ICANN-approved registrar, the first new accreditation on the continent since 2007.
The first African registrar was Burundi’s AfriRegister, the second Kheweul.com of Senegal.
Ghana Dot Com appears to be the dba of Network Computer Systems Ltd, the ISP that already manages Ghana’s .gh ccTLD.
Its chairman, Nii Quaynor, is a former member of the ICANN board of directors, elected in 2000 and serving until 2003.
Ghana has about 23 million citizens and almost one million internet users, according to InternetWorldStats.com.
Will VeriSign change its name?
VeriSign’s $1.3 billion sale of its SSL business to Symantec yesterday means not only that the company will be almost entirely focussed on domain names, but also that it will no longer “sign” anything.
The word “VeriSign” will cease to describe what the company does, so will it change its name?
The idea could make sense, given that the services Symantec bought are all about trusting the VeriSign brand, and Symantec has acquired certain rights to use that brand.
Under the deal, Symantec is allowed to use the VeriSign name in authentication services such as the VeriSign Trust Seal. The company plans to incorporate “VeriSign” into a new Symantec trust logo.
VeriSign boss Mark McLaughlin said on a conference call yesterday that Symantec is buying certain VeriSign trademarks, such as Thawte and GeoTrust, but that VeriSign will stay VeriSign.
Symantec will be able to use the VeriSign brand in its logos for a “transition period of time over a number of years”, McLaughlin said.
On the one hand, there’s a potential for a certain degree of confusion that might persuade VeriSign to brand itself afresh. On the other, corporate rebranding is not cheap.
I suppose, if it does choose to rename itself, it had better hope that its first choice of .com is available.
ICANN says no to Bulgarian ccTLD
Bulgaria can not have a localized-script version of its country-code domain .bg, because it looks too much like Brazil’s current ccTLD.
Bulgarian business daily Dnevnik is reporting that ICANN has turned down Bulgaria’s request for .бг, the Cyrillic translation of .bg, because it looks very much like .br.
Part of ICANN’s internationalized domain name fast-track process checks whether applied-for strings could be visually confusing. Clearly, this is one of them.
Russia, Egypt, Saudi Arabia and the United Arab Emirates have already passed the test and have active IDN ccTLDs.
The Bulgarians are not giving up, however. Dnevnik reports that the country will most likely apply for .бгр instead.
Recent Comments