Latest news of the domain name industry

Recent Posts

ICANN threatens to seize gTLD after Whois downtime

Kevin Murphy, April 12, 2021, Domain Registries

Are we about to see our next gTLD registry implosion?

ICANN has whacked the company behind .gdn with a breach notice and a threat that it may seize the TLD, after its Whois systems allegedly suffered days of downtime.

According to ICANN, .gdn exceeded its weekly and monthly downtime limits in late March and early April, in both months triggering the threshold whereby ICANN is allowed to transition the TLD to an Emergency Back-End Registry Operator.

gTLD registries are allowed to have 864 minutes (about 14 hours) of unplanned Whois downtime per month. Downtime exceeding 24 hours per week is enough to trigger ICANN’s EBERO powers.

It appears to be the third time .gdn’s Whois has gone on the blink for longer than the permitted period — ICANN says it happened in April 2018 and August 2019 too. Those incidents were not publicized.

It seems the Russian registry, Joint Stock Company “Navigation-information systems”, managed to fix the problem on April 2, and ICANN is not invoking the EBERO transition, something it has done just a couple times before, just yet.

But it does want NIS to present it with a plan showing how it intends to avoid another spell of excessive downtime in future. It has until May 8, or ICANN may escalate.

.gdn is by most measures a bullshit TLD.

While it was originally intended to address some kind of satellite navigation niche, it eventually launched as a pure generic with the backronym “Global Domain Name” in 2016.

It managed to rack up over 300,000 registrations in the space of a year, almost all via disgraced and now-defunct registrar AlpNames, and was highlighted by SpamHaus as being one of the most spam-friendly of the new gTLDs.

After AlpNames went out of business two years ago, ICANN transferred some 350,000 .gdn names to CentralNic-owned registrar Key-Systems.

Today, Key-Systems has fewer than 300 .gdn domains. The TLD’s zone file dropped by about 290,000 domains in a single day last December.

.gdn had fewer than 11,000 domains under management at the end of 2020, 90% of which were registered through a Dubai-based registrar called Intracom Middle East FZE.

Intracom pretty much only sells .gdn domains, suggesting an affiliation with the registry.

Web searches for live sites using .gdn return not much more than what looks like porn spam.

A busted Whois looks like the least of its problems, to be honest.

AlpNames died months ago. Why is it still the “most-abused” registrar?

Kevin Murphy, December 6, 2019, Domain Registrars

Despite going out of business, being terminated by ICANN, and losing all its domains several months ago, defunct AlpNames is still being listed as the world’s most-abused registrar by a leading spam-fighting organization.
SpamHaus currently ranks the Gibraltar-based company as #1 on its list of the “The 10 Most Abused Domain Registrars”, saying 98.7% of its domains are being used to send spam.
But AlpNames customers and regular DI readers will recall that AlpNames mysteriously went titsup in March, then got terminated by ICANN, then had its entire customer base migrated over to CentralNic in April.
So what’s this about?
SpamHaus
I asked SpamHaus earlier this week, and it turns out that Whois query throttling is to blame.
It seems SpamHaus only pings Whois to update the registrar associated with a specific domain when the domain expires, or the name servers change, or where it’s a new registration with an unknown registrar.
I gather that when CentralNic took over AlpNames’ customer base, it did so with all the original name server information intact.
So, SpamHaus’ database still associates the domains with AlpNames even though it’s been out of business for the better part of a year.
A SpamHaus spokesperson said:

This is a very unusual situation, as a huge majority of the domains that contribute to the Top 10 list in question are created, abused, and burnt quickly; meaning a change of registrar is exceptionally rare. However, in the case of these particular domains registered with AlpNames we can only assume that the sheer volume of unused domains was too high for the owner to use in one single hit.

The actual number of “AlpNames” domains rated as spammy by SpamHaus is pretty low — 1,976 of the 2,002 domains it saw were rated as “bad”.
GMO, at #4 on the list, had over 40,000 “bad” domains, but a lower percentage given the larger number of total domains seen.

CentralNic gets 680,000 AlpNames domains for free, kinda

CentralNic has emerged as the gaining registrar for AlpNames’ entire portfolio of gTLD domains.
The company announced late last week that three registrars in its stable — Moniker, Key-Systems LLC and Key-Systems GmbH — will take over roughly 680,000 domains that were left stranded when AlpNames management went AWOL.
US-based Key-Systems LLC appears to be the biggest gainer. It will be taking over domains in every gTLD except .biz, .com, .info, .net, .org, which are going to Moniker, and .pro, which are going to the German Key-Systems division.
While most registrars see their domains under management concentrated in these legacy gTLDs, by volume AlpNames had far more registrations in new 2012-round gTLDs.
It had just 19,000 .com DUM at the last count, compared to hundreds of thousands in new gTLDs such as .top and .gdn.
CentralNic said in a press release that ICANN selected its registrars after a competitive bidding process, which I’ve previously outlined here, but that it did not pay for the names. So AlpNames, presumably, won’t be getting the payday it could have received under the rules.
The transfer won’t be entirely cost-free, of course. CentralNic is going to have to provide support to its incoming customers — who will all be emailed with the details of their new Moniker accounts — for starters.
There’s also the issue of abuse. AlpNames was notorious as a haven for spammers and the like, due to its cheap prices and bulk-registration tools, so CentralNic may find itself having to deal with this legacy.
But CentralNic said it expects these incidental costs to be “minimal”.
The transfers are a big boost for CentralNic’s registrar volume, at least in the short term. The three selected registrars had a combined total of roughly two million gTLD domains at the last count. CentralNic says it acts as registrar for over seven million domains across its 13 accreditations.
For every AlpNames domain that gets renewed, CentralNic gets paid. But if AlpNames’ own track record is any guide, I suspect there’s going to be a lot of drops over the coming year.
UPDATE August 12 2020: AlpNames former CEO Iain Roache recently wrote to DI and stated the following:

Alpnames itself worked closely with ICANN for months to arrange for its exit from the Registrar business and with a number of Registrars to arrange for the transfer of the customers. Your article does not reflect the detail of what transpired and is inaccurate.

AlpNames could get PAID for abandoning its customers

Kevin Murphy, March 15, 2019, Domain Registrars

So it turns out selling domain names for peanuts to spammers isn’t a viable business model. Who’d have thunk?
As you’ll have no doubt already read elsewhere, ICANN has shut down AlpNames, the deep-discounting registrar with an unenviable reputation for attracting abusive registrants.
But there’s a chance that the company might actually get paid for its customer base, under ICANN rules.
ICANN today terminated AlpNames’ contract, effective immediately, having discovered the “discontinuance of its operations”.
It’s a rare case of ICANN going straight to richly deserved termination, skipping over the breach notice phase.
The former registrar’s web site has been down for the best part of a week, resolving to a Cloudflare error message saying the AlpNames web server is missing its SSL certificate.
But it appears its customers may have been experiencing problems accessing their accounts even earlier.
Judging by ICANN’s termination notice, the organization has had just about as much luck contacting AlpNames management as DI, which is to say: none.
CEO Iain Roache appears to have simply stopped paying attention to the company, for reasons unknown, allowing it to simply fade away.
At least three members of senior staff have left the company over the last several months, with former COO Damon Barnard telling DI he was asked to leave as a cost-cutting measure as Roache attempted to relocate the company from Gibraltar to the UK.
I gather that Roache is also currently tied up in litigation related to the failure of his old registry management business, Famous Four Media, which was removed by gTLD portfolio owner Domain Venture Partners last year.
So what happens now to AlpNames customers?
Fortunately, most of them should suffer only minor inconvenience.
ICANN has initiated its De-Accredited Registrar Transition Procedure, which will see all of AlpNames’ domains forcibly transferred to another registrar.
This often uses the data that registrars are obliged to periodically escrow, but in this case AlpNames uses LogicBoxes as a registrar back-end, so presumably LogicBoxes still has fresh, live data.
AlpNames had 532,941 domain names across all gTLDs on its IANA tag at the last official count, at the end of November. It’s believed to be closer to 700,000 today.
In November, its top two gTLDs were .top and .gdn, which had 280,000 names between them. It had over 19,000 .com names under management
Almost 700,000 names is a big deal, making AlpNames a top 40 registrar, and would make a nice growth spurt for any number of struggling registrars.
The portfolio could be a bit of a poisoned chalice, however, containing as it likely does a great many low-quality and some possibly abusive registrations.
At least one registrar, Epik, has publicly stated its desire to take over these domains, but due to the volume of AlpNames DUM it could be a competitive bidding process between multiple registrars.
Under the ICANN rules (pdf), a “full application process” is generally favored for defunct registrars with over 1,000 domains, when the de-accredited registrar has not named a successor.
The scoring system used to pick a winner has many criteria, but it generally favors larger registrars. They have to show they have the scale to handle the extra technical and customer support load required by the transition, for example.
It also favors registrars with breadth of gTLD coverage. They have to be accredited in all the gTLDs the dead registrar was. AlpNames supported 352 gTLDs and had active domains in 270 of them, according to November’s registry reports.
Language support may be an issue too, in case for example a substantial chunk of AlpNames business came from, say, China.
All applying registrars that score above a certain threshold are considered tied, and the tie-breaker is how much they’re willing to pay for the portfolio.
Unlike gTLD auctions, ICANN does not receive the proceeds of this auction, however. According to the policy (with my emphasis):

This procedure is not intended to create a new form of revenue for ICANN. To the extent payment is received as part of a bulk transfer, ICANN will apply funds against any debt owed by the registrar to ICANN and forward the remaining funds, if any, to the de-accredited registrar.

That’s right, there’s a chance AlpNames might actually get a small windfall, despite essentially abandoning its customers.
Think about it like the government using eminent domain to buy a house it wishes to demolish to make way for a new road. Except the house’s cellar is full of kidnapped children. And it’s on fire.
Of course, this might not happen. ICANN might decide that there’s not enough time to run a full application process without risk to AlpNames’ customers and instead simply award the dead registrar’s portfolio to one of the registrars in its pre-approved pool of gaining registrars.
That choice would be partly based on ICANN judgement and partly on which registrar is next in the round-robin queue of pre-qualified registrars.
Here’s a handy diagram that shows the procedure.
Deaccred
UPDATE August 12 2020: Roache recently wrote to DI and stated the following:

Alpnames itself worked closely with ICANN for months to arrange for its exit from the Registrar business and with a number of Registrars to arrange for the transfer of the customers. Your article does not reflect the detail of what transpired and is inaccurate.

I was wrong, Famous Four bosses WERE kicked out

Kevin Murphy, August 9, 2018, Domain Registries

Famous Four Media’s portfolio of gTLDs is under new management after an investor rebellion, contrary to what I speculated earlier this week.
FFM’s former stable, which includes the likes of .men and .science, is now being managed by a company calling itself GRS Domains, but this new company has absolutely nothing to do with FFM’s former management.
That’s according to Robert Maroney, founder of Connecticut-based Engineers Gate Investments, which is a shareholder of ultimate portfolio owner Domain Venture Partners.
Maroney got in touch with DI yesterday to explain some of what has recently happened to the ownership and management of the 16 high-volume new gTLDs.
Back in June I speculated based on the quite limited available information that FFM might be bankrupt.
On Tuesday, after GRS Domains announced a relaunch and a rejection of its previous volume-heavy, spam-friendly business plan, I speculated based on slightly more information that management had repurchased the TLD assets after investors forced it into administration.
I was wrong on both counts, according to Maroney. What actually happened is more akin to an investor takeover.
Maroney said he “engineered” the ouster of FFM and its two shareholders/managers, Iain Roache and Geir Rasmussen, after Roache attempted to close down DVP.
DVP is basically a collection of private and institutional investors (brought in by Roache and others) from around the world which, based on the available evidence, have little or no connection to the domain name industry.
It’s a matter of public record that each gTLD contract is owned by a distinct Gibraltar-based shell company — dot Bid Limited owns the ICANN rights to run .bid for example — and that Domain Venture Partners owns these companies.
I’ve previously reported that Famous Four was also owned by DVP, but Maroney said that this was never the case. It was owned 80-20 by Roache and Rasmussen and contracted by DVP to manage the 16 gTLDs.
The affiliated registrar AlpNames, which has been responsible for a very large portion of registrations in the portfolio, had the same ownership structure as FFM and was never directly connected to DVP, Maroney said.
Following a court battle, GRS Domains has replaced FFM as the registry manager.
GRS is owned by PricewaterhouseCoopers, and is currently being managed by court-appointed administrator Edgar Lavarello, a Gibraltar-based accountant at PwC.
Maroney did not want to get into the detailed specifics about what caused the investor revolt, but did say that shareholders were unhappy with how FFM was managing the portfolio.
Its low-price, high-volume strategy had caused its TLDs to become the destinations of choice for spammers and other abusive registrants.
But the court case was brought after Roache attempted to break up DVP, restructure ownership of the 16 individual registries, and “escape the regulation of Gibraltar”, Maroney said.
“Roache wanted to shut down DVP in a way we considered to be unlawful,” he said.
He said DVP shareholders felt Roache’s moves were “inappropriate and unlawful”, which is what caused him to “engineer”, via fellow investor Christina Mattin, DVP being placed into administration.
I have seen no independent evidence that Roache acted or attempted to act unlawfully. The court document I’ve seen appointing Lavarello as administrator contains no finding of wrongdoing by anyone.
The upshot of all this is that the group of TLDs formerly known as Famous Four Media is now GRS Domains — Global Registry Services Ltd — and that Lavarello is currently in charge.
I imagine the company will want to find permanent management at some point, but Maroney did not want to talk about that.
In the meantime, GRS has already made moves to become more transparent and to engage more with the rest of the industry.
Maroney said, and I have independently confirmed, that he was at the ICANN meeting in Panama recently, meeting senior industry figures. Famous Four executives have not been known to attend ICANN meetings or industry events in the past.
GRS has told registrars it intends to have a formal presence at ICANN 63 in Barcelona also.
The company will shortly terminate all of its promotional pricing and introduce a flat $9.98 registry fee, which is very likely to affect its volumes and reduce spamming activity over the next year or so.
UPDATE July 30 2020: This article was edited to remove an erroneous link to the web site of Engineers Gate LP, which is not the same company as Engineer’s Gate Investments LLC.
UPDATE August 12 2020: This article was edited to correct GRS’s ownership status. It’s owned by PwC, not DVP. Roache’s job title at FFM was also corrected.
In addition, Roache recently wrote to DI, almost two years after the article was originally published, and made the following statements:

Famous Four Media (FFM) was placed in voluntary administration by myself and Mr Rasmussen as respective 80% and 20% shareholders, due to invoices that went unpad by PWC Gibraltar as administrator to DVP.

There was NO “court battle to replace FFM with GRS”. FFM withdrew services after promises to pay FFM its outstanding invoices by PWC turned out to be untruthful.

To say or repeat the allegation that it was “unlawful” to close the fund down is untrue… DVP was set up as a closed end fund with a maximum maturity of April 2018 on 12 April 2012 — i.e. a 5-year fund with a one-year extensions.
Against the recommendation of myself as Investment Director and largest creditor and investor, the support of the Board, the regulated Fund Administrator Juno, the Fund’s own regulated legal counsel Isolas and the approval of the Gibraltar Financial Services Commission — a number of investors pushed to place the Fund into administration. The actions of those few investors led by Ms Mattin, Mr Maroney and PWC have been hugely prejudcial to other investors in DVP and the seed investors, including myself. In April 2018 the valuation of the Fund’s assets was in excess of £30 million and of the total registry assets more than £100 million — today the value is close to zero if not insolvent under the disastrous management of PWC, Maroney and Mattin.
Mr Maroney’s statement that he “engineering the ousting of Mr Rasmussen and I” is also untrue — I made it clear to all investors in DVP in an emaill dated October 2017 that if the Fund was not redeemed in Specie with investors honouring their debts then the alternative choice would be a structured administration which ran the risk of losing their entire remaining assets in DVP.

Tech giants gunning for AlpNames over new gTLD “abuse”

A small group of large technology companies including Microsoft and Facebook have demanded that ICANN Compliance take a closer look at AlpNames, the budget registrar regularly singled out as a spammers’ favorite.
The ad hoc coalition, calling itself the Independent Compliance Working Party, wrote to ICANN last week to ask why the organization is not making better use of statistical data to bring compliance actions against the small number of companies that see the most abuse.
AlpNames, the Gibraltar-based registrar under common ownership with new gTLD portfolio registry Famous Four Media, is specifically singled out in the group’s letter.
The letter, sourcing the August 2017 Statistical Analysis of DNS Abuse in gTLDs (pdf), says there “is a clear problem with one particular contracted party”.
AlpNames was the registrar behind over half of the new gTLD domains blacklisted by SpamHaus over the study period, for example, the letter states.
The tiny territory of Gibraltar also frequently ranks unusually highly on abuse lists due to AlpNames presence there, the letter and report say.
The ICWP letter also says that the four gTLDs .win, .loan, .top, and .link were used by over three quarters of abusive domains over the SADAG study period.
The letter calls the abuse rates “troublesome” and says:

We are alarmed at the levels of DNS abuse among a few contracted parties, and would appreciate further information about how ICANN Compliance is using available data to proactively address the abusive activity amongst this subset of contracted parties in order to improve the situation before it further deteriorates.

It goes on to wonder whether high levels of unaddressed abuse could amount to violations of new gTLD Registry Agreements and Registrar Accreditation Agreements, and to ask whether there any barriers to ICANN Compliance pursuing breach claims against such potential violations.
The ICWP comprises Adobe, DomainTools, eBay, Facebook, Microsoft and Time Warner. It’s represented by Fabricio Vayra of Perkins Coie.
Other than the letter (pdf), the Independent Compliance Working Party does not appear to have any web presence, and a spokesperson has not yet responded to DI’s request for more information.
The SADAG report also singled out Chinese registrar Nanjing Imperiosus Technology Co, aka DomainersChoice.com, as having particularly egregious levels of abuse, but noted that this abuse disappeared after ICANN terminated its RAA last year.
AlpNames has not to date had any public breach notices issued against it, but this is certainly not the first time it’s been singled out for public censure.
In November last year, ICANN’s Competition, Consumer Trust, and Consumer Choice Review Team (CCT) named it in a report that claimed: “Certain registries and registrars appear to either positively encourage or at the very least willfully ignore DNS abuse.”
AlpNames seems to have been used often by abusers due to its bargain-basement, often sub-$1 prices — making disposable domains more cost effective — and its tool that allowed up to 2,000 domains to be registered simultaneously.
If not actively soliciting abusive behavior, these factors certainly don’t make abuse any more difficult.
But will ICANN Compliance take action in response to the criticism leveled by CCT and now ICWP?
The main problem with the ICWP letter, and the SADAG report it is based upon, is that the data it uses is now rather old.
The SADAG report sourced abuse databases only up to January 2017, a time when AlpNames’ total gTLD domains under management was at its peak of around three million names.
Since then, the company has been hemorrhaging DUM, losing hundreds of thousands of domains every month. At the end of November 2017, the most recent data compiled by DI shows that it was down to around 838,000 domains.
It’s quite possible that AlpNames’ customer base is no longer the den of abuse it once was, whether due to natural attrition or a proactive purge of bad actors.
A month ago, in a press release connected with a $5.4 million buy-out of an co-founder, AlpNames chairman Iain Roache said he has a “10-year strategic plan” to turn AlpNames into a “Tier-1” registrar and “bring the competition to the incumbents”.

Famous Four chair pumps $5.4 million into AlpNames to settle COO lawsuit

Kevin Murphy, February 8, 2018, Domain Registrars

Famous Four Media chair Iain Roache has bought out his former COO’s stake in AlpNames, its affiliated registrar, settling a lawsuit between the two men.
He’s acquired Charles Melvin’s 20% stake in the company for £3.9 million ($5.4 million), according to a press release.
A spokesperson confirmed that the deal settles a lawsuit in the companies’ home territory of Gibraltar, which we reported on in December.
Roache said in the press release that he has a plan to grow AlpNames into a “Tier 1 registrar”:
“I’ve got a 10 year strategic plan, which includes significant additional investment, to set the business up for future growth and success,” he said. “We’re going to bring the competition to the incumbents!”
AlpNames is basically the registrar arm of Famous Four, over the last few years supporting the gTLD portfolio registry’s strategy of selling domains in the sub-$1 range and racking up huge market share as a result.
But it’s on a bit of a slide, volume-wise, right now, as hundreds of thousands of junk domains are allowed to expire.
According to today’s press release, AlpNames has 794,000 gTLD domains under management. That’s a far cry from its peak of 3.1 million just under a year ago.
Seller Melvin, according to the press release, “has decided to pursue other interests outside of the domain name industry”.
It appears he left his COO job at Famous Four some time last year, and then sued Roache and CEO Geir Rasmussen (also an AlpNames investor) over a financial matter. Previous attempts to buy him out were rebuffed.
Last October, the Gibraltar court ruled that the defendants has supplied the court with “forged documents” in the form of inaccurately dated invoices between the registry and AlpNames.
The pair insisted to the court that the documents were an honest mistake and their lawyer told DI that there was no “forgery” in the usual sense of the word.
But it appears that Melvin’s split from the companies was less than friendly and the £3.9 million buyout should probably be viewed in that light.

ICANN urged to crack down on new gTLD abuse

Kevin Murphy, November 29, 2017, Domain Registries

Registries selling dirt-cheap new gTLD domains should be rewarded with lower ICANN fees when they get proactive about abuse, while registrars that turn a blind eye to spammers should be suspended, an ICANN working group will recommend.
In its second batch of findings, the Competition, Consumer Trust, and Consumer Choice Review Team (CCT) said that financial incentives and a new complaints procedure should be used to persuade registries and registrars to fight DNS abuse.
The CCT said it “proposes the development of incentives to reward best practices preventing technical DNS abuse and strengthening the consequences for culpable or complacent conduits of technical DNS abuse” in a paper published today.
The review, which drew on multiple sources of market and abuse data, original research, and analysis of third-party research, is probably the most comprehensive study into the impact of the new gTLD program to date.
It concluded that overall rates of DNS abuse did not increase as a result of the program, but that bad actors are increasingly migrating away from legacy gTLDs such as .com to 2012-round TLDs such as .top, .gdn and Famous Four Media’s stable.
Indeed, much of the paper appears to be a veiled critique of FFM’s practices.
The registrar AlpNames, known to be affiliated with FFM and responsible for most of its retail sales, is singled out as the currently accredited registrar particularly favored by abusers.
The CCT report notes that AlpNames regularly sells domains for under $1, or gives them away for free, and offered a tool allowing registrants to randomly generate up to 2,000 available domains in 27 different gTLDs, pretty much inviting abuse.
“Certain registries and registrars appear to either positively encourage or at the very least willfully ignore DNS abuse. Such behavior needs to be identified rapidly and action
must be taken by ICANN compliance as deemed necessary,” the paper says.
The review found that gTLDs with no registration restrictions and the lowest prices had the most abuse. Duh.
“Generally, the DNS Abuse Study indicates that the introduction of new gTLDs did not increase the total amount of abuse for all gTLDs,” its report says. “[F]actors such as registration restrictions, price, and registrar-specific practices seem more likely to affect abuse rates.”
Drawing on data provided by 11 domain block-lists (SURBL, SpamHaus, etc), the paper states that at least one TLD (FFM’s .science) had an abuse rate excess of 50%.
Using SpamHaus data, the paper identities FFM’s .science, .stream, .trade, .review, .download and .accountant as having over 10% abuse during the period of its study. Also on that list: Uniregistry’s low-price .click and the China-based .top and .gdn.
One thing they all have in common is that AlpNames is a leading registrar, usually accounting for at least a quarter of domains under management.
There’s no way AlpNames/FFM is not aware of the amount of bad actors in its customer base, the question is what can ICANN do about it?
The CCT team recommends that registries and registrars with over 10% of their names used for abusive purposes should be tasked by ICANN with proactively cleaning up their zones. Those that fail to do so should be subject to a new Domain Abuse Dispute Resolution Process, it said.
These companies should have their contracts suspended when they’re “associated with unabated, abnormal and extremely high rates of technical abuse”, the report recommends.
There’s a big boilerplate specifying, tellingly, that registry operators that control registrars are affected by this recommendation too.
It should be noted that there was not a full consensus of support for the idea of a DADRP. Half a dozen working group members filed minority statements opposing it.
It’s not all stick in the report, however. There’s some carrot, too.
The CCT report recommends financial incentives such as fee reductions for registries that have “proactive anti-abuse measures” in place.
It noted that there is precedent for ICANN doing this kind of thing when it implemented an anti-tasting policy that seriously restricted registrars’ ability to get registry refunds.
The CCT Review Team was formed to figure out what impacts the 2012 new gTLD round had on the domain name market.
The completion of its work is one of several gating factors to the next new gTLD application round under ICANN’s new bylaws and the old Affirmation of Commitments with the US government.
It published initial recommendations earlier this year. This new set of recommendations is now open for public comment until January 8.

Schilling, Famous Four rubbish Spamhaus “worst TLD” league

Kevin Murphy, March 17, 2016, Domain Registries

Uniregistry and Famous Four Media have trashed claims by Spamhaus that their gTLDs are are much as 75% spam.
FFM says it is “appalled” by the “wholly inaccurate” claims, while Uniregistry boss Frank Schilling said Spamhaus has “totally jumped the shark here.”
In a statement to DI today, FFM chief legal officer Oliver Smith said the spam-fighting organization’s recently launched World’s Worst TLDs list is “reckless”, adding that the numbers are:

not only wholly inaccurate, but are misleading and, potentially, injurious to the reputation of Famous Four Media and those TLDs it manages. It is particularly worrisome that Spamhaus’s “findings” seem to have been taken as gospel within certain corners of the industry, despite not being proffered with any analytical methodology in support of the same.

The Spamhaus report, which is updated daily, presents the 10 TLDs that are more spam than not.
The rank is based on a percentage of domains seen by Spamhaus that Spamhaus considers to be “bad” — that is, are advertised in spam or carry malware.
Today, Uniregistry’s .diet tops the chart with “74.4% bad domains”, but the scores and ranks can and do shift significantly day by day.
Spamhaus describes its methodology like this:

This list shows the ratio of domains seen by the systems at Spamhaus versus the domains our systems profile as spamming or being used for botnet or malware abuse. This is also not a list that retains a long history, it is a one-month “snapshot” of our current view.

The words “seen by the systems at Spamhaus” are important. If a domain name never crosses Spamhaus’s systems, it isn’t counted as good or bad. The organization is not running the whole zone file against its block-list to check what the empirical numbers are.
In important ways, the Spamhaus report is similar to the discredited Blue Coat report into “shady” TLDs last September, which was challenged by myself and others.
However, in a blog post, Spamhaus said it believes its numbers are reflective of the TLDs as a whole:

In the last 18-years, Spamhaus has built its data gathering systems to have a view of most of the world’s domain traffic. We feel the numbers shown on this list are representative of the actual full totals.

I disagree.
In the case of .diet, for example, if 74% of the full 19,000-domain zone was being used in spam, that would equate to 14,000 “bad” domains.
But the .diet zone is dominated by domains owned by North Sound Names, the Frank Schilling vehicle through which Uniregistry markets its premium names.
NSN snapped up well over 13,000 .diet names at launch, and Schilling said today that NSN owns north of 70% of the .diet zone.
That would mean either Uniregistry is a spammer, or Spamhaus has no visibility into the NSN portfolio and its numbers are way the hell off.
“Spamhaus’ assertion that 74% of the registrations in the .diet space are spam is a numerical impossibility,” Schilling said. “They totally jumped the shark here.”
NSN’s domains don’t send mail, he said.
He added that diet-related products are quite likely to appear in spam, which may help account for Spamhaus’s systems identifying .diet emails as spam. He said:

Spamhaus is a high-minded organization and we applaud their efforts but this report is so factually inaccurate it casts into doubt the validity of everything they release. Spamhaus should be smarter than this and at a minimum consult with registries (our door is open) to gain a better understanding of the subject matter they wrongly profess to be expert in.

Similarly, FFM’s .review gTLD was briefly ranked last week as the “worst” gTLD at 75.1% badness. With 66,000 domains, that would mean almost 50,000 names are spammy.
Yet it appears that roughly 25,000 .review domains are long-tail geo names related to the hotels industry, registered by a Gibraltar company called A Domains Limited, which appears to be run by AlpNames, the registry with close ties to FFM itself.
Again, if Spamhaus’s numbers are accurate, that implies the registrar and/or registry are spamming links to content-free placeholder web sites.
FFM’s Smith says the registry has been using Spamhaus data as part of its internal Registry Abuse Monitoring tool, and that its own findings show significantly less spam. Referring to .review’s 75% score, he said:

This simply does not accord with FFM’s own research, which relies heavily on data made available by Spamhaus. The reality is that, in reviewing registration data for the period 8 February to 8 March 2016, only 4.8% of registered domains have been blacklisted by Spamhaus – further, it is questionable as whether every single such listing is wholly merited. When reviewing equivalent data for the period of 1 January to 8 March 2016 across ALL FFM managed TLDs this rate averages out to a mere 3.2%.

I actually conducted my own research into the claims.
Between March 8 and March 15, I ran the whole .review zone file through the Spamhaus DBL and found 6.9% of the names were flagged as spam.
My methodology did not take account of the fact that Spamhaus retires domains from its DBL after they stop appearing in spam, so it doesn’t present a perfect apples-to-apples comparison with Spamhaus, which bases its scoring on 30 days of data.
All told, it seems Spamhaus is painting a much bleaker picture of the amount of abuse in new gTLDs than is perhaps warranted.
During ICANN meetings last week and in recent blog comments, current and former executives of rival registries seemed happy to characterize new gTLD spam as a Famous Four problem rather than an industry problem.
That, despite the fact that Uniregistry, Minds + Machines and GMO also feature prominently on Spamhaus’s list.
I would say it’s more of a low prices problem.
It’s certainly true that FFM and AlpNames are attracting spammers by selling domains for $0.25 wholesale or free at retail, and that their reputations will suffer as a result.
We saw it with Afilias and .info in the early part of the last decade, we’ve see it with .tk this decade, and we’re seeing it again now.

AlpNames claims to be second-largest new gTLD registrar

A little-known registrar with close ties to Famous Four Media says it is now the second-largest seller of new gTLD domains, after Go Daddy.
AlpNames said it has 500,000 new gTLD domains under management, overtaking Network Solutions into the number-two position.
Its number for February, the last month for which registry reports are available, has the registrar with a DUM of under 50,000.
The vast majority of the names it sells or gives away are in gTLDs in the Famous Four portfolio — namely .science, .party and .webcam.
It’s currently selling those for $0.49 each, a $0.24 markup on the current promotional registry fee.
Factoring out the ICANN transaction fee, AlpNames has a margin of just a few cents per name.
Previously, it has given away .science names for free.
AlpNames is Famous Four’s neighbor in Gibraltar and owns domains such as register.science, indicating a very close relationship between the two companies.