Recent Posts
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
eNom called world’s most “abusive” registrar
A small security firm has singled out eNom as the domain name registrar and web host with the most criminal activity on its network.
HostExploit released a report today claiming the concentration of “badware” on the network belonging to eNom and its soon-to-be-public parent Demand Media is “exceptionally high”.
The claim is based on the proportion of dodgy sites on eNom’s network relative to its size, rather than the actual quantity.
The report says the Demand-owned autonomous system AS21740 has the fifth-highest amount of badware and the sixth-highest number of botnet command and control servers.
It goes on to say that the four or five AS’s with larger amounts of malware are themselves between 10 and 7,500 larger than eNom, as measured by address space.
The report, which I’m guessing HostExploit released to coincide with the hype around Demand Media’s upcoming IPO, draws heavily on existing research, such as this recent KnuJon registrar report (pdf).
It also uses stats from Google-backed StopBadware.org to demonstrate that eNom hosts a disproportionately large number of malware-serving URLs.
According to StopBadware, Go Daddy actually hosts more bad URLs than eNom – 10,797 versus 7,429 – but Go Daddy’s market share is of course over three times larger.
According to WebHosting.info, eNom currently has 9.5 million domains under management, compared to Go Daddy’s 35.2 million.
In Demand Media’s IPO registration statement, filed last Friday, the company acknowledges that it sometimes gets bad publicity but says it’s caught between a rock and a hard place.
We do not monitor or review the appropriateness of the domain names we register for our customers or the content of our network of customer websites, and we have no control over the activities in which our customers engage.
While we have policies in place to terminate domain names if presented with a court order or governmental injunction, we have in the past been publicly criticized for not being more proactive in this area by consumer watchdogs and we may encounter similar criticism in the future. This criticism could harm our reputation.
Conversely, were we to terminate a domain name registration in the absence of legal compulsion, we could be criticized for prematurely and improperly terminating a domain name registered by a customer.
Some Skype domain names still owned by ex-employees
Oops! A number of Skype’s domain names are still registered in the names of people who no longer work for the company.
The embarrassing oversight was revealed in the company’s S-1 registration statement (huge HTML file), filed yesterday as the company prepares to launch its IPO.
Here’s the relevant section, with my emphasis.
Third parties have registered domain names that contain the Skype trademark without our consent, and a small proportion of the Skype domain names are registered in the names of our former employees rather than in our name. While we are seeking to have these domain names transferred to us, we may not be successful and to the extent that Skype domain names are not under our control in certain countries, it could hinder our marketing efforts, cause confusion to our users and may harm our reputation in those countries if those domain names are used in ways unrelated to our business or in ways with which we would not agree.
The company appears to be having a hard time protecting its brand in the offline world, too.
According to the S-1, News Corp arm BskyB, which runs Sky TV in the UK, has been objecting to Skype’s trademark applications, and it recently manage to block one such application in the EU.
It’s also having problems getting trademark protection in Asia, where others have registered very similar marks.
DotFree wants to give away .free domains
A Czech company has become the latest to say it will apply for a new top-level domain, but it’s got a unique twist – domain registration will be free.
The dotFree Group, based near Prague, says it will apply for .free and offer the domains free of charge.
.FREE is going to be a generic Top Level Domain, which is going to be available for free, as the name itself says. Individuals, companies, organizations, groups, etc. are going to be able to register their .FREE website under a desirable name.
Can: open. Worms: everywhere.
- How many registrars will actually want to carry this TLD?
- How will dotFree fund its ICANN application fee and ongoing running costs?
- Will there be a landrush? How will that work?
- Will there be an after-market? With a no-risk investment, .free would be a domainer’s paradise.
- How will the registry prevent rampant abuse by spammers?
- Are these guys serious?
I’ve got a call in, so maybe we’ll find out more soon.
The dotFree Group already offers free domain names at the third level under cz.cc, and sells a pricey script so anyone can become a “registrar”.
The company sounds like it already has the infrastructure to support a small TLD.There are apparently 50,000 .cz.cc domains registered today, which already makes it bigger than some gTLDs.
(Hat tip: @dotRadio)
Iron Mountain beds another registry
Iron Mountain puts itself about a bit, doesn’t it?
The company has signed a co-referral deal with wannabe new top-level domain registry operator UrbanBrain. The deal appears identical to one it inked with Central Registry Solutions in May.
Under these deals, Iron Mountain will refer potential TLD applicants to UrbanBrain (or CRS) and the registries will refer their clients to Iron Mountain for data escrow services.
The press releases don’t make it clear under what circumstances clients will be referred to UrbanBrain versus CRS, but given UrbanBrain is Japanese it could be along geographical lines.
Again, I ask: who benefits most?
My guess is still Iron Mountain, which has already got a pretty tight grip on the ICANN-mandated data escrow market. I can’t see it sending as much traffic to the registries as it receives.
Domainers get love, but no refunds for .co cybersquatters
.CO Internet has ramped up its anti-cybersquatter messaging, promising no refunds for trademark-infringing .co registrants, no matter how much they paid for their domains.
An “Open Letter to .co Domain Registrants”, published by the company yesterday, also contains a shout-out to domainers, which I think may be a first from a domain registry.
The letter points out, as I have previously, that .co is subject to the UDRP on the same terms as other TLDs including .com.
The outcome of a UDRP proceeding is binding, and no refunds will be given under any circumstances — regardless of how much money you may have paid to secure the domain; whether the domain was acquired directly via a domain registrar or through a domain auction venue; and whether you were unaware that you had infringed on someone else’s rights.
There’s similar text on the front page of COauctions.com, where the registry is currently auctioning off contested landrush applications.
Is this just a matter of legal ass-covering? Or are there some gray-area domains in the landrush auction?
Despite all the promotional work the registry performed in the run-up to general availability, there are still plenty of people who seemed to believe .co represented new, lawless territory.
The letter ends with the statement that “.CO Internet is committed to protecting the rights of brand owners, domain investors, and end users.”
Domainers getting some love in the same breath as brand owners is not something you hear every day, particularly from registries.
.CO landrush auctions kick off today
.CO Internet has today started auctioning off domain names that had multiple applicants during the .co landrush earlier this summer.
According to the company, over 2,500 names will be auctioned over the next four weeks. The top three most-contested names were Slots.co, Insure.co and Denver.co.
Other notable .CO domain names up for auction include Mexi.co, America.co, Betting.co, Vitamins.co, UsedCars.co, Happy.co, Ebook.co and Jackpot.co.
Registrants who applied for one of the contested domains need to sign up at www.COauctions.co.
There have been almost 410,000 .co registrations since the Colombian country-code domain was opened up to international registrants last month.
So far, the biggest seller has been o.co, sold to Overstock for $350,000.
Given that slots.com sold for $5.5 million, it seems likely that slots.co could fetch something in five figures or beyond.
McAfee calls for ICANN spam crackdown
The security company McAfee has claimed that ICANN needs to try harder in the fight against spam by cracking down on rogue registrars.
In a report released today, the company makes the bold assertion that ICANN “holds the trump card to the spam problem” and that it should step up its compliance efforts.
Although ICANN cannot stop spam itself and does not link spammers to the Internet, it does accredit the registrars that sell the domains that cybercriminals use to fill our inboxes with advertisements and malware
McAfee notes that ICANN has previously de-accredited spammer-friendly registrars such as the notorious EstDomains, but that it needs to do more.
ICANN needs to continue this trend against registrars that knowingly provide domain services to cybercriminals. The organization also needs to harden its policies that define under what circumstances an accreditation can be revoked, so that it can take quicker action against rogue registrars.
The claims come in a report entitled “Security Takes The Offensive”, available here.
The report does not lay all the blame for spam at ICANN’s door, of course. The author also goes after ISPs and the SMTP protocol itself.
The report does not point out that there are 250-odd TLDs over which ICANN has no registrar accreditation powers whatsoever.
Despite my best efforts with Google, I’ve been unable to find a single instance of McAfee publicly participating in ICANN policy-making, so I have to wonder how serious it is.
At least guys like KnuJon are not afraid to show up at meetings and stir things up a bit.
Domain name hijacker gets jail time
A man who hijacked Comcast’s domain name, causing hours of outages for the ISP’s customers, has been sentenced to four months in jail.
James Black, who went by the handle “Defiant”, will also have to serve 150 hours of community service, three years of supervised release, and pay Comcast $128,557 in restitution.
Assistant United States Attorney Kathryn Warma told the court:
Mr. Black and his Kryogenicks crew created risks to all of these millions of e-mail customers for the simple sake of boosting their own childish egos.
The attack took place over two years ago. Kryogenicks reportedly used a combination of social engineering and technical tricks to take over Comcast’s account at Network Solutions.
During the period of the hijacking, comcast.net redirected to the hacker’s page of choice. All Comcast webmail was unavailable for at least five hours.
DNS Made Easy whacked with 50Gbps attack
The managed DNS service provider DNS Made Easy was knocked offline for 90 minutes on Saturday by a distributed denial of service attack estimated at 50Gbps.
This could be the largest DDoS attack ever. The largest I’ve previous heard reported was 49Gbps.
The company, which promises 100% uptime, tweeted that the attack lasted eight hours, but only saw one and a half hours of downtime.
Here are some tweets from the company, starting on Saturday afternoon:
Out of China. Over 20 Gbps…. Don’t really know how big actually. But it’s big. We know it’s over 20 Gbps
Update…. Over 50 Gbps… we think. Since core Tier1 routers are being flooded in multiple cities…..
Trying to organize emergency meeting with all Tier1 providers. We probably have over 50 senior network admins looking into this.
This is flooding the provider’s backbones. By far the largest attack we have had to fight in history.
And, post-attack:
The good: Not everyone was down, not all locations were down at once. The bad: There were temporary regional outages.
Almost back to normal in all locations. Full explanation, details, and SLA credits will be given to all users as soon as possible.
We did not see a 6.5 hour long outage. That would be ultra-long. DDOS attack was 8 hours. Less than 1.5 hours of actual downtime.
It will prove costly. The company’s service level agreement promises to credit all accounts for 500% of any downtime its customers experience.
Quite often in these cases the target of the attack is a single domain. Twitter and Facebook have both suffered performance problems in the past after attackers went after a single user for political reasons.
For a DNS provider, any single domain they host could be such a target. I’d be interested to know if that was the case in this incident.
Digging for dirt in the Demand Media IPO – roundup
Demand Media, parent of second-largest domain name registrar eNom, has filed to go public, and the publication of its S-1 registration document has given an unprecedented glimpse inside the company.
Unsurprisingly, the “content mill” part of Demand’s operation, which accounts for more than half of its revenue, has garnered the most media coverage over the weekend.
Demand says that the fact that is “transforming traditional content creation models” and is “frequently the subject of unflattering reports in the media about our business and our model.”
Reports of its IPO are no exception.
This report in DailyFinance.com observes that the key difference between Demand and traditional media is that Demand does it “at scale”, with some 10,000 writers producing 5,700 articles per day.
DaniWeb notes that Demand’s freelancers are “working for wages often well below industry standard to churn out content” and said the company is subject to “redundancies, inefficiencies and the reliance on trying to game Google”.
Others are more direct: “wtf: this is why the Internet is full of unreadable junk”
CNNMoney.com reports that Demand is “notorious” for paying as little as $15 per article, and that it can make a 58% return on a month’s articles over seven quarters.
As a freelancer reporter, I don’t like Demand’s model either. I think it devalues the profession. The S-1 reveals that the company is well aware that it’s also quite exploitative:
We believe that over the past two years our ability to attract and retain freelance content creators has benefited from the weak overall labor market and from the difficulties and resulting layoffs occurring in traditional media, particularly newspapers. We believe that this combination of circumstances is unlikely to continue and any change to the economy or the media jobs market may make it more difficult for us to attract and retain freelance content creators.
On the domain name side of the business, DomainNameWire was quickest off the mark, digging out the fact that eNom uses look-ups by prospective registrants to decide what articles might be profitable and what web sites it could develop.
The S-1 says:
These queries and look-ups provide insight into what consumers may be seeking online and represent a proprietary and valuable source of relevant information for our platform’s title generation algorithms and the algorithms we use to acquire undeveloped websites for our portfolio.
eNom has already said that this should NOT be interpreted as “front-running”. (apologies, the first version of this article accidentally omitted the word “not”)
Also found in the S-1, and already known from eNom’s registration agreement Ts & Cs, the company keeps some customers’ expired domain names for itself, if they have value.
I can remember a time not too many years ago when this kind of behavior was frowned upon.
DNW also points to the list of Demand’s subsidiaries. There are 146 of them, at least 100 of which are shells for ICANN registrar accreditations.
Others, such as Acquire This Name, which KnuJon had beef with (pdf) a year ago, act as eNom resellers.
Looking at the financials, All Things Digital gently mocks the company’s reliance on non-standard “Adjusted OIBDA” numbers in its S-1 to make the company appear profitable.
Meanwhile, Mike Berkens at TheDomains is incredulous looking at the amount of money Demand has lost since its inception: some $52 million.
Recent Comments