Recent Posts
- Americans and ICANNers avoid Kigali in droves
- RDRS stats improve a little in June
- Unstoppable Domains goes down after domain hijack
- Four more gTLDs in emergency measures
- New gTLDs and ccTLDs drive domain universe growth
- Eight interesting recent dot-brand registrations
- .me premium sales down
- Pride fails to reverse gay domains decline
- Unstoppable announces another new gTLD bid
- Blockchain naming firm gets ICANN accreditation
- ICANN takes over gTLD after Whois failures
- Verisign: would-be .com contract killers are “wrong”
- Five gTLDs at risk as registry goes AWOL
- Groups make flawed case that .com is a cartel
- RDRS usage hits all-time low
- A dot-brand so unloved they killed it twice
- PorkBun hits two million domain milestone
- Crawford returns to industry to head up Com Laude
- ICANN financial data dump a damp squib?
- Unstoppable plotting manga-themed gTLDs
- Governments call for new gTLD auctions ban
- ICANN names new CEO, and it isn’t Costerton
- ICANN: We will NOT police content
- More sticker shock as new gTLD fees could top $300,000
- ICANN slashes staff and domain prices could rise
- Secret new gTLD application revealed
- WhatsApp now linkifying new gTLDs, but…
- Outrage over ICANN’s new gTLD fees
- Barrett gets second term on ICANN board
- DotMusic delays gTLD launch again
- .tm prices to skyrocket next week
- Bitcoin gTLD gets launch dates
- First metaverse gTLD is announced
- Alibaba off the naughty step
- ICANN to kill auction fund bylaws change
- The people have spoken on RDRS and they said “Meh”
- ICANN restarts work on controversial Whois privacy rules
- GNSO mulls lawyering up over auction fund dispute
- Jury still out on ICANN’s content policing powers
- It now takes TWO WEEKS to get a Whois record with RDRS
- Travel expenses push ICANN into the red again
- ICANN preparing for ONE HUNDRED registry back-ends
- DNS Abuse Institute changes name
- A new way to game the new gTLD program
- .home, .mail and .corp could get unbanned
- Unstoppable to apply for Women in Tech gTLD
- Bob Parsons publishes autobiography
- GoDaddy getting a free pass from porn jail?
- Correction: Sinha’s seat is safe
- Chinese domains plummet again in 2023
- GoDaddy price increases lead to revenue growth
- D3 announces seventh blockchain gTLD client
- Taylor Swift applies for her .post domain
- .ad domains to go global soon
- Single-letter .com case back in court
- ICANN to slash costs as Verisign’s magic money tree dries up
- Community revolts over ICANN’s auction proceeds power grab
- Two seats up for grabs on Nominet board
- War takes steep toll on .ua domains
- .de worst TLD for CSAM — report
- .com still shrinking because of China
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- .my domains to be sold globally next month
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
ICANN flips off governments over Whois privacy
ICANN has formally extended its middle finger to its Governmental Advisory Committee for only the third time, telling the GAC that it cannot comply with its advice on Whois privacy.
It’s triggered a clause in its bylaws used to force both parties to the table for urgent talks, first used when ICANN clashed with the GAC on approving .xxx back in 2010.
The ICANN board of directors has decided that it cannot accept nine of the 10 bulleted items of formal advice on compliance with the General Data Protection Regulation that the GAC provided after its meetings in Puerto Rico in March.
Among that advice is a direction that public Whois records should continue to contain the email address of the registrant after GDPR goes into effect May 25, and that parties with a “legitimate purpose” in Whois data should continue to get access.
Of the 10 pieces of advice, ICANN proposes kicking eight of them down the road to be dealt with at a later date.
It’s given the GAC a face-saving way to back away from these items by clarifying that they refer not to the “interim” Whois model likely to come into effect at the GDPR deadline, but to the “ultimate” model that could come into effect a year later after the ICANN community’s got its shit together.
Attempting to retcon GAC advice is not unusual when ICANN disagrees with its governments, but this time at least it’s being up-front about it.
ICANN chair Cherine Chalaby told GAC chair Manal Ismail:
Reaching a common understanding of the GAC’s advice in relation to the Interim Model (May 25) versus the Ultimate Model would greatly assist the Board’s deliberations on the GAC’s advice.
Of the remaining two items of advice, ICANN agrees with one and proposes immediate talks on the other.
One item, concerning the deployment of a Temporary Policy to enforce a uniform Whois on an emergency basis, ICANN says it can accept immediately. Indeed, the Temporary Policy route we first reported on a month ago now appears to be a done deal.
ICANN has asked the GAC for a teleconference this week to discuss the remaining item, which is:
Ensure continued access to the WHOIS, including non-public data, for users with a legitimate purpose, until the time when the interim WHOIS model is fully operational, on a mandatory basis for all contracted parties;
Basically, the GAC is trying to prevent the juicier bits of Whois from going dark for everyone, including the likes of law enforcement and trademark lawyers, two weeks from now.
The problem here is that while ICANN has tacit agreement from European data protection authorities that a tiered-access, accreditation-based model is probably a good idea, no such system currently exists and until very recently it’s not been something in which ICANN has invested a lot of focus.
A hundred or so members of the ICANN community, led by IP lawyers who won’t take no for an answer, are currently working off-the-books on an interim accreditation model that could feasibly be used, but it is still subject to substantial debate.
In any event, it would be basically impossible for any agreed-upon accreditation solution to be implemented across the industry before May 25.
So ICANN has invoked its bylaws fuck-you powers for only the third time in its history.
The first time was when the GAC opposed .xxx for reasons lost in the mists of time back in 2010. The second was in 2014 when the GAC overstepped its powers and told ICANN to ignore the rest of the community on the issue of Red Cross related domains.
The board resolved at a meeting last Thursday:
the Board has determined that it may take an action that is not consistent or may not be consistent with the GAC’s advice in the San Juan Communiqué concerning the GDPR and ICANN’s proposed Interim GDPR Compliance Model, and hereby initiates the required Board-GAC Bylaws Consultation Process required in such an event. The Board will provide written notice to the GAC to initiate the process as required by the Bylaws Consultation Process.
Chalaby asked Ismail (pdf) for a call this week. I don’t know if that call has yet taken place, but given the short notice I expect it has not.
For the record, here’s the GAC’s GDPR advice from its Puerto Rico communique (pdf).
the GAC advises the ICANN Board to instruct the ICANN Organization to:
i. Ensure that the proposed interim model maintains current WHOIS requirements to the fullest extent possible;
ii. Provide a detailed rationale for the choices made in the interim model, explaining their necessity and proportionality in relation to the legitimate purposes identified;
iii. In particular, reconsider the proposal to hide the registrant email address as this may not be proportionate in view of the significant negative impact on law enforcement, cybersecurity and rights protection;
iv. Distinguish between legal and natural persons, allowing for public access to WHOIS data of legal entities, which are not in the remit of the GDPR;
v. Ensure continued access to the WHOIS, including non-public data, for users with a legitimate purpose, until the time when the interim WHOIS model is fully operational, on a mandatory basis for all contracted parties;
vi. Ensure that limitations in terms of query volume envisaged under an accreditation program balance realistic investigatory crossreferencing needs; and
vii. Ensure confidentiality of WHOIS queries by law enforcement agencies.
b. the GAC advises the ICANN Board to instruct the ICANN Organization to:
i. Complete the interim model as swiftly as possible, taking into account the advice above. Once the model is finalized, the GAC will complement ICANN’s outreach to the Article 29 Working Party, inviting them to provide their views;
ii. Consider the use of Temporary Policies and/or Special Amendments to ICANN’s standard Registry and Registrar contracts to mandate implementation of an interim model and a temporary access mechanism; and
iii. Assist in informing other national governments not represented in the GAC of the opportunity for individual governments, if they wish to do so, to provide information to ICANN on governmental users to ensure continued access to WHOIS.
Iceland breaks ranks on Whois, will publish emails
Iceland’s ccTLD has become what I believe is the first registry to state that it will continue to publish email addresses in public Whois records after the General Data Protection Regulation comes into effect.
The move seems to put the registry, ISNIC, in direct conflict with the opinions of European data protection authorities.
The company said in a statement last week that after GDPR comes into effect May 25 it will stop publishing almost all personal information about .is registrants in the public Whois.
However, it broke ranks with other European ccTLDs and the likely ruleset for ICANN-regulated gTLDs, by saying it would not expunge email addresses:
ISNIC will however, at least for the time being, continue to publish email addresses, country and techincal information of all NIC-handles associated with .is domains. Those customers (individuals) who have recorded a personally identifiable email address, and do not want it published, will need to change their .is WHOIS email address to something impersonal.
Registrants will be able to opt in to having their full details published.
ISNIC appears to be taking a principled stand against the Draconian regulation. It said in a statement:
Assuming that GDPR directive applies fully to the “WHOIS” service provided for decades by most ccTLD registries, these new restrictions will lead to less transparency in domain registrations and less trust in the domain registration system in general. ISNIC, as many others, strongly disagrees with the view of the European parlament [sic] in this matter and warns that GDPR, as it is being implemented, will neither lead to better privacy nor a safer network environment.
It’s a surprising decision, given that privacy regulators have indicated that they agree that email addresses are personal data that should not be published.
The Article 29 Working Party told ICANN earlier this month that it “welcomed” a proposal to replace email addresses with anonymized emails or web-based contact forms.
Bling-maker kills off fifth dot-brand gTLD
Richemont, the company behind brands such as Cartier jewelry and Mont Blanc pens, has terminated its fifth dot-brand gTLD.
It filed with ICANN to terminate its registry contract for .iwc earlier this month.
IWC is a Swiss brand of expensive watches, but its dot-brand has never been used to any notable extent.
The company had registered the domain watches.iwc, which it apparently planned to use for URL redirection via Rebrandly.
It’s the third gTLD Richemont has voluntarily terminated, after .montblanc and .chloe last year.
The company also withdrew its unopposed applications for .netaporter and .mrporter back in 2014, before it actually signed contracts with ICANN.
Richemont was one of the more prolific dot-brand applicants, applying for 14 gTLDs in total back in 2012.
It also applied for (defensively?) and won the generic .watches and some translations.
While the .watches gTLD has been live in the DNS for two and a half years, Richemont has not yet set a launch date and has not yet said who will even be eligible to buy domains there.
Marby ponders emergency powers to avoid fragmented Whois
ICANN could invoke emergency powers in its contracts to prevent Whois becoming “fragmented” after EU privacy laws kick in next month.
That’s a possibility that emerged during a DI interview with ICANN CEO Goran Marby yesterday.
Marby told us that he’s “cautiously optimistic” that European data protection authorities will soon provide clear guidance that will help the domain industry become compliant with the General Data Protection Regulation, which becomes fully effective May 25.
But he said that a lack of such guidance will lead to a situation where different companies provide different levels of public Whois.
“It’s a a high probability that Whois goes fragmented or that Whois will be in a sort of ‘thin’ model in which very little information is collected and very little information is displayed,” he said. “That’s a sort of worst-case scenario.”
I should note that the interview was conducted yesterday before news broke that Afilias has become the first major gTLD registry to announce its Whois output will be essentially thin — eschewing all registrant contact data — from May 25.
Marby has asked European DPAs for two things.
First, guidance on whether its “Cookbook” proposal for a dramatically scaled-back, GDPR-compliant Whois is in fact GDPR-compliant.
Second, an enforcement moratorium while registries and registrars actually go about implementing the Cookbook.
“If we don’t get guidance that’s clear enough, we will see a fragmented Whois. If we get guidance that is clear enough we can work it out,” Marby said.
A moratorium could enable Whois to carry on in its current state, or something close to it, while ICANN goes about creating a new policy that fits with the DPA’s guidance.
If the DPAs refuse a moratorium, we’re looking at a black hole of indeterminate duration during which nobody — not even law enforcement or self-appointed trademark cops — can easily access full Whois records.
“It’s not something I can do anything about, it’s really in the hands of the DPAs,” Marby said. “Remember that it’s the law.”
While ICANN has expended most of its effort to date on creating a model for the public Whois, there’s a parallel effort to create an accreditation program that would enable organizations with “legitimate purposes” to access full, or at least more complete, Whois records.
It’s the IP lawyers that are driving this effort, primarily, terrified that their ability to hunt down cybersquatters and bootleggers will be diminished come May 25.
ICANN has so far resisted calls to endorse the so-called “Cannoli” draft accreditation model, with Marby publicly saying that it needs cross-community support.
But the organization has committed staff support resources to discussion of Cannoli. There’s a new mailing list and there will be a community conference call this coming Friday at 1400 UTC.
Marby said that he shares the worries of the IP community, adding: “If we get the proper guidance from the DPAs, we will know how to sort out the accreditation model.”
He met with the Article 29 Working Party, comprised of DPAs, last week; the group agreed to put Whois on its agenda for its meeting next week, April 10-11.
The fact that it’s up for discussion is what gives Marby his cautious optimism that he will get the guidance he needs.
Assuming the DPAs deliver, ICANN is then in the predicament of having to figure out a way to enforce, via its contracts, a Whois system that is compliant with the DPAs’ interpretation of GDPR.
Usually, this would require a GNSO Policy Development Process leading to a binding Consensus Policy.
But Marby said ICANN’s board of directors has other options, such as what he called an “emergency policy”.
This is a reference, I believe, to the “Temporary Policies” clauses, which can be found in the Registrar Accreditation Agreement and Registry Agreement.
Such policies can be mandated by a super-majority vote of the board, would have to be narrowly tailored to solve the specific problem at hand, and could be in effect no longer than one year.
A temporary policy could be replaced by a compatible, community-created Consensus Policy.
It’s possible that a temporary policy could, for example, force Afilias and others to reverse their plans to switch to thin Whois.
But that’s perhaps getting ahead of ourselves.
Fact is, the advice the DPAs provide following their Article 29 meeting next week is what’s going to define Whois for the foreseeable future.
If the guidance is clear, the ICANN organization and community will have their direction of travel mapped out for them.
If it’s vague, wishy-washy, and non-committal, then it’s likely that only the European Court of Justice will be able to provide clarity. And that would take many years.
And whatever the DPAs say, Marby says it is “highly improbable” that Whois will continue to exist in its current form.
“The GDPR will have an effect on the Whois system. Not everybody will get access to the Whois system. Not everybody will have as easy access as before,” he said.
“That’s not a bug, that’s a feature of the legislation,” he said. “That’s not ICANN’s fault, it’s what the legislator thought when it made this legislation. It is the legislators’ intention to make sure people’s data is handled in a different way going forward, so it will have an effect.”
The community awaits the DPAs’ guidance with baited breath.
Community calls on ICANN to cut staff spending
ICANN should look internally to cut costs before swinging the scythe at the volunteer community.
That’s a key theme to emerge from many comments filed by the community last week on ICANN’s fiscal 2019 budget, which sees spending on staff increase even as revenue stagnates and cuts are made in other key areas.
ICANN said in January that it would have to cut $5 million from its budget for the year beginning July 1, 2018, largely due to a massive downwards revision in how many new gTLD domains it expects the industry to process.
At the same time, the organization said it will increase its payroll by $7.3 million, up to $76.8 million, with headcount swelling to 425 by the end of the fiscal year and staff receiving on average a 2% pay rise.
In comments filed on the budget, many community members questioned whether this growth can be justified.
Among the most diplomatic objections came from the GNSO Council, which said:
In principle, the GNSO Council believes that growth of staff numbers should only occur under explicit justification and replacements due to staff attrition should always occur with tight scrutiny; especially in times of stagnate funding levels.
The Council added that it is not convinced that the proposed budget funds the policy work it needs to do over the coming year.
The Registrars Stakeholder Group noted the increased headcount with concern and said:
Given the overall industry environment where organizations are being asked to do more with less, we are not convinced these additional positions are needed… The RrSG is not yet calling for cuts to ICANN Staff, we believe the organization should strive to maintain headcount at FY17 Actual year-end levels.
The RrSG shared the GNSO Council’s concern that policy work, ICANN’s raison d’etre, may suffer under the proposed budget.
The At-Large Advisory Committee said it “does not support the direction taken in this budget”, adding:
Specifically we see an increase in staff headcount and personnel costs while services to the community have been brutally cut. ICANN’s credibility rests upon the multistakeholder model, and cuts that jeopardize that model should not be made unless there are no alternatives and without due recognition of the impact.
…
Staff increases may well be justified, but we must do so we a real regard to costs and benefits, and these must be effectively communicated to the community
ALAC is concerned that the budget appears to cut funding to many projects that see ICANN reach out to, and fund participation by, non-industry potential community members.
Calling for “fiscal prudence”, the Intellectual Property Constituency said it “encourages ICANN to take a hard look at personnel costs and the use of outside professional services consultants.”
The IPC is also worried that ICANN may have underestimated the costs of its contractual compliance programs.
The Non-Commercial Stakeholders Group had some strong words:
The organisation’s headcount, and personnel costs, cannot continue to grow. We feel strongly that the proposal to grow headcount by 25 [Full-Time Employees] to 425 FTE in a year where revenue has stagnated cannot be justified.
…
With 73% of the overall budget now being spent on staff and professional services, there is an urgent need to see this spend decrease over time… there is a need to stop the growth in the size of the staff, and to review staff salaries, bonuses, and fringe benefits.
NCSG added that ICANN could perhaps reduce costs by relocating some positions from its high-cost Los Angeles headquarters to the “global south”, where the cost of living is more modest.
The ccNSO Strategic and Operational Planning Standing Committee was the only commentator, that I could find, to straight-up call for a freeze in staff pay rises. While also suggesting moving staff to less costly parts of the globe, it said:
The SOPC – as well as many other community stakeholders – seem to agree that ICANN staff are paid well enough, and sometimes even above market average. Considering the current DNS industry trends and forecasts, tougher action to further limit or even abolish the annual rise in compensation would send a strong positive signal to the community.
It’s been suggested that, when asked to find areas to cut, ICANN department heads prioritized retaining their own staff, which is why we’re seeing mainly cuts to community funding.
I’ve only summarized the comments filed by formal ICANN structures here. Other individuals and organizations filing comments in their own capacity expressed similar views.
I was unable to find a comment explicitly supporting increased staffing costs. Some groups, such as the Registries Stakeholder Group, did not address the issue directly.
While each commentator has their own reasons for wanting to protect the corner of the budget they tap into most often, it’s a rare moment when every segment of the community (commercial and non-commercial, domain industry and IP interests) seem to be on pretty much the same page on an issue.
Registries reject lower fees for anti-abuse prowess
Registries have largely rejected a proposal for them to be offered financial incentives to lower the amount of abuse in their gTLDs.
That’s despite the idea gaining broad support from governments, intellectual property interests and restricted-registration registries.
The concept of ICANN offering discounted fees to registries that proactively fight abuse was floated by the Competition, Consumer Trust, and Consumer Choice Review Team (CCT) back in November.
It recommended in its draft report, among other things:
Consider directing ICANN org, in its discussions with registries, to negotiate amendments to existing Registry Agreements, or in negotiations of new Registry Agreements associated with subsequent rounds of new gTLDs to include provisions in the agreements providing incentives, including financial incentives for registries, especially open registries, to adopt proactive anti-abuse measures.
“Proactive” in this case would mean measures such as preventing known bad actors from registering domains, rather than just waiting for complaints to be filed.
Given that registries have been calling for lower ICANN fees in other instances, one might expect to see support from that constituency.
However, the Registries Stakeholder Group said in a document filed to ICANN’s public comment period on the CCT’s latest recommendations that, it “opposes” the idea of such financial incentives. It said:
The RySG supports recognizing and supporting the many [registry operators] that take steps to discourage abuse, but opposes amending the RA as recommended, to mandate or incentivize ‘proactive’ anti-abuse measures.
The RySG complained that such a system would require lots of complex work to arrive at a definition of abuse and what kinds of measures would qualify as “proactive”.
Even if such definitions could be found, and amendments to the standard RA successfully negotiated, there’s still no guarantee that bad registries would sign up for the incentives or stick to their promises, “resulting in no net improvement to the current situation”, the RySG said.
The group is also concerned that adding more anti-abuse clauses to the RA could increase registries’ risk of liability should they be sued over abuse carried out by their customers.
Not all registries agreed with the RySG position, however.
The informal Verified Top-Level Domains Consortium, which comprises the two registries behind .bank, .insurance and .pharmacy, filed comments supporting the proposal.
It said that gTLDs with vetted eligibility requirements see no abuse but have lower registration volumes and therefore pay higher ICANN fees on a per-domain basis. It said:
ICANN should help to offset these costs to create a more level playing field with high-volume unrestricted registries, i.e., to enhance competition as well as consumer trust. If ICANN made it more financially advantageous to verify eligibility, other registries may be encouraged to adopt this model. The outcome would be the elimination of abuse in these verified TLDs.
Outside of the industry itself, the Governmental Advisory Committee and IP interests such as the Intellectual Property Constituency and INTA, filed comments supporting anti-abuse incentives.
The IPC “strongly” supported the recommendation, but added that the finer details would need to be worked out to ensure that lower ICANN fees did not translate automatically to lower registration fees and therefore more abuse.
Shocking nobody, it added that “abuse” should include intellectual property infringements.
Conversely, the Non-Commercial Stakeholders Group said it “strongly” opposes the recommendation, on the basis that it would push ICANN into a “content policeman” role in violation of its technical mandate:
ICANN is not a US Federal Trade Commission or an anti-fraud unit or regulatory unit of any government. Providing guidance, negotiation and worse yet, financial incentives to ICANN-contracted registries for anti-abuse measures is completely outside of our competence, goals and mandates. Such acts would bring ICANN straight into the very content issues that passionately divide countries — including speech laws, competition laws, content laws of all types. It would invalidate ICANN commitments to ourselves and the global community. It would make ICANN the policemen of the Internet, not the guardians of the infrastructure. It is a role we have sworn not to undertake; a role beyond our technical expertise; and a recommendation we must not accept.
Also opposed to incentivizing anti-abuse measures was the Messaging, Malware and Mobile Anti-Abuse Working Group (an independent entity, not an ICANN working group), which said there’s no data to support such a recommendation.
The reports provide no data that showcase what the implications of altering the economic underpinnings of a highly competitive market may entail, including inadvertent side effects such as registries that already sell low price domains being rewarded with lower ICANN fees. In fact, it may ultimately result in a race to the bottom and higher rates of domain abuse.
Instead, M3AAWG said that ICANN should concentrate is contractual compliance efforts on those registries that the data shows already have large amounts of abuse — presumably meaning the likes of .top, .gdn and the Famous Four Media stable.
ICANN itself filed a comment on the proposal, pointing out that it is not able to unilaterally impose anti-abuse measures into registry agreements.
One imagines that lowering fees at a time when its own budget is under a lot of pressure would probably not be something ICANN would be eager to implement.
These comments and more were summarized in ICANN’s report on the CCT public comment period, published yesterday. The comments themselves can be found here.
The comments feed back into the CCT review team’s work ahead of its final report, which is due to be published some time during Q1.
Under its bylaws, the CCT review is one of the things that ICANN has to complete before it opens the next round of new gTLD applications.
Ramchandani promoted to Radix CEO
New gTLD registry Radix has appointed long-time business head Sandeep Ramchandani as CEO.
He’s replacing Bhavin Turakhia, who is CEO of parent company Directi and executive chairman of Radix.
Ramchandani had a lot of autonomy as business head and VP of the company and, in my view, has been basically CEO in all but name for years. I’ve accidentally called him CEO in the pages of DI more than once.
In a press release, he said: “Just as the first few years of Radix were about demonstrating proof of concept, the next few will be about growing awareness and delivering accelerated growth. We are also actively looking to acquire more TLD assets to reach newer segments of the market while leveraging economies of scale.”
The company has a portfolio of nine gTLDs, including .website, .store and .online, and recently announced that its 2017 revenue topped $12 million.
Active new gTLD domains drop below 20 million
The number of domain names recorded in new gTLD zone files has dipped below 20 million for the first time in 18 months.
The total crossed the milestone in the wrong direction January 1, according to DI’s records.
As of today, there are 19.8 million domains in zone files, down from a peak of 26 million in March 2017.
The count has gone down by about half a million names in the last 90 days, largely as a result of declines in .top, .xyz and .kiwi, which have each recorded six-figure losses.
It’s the first time that the zone files have showed the number of domains going below 20 million since the beginning of June 2016, when XYZ.com sold millions of .xyz domains for a penny each. Most of those names did not renew a year later.
Zone files do not record every domain that has been registered, just those with active name servers. Others may be registered but unused or on hold for various reasons.
SpamHaus ranks most-botted TLDs and registrars
Namecheap and Uniregistry have emerged as two of the most-abused domain name companies, using statistics on botnet command and control centers released by SpamHaus this week.
SpamHaus data shows that over a quarter of all botnet C&Cs found during the year were using NameCheap as their registrar.
It also shows that almost 1% of domains registered in Uniregistry’s .click are used as C&Cs.
The spam-fighting outfit said it discovered “almost 50,000” domains in 2017 that were registered for the purpose of controlling botnets.
Comparable data for 2016 was not published a year ago, but if you go back a few years, SpamHaus reported that there were just 3,793 such domains in 2014.
Neither number includes compromised domains or free subdomains.
The TLD with the most botnet abuse was of course .com, with 14,218 domains used as C&C servers. It was followed by Directi’s .pw (8,587) and Afilias’ .info (3,707).
When taking into account the relative size of the TLDs, SpamHaus fingered Russian ccTLD .ru as the “most heavily abused” TLD, but its numbers don’t ring true to me.
With 1,370 botnet controllers and about five and a half million domains, .ru’s abused domains would be around 0.03%.
But if you look at .click, with 1,256 botnet C&Cs and 131,000 domains (as of September), that number is very close to 1%. When it comes to botnets, that’s a high number.
In fact, using SpamHaus numbers and September registry reports of total domains under management, it seems that .work, .space, .website, .top, .pro, .biz, .info, .xyz, .bid and .online all have higher levels of botnet abuse than .ru, though in absolute numbers some have fewer abused domains.
In terms of registrars, Namecheap was the runaway loser, with a whopping 11,878 domains used to control botnets. 
While SpamHaus acknowledges that the size of the registrar has a bearing on abuse levels, it’s worth noting that GoDaddy — by far the biggest registrar, but well-staffed with over-zealous abuse guys — does not even feature on the top 20 list here.
SpamHaus wrote:
While the total numbers of botnet domains at the registrar might appear large, the registrar does not necessarily support cybercriminals. Registrars simply can’t detect all fraudulent registrations or registrations of domains for criminal use before those domains go live. The “life span” of criminal domains on legitimate, well-run, registrars tends to be quite short.
However, other much smaller registrars that you might never have heard of (like Shinjiru or WebNic) appear on this same list. Several of these registrars have an extremely high proportion of cybercrime domains registered through them. Like ISPs with high numbers of botnet controllers, these registrars usually have no or limited abuse staff, poor abuse detection processes, and some either do not or cannot accept takedown requests except by a legal order from the local government or a local court.
The SpamHaus report, which you can read here, concludes with a call for registries and registrars to take more action to shut down repeat offenders, saying it is “embarrassing” that some registrars allow perpetrators to register domains for abuse over and over and over again.
Radix says it’s profitable after making $12 million this year
New gTLD stable Radix said today that it expects to top $12 million in revenue this year.
The company also told DI that it is currently profitable.
Radix, which counts the likes of .site and .store among its portfolio of nine active gTLDs, said revenue so far for the calendar year has been tallied at $11.7 million.
The company said that more than half of revenue came from “non-premium domain renewals”, an important metric when considering the long-term health of a domain business.
Recurring revenue of non-premiums was almost twice as much as new registrations, Radix said. Only $1.76 million of revenue came from premium sales (14%) and renewals (86%).
The US accounted for just under half of revenue, with Germany at 14.4% and China, where .site was fully active for the whole year and four other TLDs were approved in October, coming in at 7.7%.
Radix is a private company, part of the Directi Group, and has not previously disclosed its financials.
Assuming apples-to-apples comparisons are valid (which may not be the case), its figures compare favorably to public competitors such as MMX, which expects to report 2017 in the same ball-park despite having more than twice as many gTLDs under management.
Recent Comments