Latest news of the domain name industry

Recent Posts

Domain industry had best April ever under lockdown

Kevin Murphy, August 10, 2020, Domain Registries

The domain industry had its best April ever in terms of new domains sold in gTLDs, according to my tally, despite much of the Western world spending the month in coronavirus lockdown.

There were a total of 5,291,077 domain adds in April, across all 1,253 gTLDs currently filing transaction reports with ICANN.

That’s up almost 100,000 on the 5,191,880 adds in April 2019 and the best April since the first new gTLDs started coming into circulation in 2013.

[table “60” not found /]

While a measly 100k jump may be less impressive than expected based on the enthusiastic descriptions of the lockdown bump coming from registries and registrars over the last few months, it makes a bit more sense when you factor out Chinese volume success story .icu.

.icu, currently the largest of the new gTLDs, was having a bit of a growth spurt at the start of 2019, and added 267,287 domains in April last year. That was down to 56,714 this April. The TLD has been declining for the last few months.

Looking at the TLDs that seem most obviously related to lockdown, the standout is .bar, which added 26,175 names this April, compared to just 151 a year ago.

It’s been well-reported that many restaurants and bars affected by coronavirus switched to online ordering and home delivery, and .bar appears to be a strong beneficiary of this trend.

.bar currently has more than 100,000 names in its zone file, roughly double its pre-lockdown level.

.com fared well, adding 3,382,029 domains this April, compared to 3,360,238 in the year-ago period.

But .xyz did better, relatively, adding 256,271 names, compared to 200,003 a year earlier.

Also noteworthy was .buzz, which has been performing very strongly over the last 12 months. It added 60,808 names this April, compared to just a few hundred.

This table shows the 20 gTLDs with the most adds in April 2020, with their April 2019 numbers for comparison.

[table “61” not found /]

ICANN close to becoming $200 million gift-giver

Kevin Murphy, July 27, 2020, Domain Policy

Remember how ICANN raised hundreds of millions of dollars auctioning off new gTLD contracts, with only the vaguest of ideas how to spend the cash? Well, it’s coming pretty close to figuring out where the money goes.

The GNSO Council approved a plan last Thursday that will turn ICANN into a giver of grants, with some $211 million at its initial disposal.

And the plan so far does not exclude ICANN itself for applying to use the funds.

The plan calls for the creation of a new Independent Project Applications Evaluation Panel, which would be charged with deciding whether to approve applications for this auction cash.

Each project would have to fit these criteria:

  • Benefit the development, distribution, evolution and structures/projects that support the Internet’s unique identifier systems;
  • Benefit capacity building and underserved populations, or;
  • Benefit the open and interoperable Internet

Examples given include improving language services, providing PhD scholarships, and supporting TLD registries and registrars in the developing world.

The evaluation panel would be selected “based on their grant-making expertise, ability to demonstrate independence over time, and relevant knowledge.” Diversity would also be considered.

While existing ICANN community members would not be banned from being on the panel, it’s being strongly discouraged. The plan over and over again stresses how there must be rigorous conflict-of-interest rules in place.

What’s less clear right now is what role ICANN will play in the distribution of funds.

The Cross-Community Working Group that came up with the proposal offers three possible mechanisms, but there was no strong consensus on any of them.

The one being pushed, “Mechanism A”, would see ICANN org create a new department — potentially employing as many as 20 new staff — to oversee applications and the evaluation panel.

Mechanism B would see the same department created, but it would work with an existing independent non-profit third party.

Mechanism C would see the function offloaded to a newly created “ICANN Foundation”, but ICANN’s lawyers are not keen on this idea.

The Intellectual Property Constituency was the lone dissenting voice at Thursday’s GNSO Council vote. The IPC says that support for Mechanism A actually came from a minority of CCWG participants, depending on how you count the votes.

It thinks that ICANN should divorce itself as far as possible from the administration of funds, and that not to do so creates the “unreasonable risk” of ICANN being perceived as “self-dealing”.

But as the plan stands, ICANN is free too plunder the auction funds at will anyway. ICANN’s board of directors said as long ago as 2018:

ICANN maintains legal and fiduciary responsibility over the funds, and the directors and officers have an obligation to protect the organization through the use of available resources. In such a case, while ICANN would not be required to apply for the proceeds, the directors and officers would have a fiduciary obligation to use the funds to meet the organization’s obligations.

It already took $36 million from the auction proceeds to rebuild its reserve fund, which had been diminished by ICANN swelling its ranks and failing to predict the success of the new gTLD market.

The CCWG also failed to come to a consensus on whether ICANN or its constituent parts should be banned from formally applying for funds through the program.

Because the plan is a cross-community effort, it needs to be approved by all of ICANN’s supporting organizations and advisory committees before heading to the ICANN board for final approval.

There also looks to be huge amount of decision-making and implementation work to be done before ICANN puts its hand in its pocket for anyone.

.com renewals lowest in years, but Verisign sees lockdown bump anyway

.com and .net saw decent growth in the lockdown-dominated second quarter, despite Verisign reporting the lowest renewal rate since 2017.

The company last night reported that it sold more new domains in Q2 than it did in the same period last year — 11.1 million versus 10.3 million a year ago.

It added a net 1.41 million names across both TLDs in the quarter, compared to growth of 1.34 in Q2 2019.

CEO Jim Bidzos did not directly credit coronavirus for the bump, but he told analysts that the growth was driven primarily by small businesses in North America getting online. The US went into lockdown in the last week of March.

Verisign has now upped its guidance for the year. It now expects growth in domains of between 2.75% and 4%. That’s higher than the guidance it was giving out at the start of the year, pre-coronavirus.

The company had lowered this guidance to between 2% and 3.75% in April due to coronavirus uncertainties, which with hindsight clearly seems overly cautious.

On the flipside, Verisign’s estimated renewal rate for the quarter was down to only 72.8%, down from 74.2% a year ago, the worst it’s been since Q1 2017, when renewals were suffering through the tail-end of a massive Chinese junk drop.

But Bidzos said that the low rate was “primarily related to the lower overall first-time renewal rate”, suggesting that it might be more due to registrar promotions or heightened speculation a year ago than any coronavirus-related drag factor.

For Q2, Verisign reported revenue up 2.6% year over year at $314 million, with net income up from $148 million to $152 million.

The company also announced yesterday that it is freezing its prices across all of its TLDs until March 31, 2021.

You’ll recall that it gets the right to increase prices 7% starting on October 26 this year, under its new deal with ICANN and the US government, and Verisign confirmed yesterday that there will definitely be a price increase next year.

Because there’s a six-month notice period requirement in the contract, news of the timing of this increase could come as soon as September this year.

Over 660,000 “coronavirus” domains registered

There have been hundreds of thousands of domains that appear to refer to coronavirus registered since the start of the outbreak, but the domain industry reckons only a tiny portion of them have been used maliciously.

Speaking on a recent webinar, ICANN security specialist Sion Lloyd said that up until the end of May, ICANN had found 662,111 domains that at first glance appeared to be related to the pandemic.

ICANN had cast a wide net, parsing the zone files for all of the gTLDs and a handful of ccTLDs for strings such as “covid”, “corona”, “mask”, “quarantine” and “lockdown” in multiple languages.

But it also searched for homoglyph variants, such as replacing the O in Covid with a 0, and this brought in hundreds of thousands of false positives.

The actual number of domains that appear to refer to the virus and its impact is more like 170,000, Lloyd said.

The word “mask” was more commonly found than “corona”, but less frequently than “covid”.

The research was done as part of ICANN’s attempt to provide registries and registrars with data they could use to mitigate abuse, such as the sale of fake vaccines, fraud or phishing attacks.

But ICANN said that after it ran thousands of daily registrations through various public threat lists, it found a few hundred per day were potentially suspicious. At the peak, roughly 10 per day were considered serious enough to refer to registrars. That’s now down to three or four a day, Lloyd said.

His research was backed up by similar studies, albeit using slightly different methodologies and different-sized nets, by registries and registrars.

Tucows’ Graeme Bunton showed data reflecting that the registrar was seeing about 300 coronavirus-related regs per day at its peak in March.

The company had its compliance team manually check each domain, and found that only 0.5% were being used for clearly malicious purposes. The large majority — around 70% — were parked or not resolving, he said.

Jim Galvin from Afilias said that at the March peak the registry was seeing almost 900 coronavirus domains across its 25 gTLDs every week. That had dropped to under 100 by the end of March.

Brian Cimbolic of Public Interest Registry said that there had been 14,700 total registrations by the end of May, with the early April peak seeing over 500 in a single day.

While all this work is an example of ICANN and the industry getting involved to some extent in content regulation, Tucows’ Bunton said that it was an “exceptional” circumstance that was unsustainable and of limited use.

More data and the webinar recording can be found here.

.black gTLD has seen boost since George Floyd killing

Afilias’ little-known new gTLD .black has seen a noticeable increase in registrations in the last few weeks, as Black Lives Matter protests span the globe.

Between January 1 and May 25 this year, the day on which George Floyd was killed by Minneapolis police over a trivial offence, the gTLD’s zone file grew by 227 domains.

But in the 22 days since the killing, as BLM protests have spread across the US and elsewhere, it’s grown by 292 domains, currently standing at a modest 4,490.

Basically, it’s grown in three weeks by more than the previous five months combined.

The domain georgefloyd.black was registered May 27, after video of the incident shared on social media had attracted mainstream media attention, and is currently parked at GoDaddy.

Other .black domains registered since his death include accountable.black, lives.black, understanding.black, listen.black and itshardbeing.black.

Whois privacy talks in Bizarro World as governments and trademark owners urge coronavirus delay

Kevin Murphy, April 15, 2020, Domain Policy

Coronavirus may have claimed another victim at ICANN — closure on talks designed to reopen private Whois data to the likes of law enforcement and trademark owners.

In a remarkable U-turn, the Governmental Advisory Committee, which has lit a series a fires under ICANN’s feet on this issue for over a year, late last week urged that the so-called Expedited Policy Development Process on Whois should not wrap up its work in June as currently planned.

This would mean that access to Whois data, rendered largely redacted worldwide since May 2018 due to the GDPR regulation in Europe, won’t be restored to those who want it as quickly as they’ve consistently said that they want it.

Surprisingly (or perhaps not), pro-access groups including the Intellectual Property Constituency and Business Constituency sided with the GAC’s request.

In an email to the EPDP working group’s mailing list on Thursday, GAC chair Manal Ismail indicated that governments simply don’t have the capacity to deal with the issue due to the coronavirus pandemic:

In light of the COVID-19 pandemic, and its drastic consequences on governments, organizations, private sector and individuals worldwide, I would like to express our serious concerns, as GAC leaders, that maintaining the current pace of work towards completion of Phase 2 by mid-June could jeopardize the delivery, efficacy and legitimacy of the EPDP’s policy recommendations.

While recognizing that the GAC has continually advised for swiftly completing policy development and implementing agreed policy on this critical public policy matter, we believe that given the current global health emergency, which puts many in the EPDP and the community under unprecedented stress (for example governments has been called to heightened duties for the continuity of essential public services), pressing important deliberations and decisions in such a short time frame on already strained participants would mean unacceptably sacrificing the product for the timeline.

We understand there are budget and human resources considerations involved in the completion of Phase 2 of the EPDP. However, we are all living through a global health pandemic, so we call on the EPDP Team to seriously reassess its course and expectations (be it on the duration of its calls, the turn-around time of reviews, its ultimate timeline and budget) emulating what numerous governments, global organizations, and households are doing to adapt during these challenging times across the world.

In April last year, before the EPDP group had even formally started its current phase of talks, Ismail wrote to ICANN to say the GAC expected the discussions to be more or less wrapped up by last November and that the new policy be implemented by this April.

Proponents of the access model such as Facebook have taken to suing registrars for not handing over Whois data in recent months, impressing the need for the issue to be urgently resolved.

So to now request a delay beyond June is a pretty big U-turn.

While Ismail later retracted her request for delay last Thursday, it was nevertheless discussed by the working group that same day, where the IPC, the BC and the ALAC all expressed support for the GAC’s position.

The registrars and registries, the non-commercial users and the ISPs were not supportive.

Delay might be tricky. For starters, hard-sought neutral working group chair Janis Karklins, has said he can’t continue working on the project beyond June 30, and the group has not secured ICANN funding for any further extensions to its work.

It will be up to the GNSO Council to decide whether to grant the extension, and the ICANN board to decide on funding.

The working group decided on Thursday to ask the Council for guidance on how to proceed.

What’s worrying about the request, or at least the IPC and BC’s support of it, is that coronavirus may just be being deployed as an excuse to extend talks because the IP owners don’t like the proposal currently on the table.

“The reality is we’re looking at a result that is… just not going to be sufficient from our perspective,” MPAA lawyer Frank Journoud, an IPC rep on the working group, said on its Thursday call. “We don’t want the perfect to be the enemy of the good, but right now we’re not even going to get to good.”

The current state of play with the working group is that it published its initial report (pdf) for public comment in February.

The group is recommending something called SSAD, for Standardized System for Access and Disclosure, in which a central gateway provider, possibly ICANN itself, would be responsible for granting Whois access credentials and fielding requests to the relevant registries and registries.

The almost 70 comments submitted before the March 23 deadline have been published in an unreadable, eye-fucking Google spreadsheet upon which transparency-loving ICANN may as well have hung a “Beware of the Leopard” sign. The staff summary of the comments is currently nine days late.

Kuala Lumpur meeting cancelled and ICANN 68 could be even trickier online

Kevin Murphy, April 9, 2020, Domain Policy

ICANN has as expected cancelled its in-person ICANN 68 meeting, which had been due to take place in Kuala Lumpur in June, due to the coronavirus pandemic.

The decision, which was never really in any doubt, was taken by its board of directors yesterday. The board considered:

Globally, a high number of people are under some form of a “stay at home” or lock-down order, directed to avoid contact with others except to receive essential services such as medical care or to purchase supplies. Schools and offices are closed, gatherings are prohibited, and international travel is largely on pause. We do not know when travel or in-person meetings will be authorized or possible. As it relates to Kuala Lumpur, Malaysia has a Movement Control Order in force at least until 14 April 2020 that prohibits meetings such as ICANN68. The duration of the Movement Control Order has already been extended once.

It appears that the four-day meeting, which will instead go ahead virtually (presumably on the Zoom conferencing service) might be even more disjointed than ICANN 67.

ICANN 67, which took place online in March, did have a centralized component — a bunch of ICANN staffers on location at its headquarters in Los Angeles — but that may not be possible this time around.

The board said that “due to current social distancing requirements, ICANN org is unable to execute a virtual meeting from a single location, and that a decentralized execution model might necessitate changes to the format.”

It added that there is support for “a flexible, modified virtual meeting format that focuses on cross-community dialogues on key policy topics, supplemented by a program of topical webinars and regular online working meetings scheduled around the key sessions.”

While there has been a lot of criticism of the Zoom platform in recent weeks due to security and privacy concerns, ICANN indicated this week that it’s not particularly concerned and will carry on using the service.

Go here to help fight against coronavirus abuse

Kevin Murphy, March 26, 2020, Domain Tech

A coalition of over 1,000 security experts, domain name providers and others have got together to help coordinate efforts to combat abusive coronavirus-related domains.

A workspace on the collaboration platform Slack has been growing steadily since it was created a week ago, enabling technology professionals to exchange information about the alarming number of sites currently trying to take advantage of the pandemic.

You can join the channel via this link. Thanks to Theo Geurts of RealtimeRegister.com for passing it along.

The collection of chat rooms appears to have been created by Joshua Saxe, chief scientist at security software firm Sophos, March 19. There are currently 1,104 members.

There’s a channel devoted to malicious domains, which is being used to share statistical data and lists of bad and good coronavirus-related domains, among other things.

Across the workspace, a broad cross-section of interested parties is represented. Current members appear to come from security companies, governments, law enforcement, registries, registrars, ICANN, healthcare providers, and others.

It seems like a pretty good way for the technical members of the domain name industry to keep track of what’s going on during the current crisis, potentially helping them to put a stop to threats using domains they manage as they emerge.

More domain industry response to coronavirus

Kevin Murphy, March 18, 2020, Domain Registrars

It’s beginning to look like home-working has become the norm, rather than the exception, in the domain name industry.
Following on my post Monday, here are the latest companies and organizations to provide updates on their responses to the coronavirus pandemic.

  • ICANN has told its staff in Brussels, Geneva and Singapore to work from home, while recommending that its guys in Istanbul, LA and Washington DC do the same. Staff in Montevideo and Nairobi, where confirmed cases of the virus are pretty light, will carry on as normal for now. The edict will be in effect until March 31. One imagines there’s a good chance it could be renewed.
  • In the UK, Nominet said yesterday that it has “initiated home-working across all our teams from today” and expects “business as usual”. All in-person events through the end of May have been postponed.
  • In Ireland, registry IEDR said that it closed its offices in Dublin on Friday and may reopen March 30, pending further government guidance. Like other registries, IEDR said it’s already well-equipped for staff to work remotely.
  • Also in Ireland, registrar Blacknight Solutions tells me its team are also now working from home.
  • Canada-based registrar Tucows said: “On Sunday March 8, Tucows’ executive leadership announced that all employees who could conceivably work from home were encouraged to do so in the week that followed. On Monday, it looked like an overabundance of caution but by Thursday morning it seemed prescient.” While there is expected to be no impact to the registrar side of the house, the Ting Internet ISP arm has cancelled and rescheduled all home egineering visits, which obviously could cause customer disruption.
  • French registrar Gandi, operating under some of the world’s most stringent government guidelines, said yesterday its staff are naturally enough now all working from home.
  • Not strictly domain industry, but the World Intellectual Property Organization said yesterday it has limited access to its Geneva headquarters to only “essential” staff.
  • US-based registrar MarkMonitor said Monday it has implemented a remote-working regime for its staff.

Given how dog-bites-man such announcements have rapidly become, I doubt I’ll be following up this series of posts again, unless something truly extraordinary happens. It’s pretty safe to assume that before long almost everyone in the industry will be working from home.

Facebook WILL sue more registrars for cybersquatting

Kevin Murphy, March 13, 2020, Domain Registrars

Facebook has already sued two domain name registrars for alleged cybersquatting and said yesterday that it will sue again.
Last week, Namecheap became the second registrar in Facebook’s legal crosshairs, sued in in its native Arizona after allegedly failing to take down or reveal contact info for 45 domains that very much seem to infringe on its Facebook, Instagram and WhatsApp trademarks.
In the complaint (pdf), which also names Namecheap’s Panama-based proxy service Whoisguard as a defendant, the social media juggernaut claims that Whoisguard and therefore Namecheap is the legal registrant for dozens of clear-cut cases of cybersquatting including facebo0k-login.com, facebok-securty.com, facebokloginpage.site and facebooksupport.email.
In a brief statement, Facebook said these domains “aim to deceive people by pretending to be affiliated with Facebook apps” and “can trick people into believing they are legitimate and are often used for phishing, fraud and scams”.
Namecheap was asked to reveal the true registrants behind these Whoisguard domains between October 2018 and February 2020 but decline to do so, according to Facebook.
The complaint is very similar to one filed against OnlineNIC (pdf) in October.
And, according to Margie Milam, IP enforcement and DNS policy lead at Facebook, it won’t be the last such lawsuit.
Speaking at the second public forum at ICANN 67 yesterday, she said:

This is the second in a series of lawsuits Facebook will file to protect people from the harm caused by DNS abuse… While Facebook will continue to file lawsuits to protect people from harm, lawsuits are not the answer. Our preference is instead to have ICANN enforce and fully implement new policies, such as the proxy policy, and establish better rules for Whois.

Make no mistake, this is an open threat to fence-sitting registrars to either play ball with Facebook’s regular, often voluminous requests for private Whois data, or get taken to court. All the major registrars will have heard her comments.
Namecheap responded to its lawsuit by characterizing it as “just another attack on privacy and due process in order to strong-arm companies that have services like WhoisGuard”, according to a statement from CEO Richard Kirkendall.
The registrar has not yet had time to file its formal reply to the legal complaint, but its position appears to be that the domains in question were investigated, found to not be engaging in nefarious activity, and were therefore vanilla cases of trademark infringement best dealt with using the UDRP anti-cybersquatting process. Kirkendall said:

We actively remove any evidence-based abuse of our services on a daily basis. Where there is no clear evidence of abuse, or when it is purely a trademark claim, Namecheap will direct complainants, such as Facebook, to follow industry-standard protocol. Outside of said protocol, a legal court order is always required to provide private user information.

UDRP complaints usually take several weeks to process, which is not much of a tool to be used against phishing attacks, which emerge quickly and usually wind down in a matter of a few days.
Facebook’s legal campaign comes in the context of an ongoing fight about access to Whois data. The company has been complaining about registrars failing to hand over customer data ever since Europe’s GDPR privacy regulation came into effect, closely followed by a new, temporary ICANN Whois policy, in May 2018.
Back then, its requests showed clear signs of over-reach, though the company claims to have scaled-back its requests in the meantime.
The lawsuits also come in the context of renewed attacks at ICANN 67 on ICANN and the domain industry for failing to tackle so-called “DNS abuse”, which I will get to in a follow-up article.