Latest news of the domain name industry

Recent Posts

Freenom hit by FIFTH ICANN action after litany of screw-ups

Kevin Murphy, September 21, 2023, Domain Registrars

Is time up for Freenom? After being sued by Facebook and losing its contracts to operate ccTLDs for at least two countries, now it also has ICANN Compliance to deal with.

Its registrar arm, Netherlands-based OpenTLD, has been hit with a lengthy ICANN breach notice that alleges the company failed to allow its customers to renew and/or transfer their domains, in violation of the registrar contract.

It’s the fifth time OpenTLD has been targeted by Compliance, following breach notices in 2020, 2017 and 2015 and a notice of suspension later in 2015. ICANN says this notice is for the same sorts of failures as in 2020 and 2017.

The latest notice covers a dozen separate cases, probably the largest number in a single breach notice to date. Some of them ICANN has been investigating as far back as January 2022.

The notice says that OpenTLD failed to allow some registrants of expired domains to recover their names under the Expired Registration Recovery Policy and that some registrants were not provided with the AuthInfo codes they need to transfer their domains to other registrars upon request, which registrars have to do under the Transfer Policy.

It goes on to describe a situation where the registrar habitually did not respond to Compliance’s calls, emails or faxes.

OpenTLD apparently has not filed its 2022 Compliance Certificate with ICANN either, which it was supposed to do before January 20 this year.

The company had almost 19,000 gTLD domain names under management at the end of May, down from a 2019 peak of almost 45,000, but it’s probably better known for being Freenom, the registry behind .ml, .ga, .cf, .gq and .tk.

Domains in these five ccTLDs — mostly representing West African nations suffering under military dictatorships or civil war — were offered for free and monetized by the registry upon expiration or suspension.

But Freenom has not offered new regs in these TLD since the start of the year. Its web site blames technical problems, but it’s widely believed to be a result of the cyberquatting lawsuit filed by Facebook owner Meta in late 2022.

Mali and Gabon, of .ml and .ga, have since severed ties with Freenom. It turned out .ga had seven million domains in its zone, most of which presumably belonged to the registry.

OpenTLD has until October 11 to give ICANN evidence that it followed policy with the renewals or transfers of dozens of names domains or risk losing its accreditation.

Freenom is losing another ccTLD after collecting military emails

Controversial free domains provider is reportedly losing its contract to manage Mali’s ccTLD, its second loss in as many months.

The Financial Times quoted Freenom CEO Joost Zuurbier as saying a 10-year-deal with Mali’s government to run .ml was due to expire yesterday. I reported last month that the deal looked like it was ending.

Gabon has also cancelled its contract with Freenom, saying it was bringing the country into disrepute due to the high levels of spam and abuse associated with .ga domains.

And now it seems that along with running a stable of spam-friendly ccTLDs for a decade, Freenom has also vacuumed up over a hundred thousand emails destined for the US military, which uses the highly restricted .mil TLD.

Zuurbier told the FT that he set up email accounts at navy.ml and army.ml domains shortly after taking over .ml in 2013, and quickly started receiving emails intended for American military personnel, before shutting the accounts down.

While he said nothing was marked confidential, the extensive list of documents he reportedly received, according to the FT, appears to frequently include things you wouldn’t want your enemy to read, such as medical data and financial records.

Now that .ml is reverting to Mali government control, there’s a risk this kind of information could fall into enemy hands, the FT reported. Mali is allied to Russia, which at this point in history is no friend of the US.

Zuurbier said he’s been pestering the US government and military for the last 10 years to get them to do something about the problem. The military told the FT it blocks outgoing emails to .ml domains from its own network. There’s presumably little it can do about emails sent from other domains.

Freenom got its ICANN registrar accreditation suspended in 2015 for cybersquatting its competitors. The company is also being sued for cybersquatting by Facebook owner Meta.

It’s not been possible to register new domains in any of the company’s ccTLD since last year.

Millions of domains to be deleted as Freenom loses its first TLD

Controversial free-domains registry Freenom has lost its deal with the government of Gabon after years of abuse. The government has retaken its ccTLD and will delete as many as seven million .ga domains.

That’s according to the French ccTLD registry, AFNIC (pdf), which says it has been helping migrate the TLD from Freenom to Gabonese government entity ANINF for the last year.

The technical handover will begin today and run until June 7, this coming Wednesday, according to ANINF.

AFNIC said the migration is happening due to “the failure of the company Freenom, which has managed the .ga TLD up until now, to provide the Internet community with a satisfactory service.”

ANINF said it wants to: “Put an end to abusive practices, through the will and support of the Gabonese State, which have had a negative impact on the image of the country and its influence on the Internet.”

Freenom’s business model is to allow people to register domains for free, then bring them in-house and monetize them when they expire or are suspended for abuse such as spam and phishing — something that happens rather a lot.

Security blogger Brian Krebs reported last week that abuse levels originating from ccTLD domains have plummeted since Freenom’s troubles began earlier this year.

ANINF reckons there are currently over seven million domains in .ga, and says most of those will be deleted.

That would make .ga the seventh-largest TLD overall and fourth-largest ccTLD after China, Germany and the UK. But Gabon has a population of just 2.3 million with a relatively low internet penetration of 62%.

Could it be the beginning of the end for Freenom?

Presumably most of the domains Gabon will delete are owned and currently monetized by Freenom, so it will be losing a large parking network when ANINF swings the ban hammer.

There’s also reason to believe .ga will not be the last ccTLD it loses. The tech contact in the IANA record for Mali’s .ml switched from Freenom’s Netherlands-based subsidiary to a Mali government agency back in March, suggesting a takeover is also imminent there.

Then of course there’s the lawsuit by Facebook owner Meta, filed earlier this year, which accuses Freenom of cybersquatting and seeks a ruinous amount in damages.

Freenom has not allowed anyone to register domains in any of its managed TLDs — .ml, .ga, .cf, .gq and .tk — since at least January 1 this year.

I asked Freenom to explain this a few weeks ago and the company declined to comment.

ANINF says the migration this week will cause disruptions, but says it’s been reaching out to registrars with legit registrations to minimize the turbulence for their customers.

Verisign wipes free TLDs from the world stats

Kevin Murphy, April 19, 2022, Domain Registries

The number of domain names registered globally dropped by over 25 million in the first quarter, but only because Verisign has stopped tracking .tk and its free sister ccTLDs in its quarterly estimates.

The latest Domain Name Industry Brief says that 2021 ended with 341.7 million registrations across all TLDs, substantially fewer that the 367.3 million it reported at the end of the third quarter.

But this is only because Verisign has decided to no longer count the six Pacific and African ccTLDs managed by Freenom, notably .tk, which had contributed 24.7 million names to the Q3 tally.

The report says: “the .tk, .cf, .ga, .gq and .ml ccTLDs have been excluded from all applicable calculations, due to an unexplained change in estimates for the .tk zone size and lack of verification from the registry operator for these TLDs.”

It sounds rather like there’s been another weird fluctuation in .tk’s numbers that threw off the overall trend picture again, and Verisign’s basically said “to hell with it” and decided to exclude Freenom from its reports from now on.

This means the normalized numbers for Q4 2021 — ignoring Freenom in all applicable quarters — are 341.7 million, up 3.3 million or 1.0% sequentially and up 1.6 million or 0.5% year over year, the DNIB states.

The Freenom business model is to give domains away for free, mostly, in the first instance. It makes its money by retaining and monetizing domains that either expire or, frequently, which it suspends for abuse.

.tk domains never get deleted, in other words, so counting them alongside TLDs with the industry-standard business model could give a misleading impression of the global demand for domain names.

It’s not so much that counting spam domains is bad — every TLD has a spam problem to a greater or lesser extent — but the lack of deletions can create faulty assumptions.

It’s also never been clear how Verisign and its third-party researcher, ZookNic, acquires its data on Freenom TLDs. Its .tk figure would often remain static for quarters on end, suggesting the data was only sporadically available.

I also tracked .tk’s published numbers independently for many years, and the last figure I have, from March 2019, is 41.3 million. It’s never been clear to me why the Verisign/ZookNic number has always been so much lower.

Verisign has always flagged up any oddities caused by .tk in its DNIB, and every edition has contained a footnote describing Freenom’s unusual practices.

The latest DNIB (pdf) says that .com had 160 million names, up 1.2 million, and .net had 13.4 million, down about 100,000, compared to Q3.

ccTLDs overall had 127.4 million, up about 700,000, a 0.6% sequential increase.

The ccTLD number was down by 5.3 million, or 4.0%, compared to the end of 2020, but that was due to a 9.4 million-name deletion by China’s .cn, which I noted in the second quarter and which Verisign calls a “registry-implemented zone reduction”.

Ignoring China, ccTLD names were up 4.1 million or 3.8%, the DNIB says.

Verisign only breaks out the top 10 ccTLDs separately, so the removal of .tk means that Australia’s .au is now in the top 10 list in tenth place with 3.4 million at the end of Q4. It will likely move up the ranks in the first quarter due to the release of second-level names, which has sped up its growth rate.

France’s .fr, with 3.9 million names, has now entered the overall top 10 TLDs due to .tk’s removal.

New gTLDs grew by 1.2 million names or 5.1% sequentially, but were down by pretty much the same amount annually, ending 2021 with 24.7 million names.

Free domains registrar gets FOURTH breach notice

Kevin Murphy, April 21, 2020, Domain Registrars

OpenTLD, the company that offers free and at-cost domain names under the Freenom brand, has received its fourth public breach of contract notice from ICANN.

The alleged violation concerns a specific expired domain — tensportslive.net — which was until its expiration last November hosting a Pakistani cricket blog.

ICANN claims OpenTLD failed to hand over copies of expiration notices it sent to the former registrant of the name, which expired November 12, despite repeated requests.

The blogger seems to have been royally screwed over by this situation.

ICANN first started badgering OpenTLD for its records on December 23, presumably alerting the company to the fact that its customer had a problem, when the domain had expired but was still recoverable.

ICANN contacted the registrar four more times about the domain before February 1, when it dropped and was promptly snapped up by DropCatch.com.

The public breach notice (pdf) was published February 27. OpenTLD has apparently since provided ICANN with data, which is being reviewed.

But it’s the fourth time the registrar has found itself in serious trouble with ICANN.

It got a breach notice in March 2015 after failing to file compliance paperwork.

Later that year, ICANN summarily suspended its accreditation — freezing its ability to sell domains — after the Dutch company was found to have been cybersquatting rival registrars including Key-Systems and NetEarth in order to poach business away from them.

That suspension was fought in an unprecedented arbitration case, but ICANN won and suspended the accreditation again that August.

It got another breach notice in 2017 for failing to investigate Whois accuracy complaints, which ICANN refers to in its current complaint.

OpenTLD/Freenom is perhaps best known as the registry for a handful of African ccTLD and Tokelau’s .tk, which is the second-largest TLD after .com by volume of registered domains.

Its business model is to give the names away for free and then monetize them after they expire or are deleted for abuse. In the gTLD space, it says it offers domains at the wholesale cost.

According to SpamHaus, over a third of .tk domains it sees are abusive.

Emoji domains get a 😟 after broad study

Kevin Murphy, October 28, 2019, Domain Tech

Domain names containing emojis are a security risk and not recommended, according to a pretty comprehensive review by an ICANN study group.
The Country-Code Names Supporting Organization has delivered the results of its 12-person, 18-month Emoji Study Group, which was tasked with looking into the problems emoji domains can cause, review current policy, and talk to ccTLD registries that currently permit emoji domains.
The ESG didn’t have a lot of power, and its recommendations are basically an exercise in can-kicking, but it’s easily the most comprehensive overview of the issues surrounding emoji domains that I’ve ever come across.
It’s 30 pages long, and you can read it here (pdf).
Emojis are currently banned in gTLDs, where ICANN has to approve new Unicode tables before they can be used by registries at the second level, under its internationalized domain name policy, IDNA 2008.
But ccTLDs, which are not contracted with ICANN, have a lot more flexibility. There are 15 ccTLDs — almost all representing small islands or low-penetration African nations — that currently permit emoji domains, the ESG found.
That’s about 6% of Latin-script ccTLDs out there today. These TLDs are .az, .cf, .fm, .je, .ga, .ge, .gg, .gq, .ml, .st, .to, .tk, .uz, .vu, and .ws.
Five of them, including .tk, are run by notorious freebie registry Freenom, but perhaps the best-known is .ws, where major brands such as Budweiser and Coca-Cola have run marketing campaigns in the past.
The main problem with emojis is the potential for confusing similarity, and the ESG report does a pretty good job of enumerating the ways confusability can arise. Take its comparison of multiple applications’ version of the exact same “grinning face” emoji, for example:
Emoji comparison
If you saw a domain containing one of those in marketing on one platform, would you be able to confidently navigate to the site on another? I doubt I would.
There’s also variations in how registrars handle emojis on their storefronts, the report found. On some you can search with an emoji, on others you’ll need to type out the xn-- prefixed Punycode translation longhand.
In terms of recommendations, the ESG basically just asked ICANN to keep an eye on the situation, to come to a better definition of what an emoji actually is, and to reach out for information to the ccTLDs accepting emojis, which apparently haven’t been keen on opening up so far.
Despite the lack of closure, it’s a pretty good read if you’re interested in this kind of thing.

Verisign report deletes millions of domains from history

Verisign has dramatically slashed its estimates for the number of domains in existence in its quarterly Domain Name Industry Brief reports, two of which were published this week.
The headline number for the end of the fourth quarter is 329.3 million, a 0.7% increase sequentially and a 6.8% increase annually.
But it’s actually a lower number than Verisign reported in its second-quarter report just five months ago, which was 334.6 million.
The big swinger, as you may have guessed if you track this kind of thing, was .tk, the Freenom ccTLD where names are given away for free and then reclaimed and parked by the registry when they are deleted for abuse expire.
It seems a change in the way .tk is counted (or estimated) is the cause of the dip.
Verisign gets its gTLD data for the report from ICANN-published zone files and its ccTLD data from independent researcher Zooknic.
Problem is, Zook hasn’t had up-to-date data on .tk for a couple of years, so every DNIB published since then has been based on its December 2014 numbers.
But with the Q3 report (pdf), Zook revised its .tk estimates down by about six million names.
In earlier reports, the ccTLD was being reported at about 25 million names (exact numbers were not given), but now that’s been slashed to 18.7 million, relegating it to the second-largest ccTLD after China’s .cn, which has 21.1 million.
I’ve asked Freenom to confirm the latest numbers are correct and will update this post if I get a response.
Verisign does not say what caused the decision to scale down .tk’s numbers, but explains what happened like this:

In Q3 2016, Zooknic reported a significant decline in the .tk zone and restated the estimated zone size of .tk for each quarter from Q4 2014 through Q3 2016 using a proprietary methodology. As a result, for comparative purposes of this DNIB to the Q3 2016 DNIB and the Q4 2015 DNIB, Verisign has applied an updated estimate of the total zone size across all TLDs for Q3 2016 of 327.0 million and Q4 2015 of 307.7 million and an updated estimate of the total ccTLD zone size for Q3 2016 of 140.1 million and Q4 2015 of 138.1 million.

Apples-to-apples comparisons in the Q4 report show the ccTLD universe was up to 142.7 million names, a 1.8% sequential increase and up 3.1% on 2015. Excluding .tk, annual growth was 6.9%.
Verisign’s own .com and .net combined grew 1.7% to 142.2 million names at the end of the year, one percentage point smaller than their 2015 growth.
The full Q4 report can be read here (pdf).

OpenTLD suspension reinstated

Kevin Murphy, August 25, 2015, Domain Registrars

ICANN has suspended OpenTLD’s ability to sell gTLD domain names for the second time, following an arbitration ruling yesterday.
OpenTLD, part of the Freenom group, will not be able to sell gTLD names or accept inbound transfers from tomorrow — about two hours from now — to November 24, according to ICANN’s web site.
That doesn’t give the company much time to make the required changes to its web site and registrar systems.
As reported earlier today, OpenTLD lost its battle to have the suspension frozen in arbitration with ICANN.
The arbitrator agreed with ICANN Compliance that the registrar cybersquatted its competitors and has not yet done enough to ensure that it does not do the same again in future.

Yes, you are dangerous, arbitrator tells “cybersquatter” OpenTLD

Kevin Murphy, August 25, 2015, Domain Registrars

Free domains provider OpenTLD has been dealt a crushing blow in its fight against the suspension of its Registrar Accreditation Agreement.
ICANN is now free to suspend OpenTLD’s RAA, due to the company’s “pattern of cybersquatting”, following a decision by an independent arbitrator.
The arbitrator ruled yesterday that OpenTLD’s suspension should go ahead, because “OpenTLD’s continued operation could potentially harm consumers and the public interest.”
The 90-day suspension was imposed by ICANN Compliance in June, after it became aware that OpenTLD had lost two UDRP cases filed by competing registrars.
WIPO panelists found in both cases that the company had infringed its competitors’ trademarks in order to entice resellers over to its platform.
The suspension was put on hold voluntarily by ICANN, pending the arbitrator’s ruling on OpenTLD’s request for emergency stay. That request was conclusively rejected yesterday.
The arbitrator wrote:

the Arbitrator has little doubt that the multiple abusive name registrations made by OpenTLD, each of which included the registered mark of a competing domain name registrar and OpenTLD’s subsequent use of those domains… formed part of a broad concerted effort by OpenTLD calculated to deliberately divert name registration business, otherwise destined for competing domain name registrars… away from those registrars to OpenTLD instead.

He wrote that OpenTLD needs to put a process in place to prevent similarly cybersquatty behavior in future, rather than just making a commitment to changing its ways.
It’s pretty harsh stuff.
OpenTLD said recently that a suspension would “devastate” and “decimate” its business, due to the intertwining of its massive ccTLD business and rather smaller gTLD platform, but the arbitrator thought a technology workaround would be rather simple to implement.
No RAA means no gTLD sales and no inbound transfers.
OpenTLD is part of Freenom, which runs .tk and other free-to-register ccTLDs.
The company’s only ray of sunlight in the ruling is that the arbitrator said the costs of the proceeding should be split equally, not all falling on OpenTLD’s shoulders.
ICANN has not yet re-instituted the suspension, but it could come soon.
The full ruling can be read here.

OpenTLD says suspension would “devastate” its business

Kevin Murphy, August 14, 2015, Domain Registrars

OpenTLD has fired off its newest salvo in its ongoing cybersquatting dispute with ICANN, saying the ICANN-imposed suspension would “devastate” its business.
The company has also addressed many of ICANN’s cybersquatting allegations, while failing to deny it squatted on two competitors’ trademarks.
In its latest arbitration filing (pdf), OpenTLD said: “Quite simply, the suspension of OpenTLD’s ability to offer gTLD registrations and inbound transfers would decimate its unique business model.”
ICANN had argued that the suspension of its registrar accreditation was no big deal because its gTLD domain base is measured in the low thousands, whereas the total domains under management of parent Freenom, which offers free domains in .tk and other ccTLDS, is in excess of 25 million.
But OpenTLD said the two businesses as “deeply intertwined” and separating the two would impair its ability to do business.
ICANN is pushing for the suspension because OpenTLD lost two UDRP cases earlier this year. Both were filed by competitors — Key-Systems and NetEarth — who accused the registrar of attempting to lure resellers to its platform by infringing rivals’ trademarks.
ICANN has since followed up by accusing OpenTLD of continuing to cybersquat famous brands, including Google and Facebook, even after the suspension notice was issued. These claims, as I noted last week, are very dubious, however.
In its latest filing, OpenTLD denies that any of those domains — all of which use its privacy service — were registered by itself. It goes so far as to name the actual registrants.
But it fails to deny that it was the true registrant of the Key-Systems and NetEarth domains lost in the UDRP cases.
Rather, it focuses on ICANN’s claims that it committed “cyberflight” by deleting the UDRP’d domains rather than allowing them to be transferred to the trademark owners.
It admits that the domains were deleted but said this was “inadvertent” and that it attempted to transfer them to its competitors later.
OpenTLD wants the threatened suspension stayed.
The case continues. A decision by the arbitration panel is expected August 24.