Latest news of the domain name industry

Recent Posts

With mystery auction winner, .sexy prices go from $25 to $2,500

Kevin Murphy, March 28, 2022, Domain Registries

UNR is increasing the annual price of a .sexy domain from $25 to over $2,000, according to registrars.

The price increase will hit from April 30, according to registrars, but will not affect renewals on domains registered before that date.

French registrar Gandi said its retail price for a .sexy name will increase from $40 to $2,750. That’s after its mark-up. Belgian registrar Bnamed said in January prices were about to get 100 times more expensive.

The current wholesale price for .sexy is believed to be $25 a year. I’m guessing it’s going up to about $2,500, which is a price tag UNR has previously experimented with for its car-related gTLDs.

UNR CEO Frank Schilling has previously defended steep price increases for TLDs that under-perform volume-wise.

.sexy had barely 6,000 names under management at the last count, having peaked at about 28,000 in 2017.

The question is: who’s decided to increase the prices? Did .sexy actually sell when UNR tried to offload its portfolio last year, or is UNR keeping hold of it?

.sexy was among the 23 gTLD contracts UNR said it sold, mostly at auction, about a year ago. But it’s not one of the ones where the buyer has been yet disclosed.

The gTLDs UNR said it sold were: .audio, .blackfriday, .christmas, .click, .country, .diet, .flowers, .game, ,guitars, .help, .hiphop, .hiv, .hosting, .juegos, .link, .llp, .lol, .mom, .photo, .pics, .property, .sexy and .tattoo.

Of those, a new company called Dot Hip Hop bought .hiphop and XYZ.com bought .audio, .christmas, .diet, .flowers, .game, .guitars, .hosting, .lol, .mom and .pics.

ICANN has approved those 11 contract reassignments — after some difficulty — and said that there are six remaining in the approval process.

That only adds up to 17, meaning there are six more that UNR said it sold but for which it had not, as of a week ago, requested a contract transfer.

But in May last year, UNR “announced gross receipts of more than $40 million USD for its 20+ TLDs”, said there had be 17 participating bidders, and that 10 to 20 had “came away as winners, including six who will be operating TLDs for the first time”.

That leaves with at least five as-yet undisclosed winners from outside the industry, six contract transfers outstanding, and six gTLDs with an unknown status.

Neither UNR nor ICANN have been commenting on the status of pending transfers.

Gandi says it supports Ukraine but WON’T cut off Russians

Gandi has become the latest large registrar to issue a statement about the war in Ukraine, saying that while it deplores the violence it won’t be disconnecting Russian customers.

CEO Stephan Ramoin wrote that Gandi “condemns” the invasion and is “working on supporting Ukraine, according to the suggestions of our Ukrainian tech colleagues”, adding:

The internet is about including all humanity and working toward a greater goal, giving every human being a voice and a clear vision of the world, not excluding and antagonizing one group of people against another. That’s why we want to support the people of Russia and Belarus expressing their disagreement with this war. We don’t need to escalate, war is not the answer.

Cutting off Russians and Belarusians would only encourage the creation of different closed worlds and digital networks. We have chosen to hold out our hand to these people. We are not at war with them. Only their leaders, and their madness, need to be stopped. We will of course react quickly against war propaganda of any kind.

The statement follows those coming from Namecheap and IONOS, which have both this week announced their intentions to remove most Russian and Belarusian customers.

Based in Paris, Gandi is one of the oldest registrars and has over 1.3 million gTLD domains under management.

.forum sunrise period will cost less than half the regular reg fee

Kevin Murphy, November 13, 2020, Domain Registries

Trademark owners rejoice! There’s a new gTLD registry seemingly not bent on ripping you off during its sunrise period.

Those defensively registering their marks in .forum, which begins its sunrise period on Monday, in some cases could find themselves paying less than half the regular registration fee.

French registrar Gandi today said that its sunrise retail price is $452.13, versus a genera availability price of $1,042.08, and prices at other participating registrars appear to be roughly in line.

.forum’s is being managed by MMX, though the ICANN gTLD contract appears to still belong to original applicant Fegistry.

The first-come, first-served sunrise period will run until December 16. General availability is due to begin.March 2 next year.

I have to admit to finding the $1,000 base registry fee something of a head-scratcher.

I can just about see why gTLDs such as .cars, representing big-ticket niches, can command four-figure reg fees but, anecdotally, I’ve often heard that web forums can be quite expensive to run and difficult to monetize. Hardly obvious candidates for premium-tier recurring prices.

Over 750 domains hijacked in attack on Gandi

Gandi saw 751 domains belonging to its customers hijacked and redirected to malware delivery sites, the French registrar reported earlier this month.
The attack saw the perpetrators obtain Gandi’s password for a gateway provider, which it did not name, that acts as an intermediary to 34 ccTLD registries including .ch, .se and .es.
The registrar suspects that the password was obtained by the attacker exploiting the fact that the gateway provider does not enforce HTTPS on its login pages.
During the incident, the name servers for up up to 751 domains were altered such that they directed visitors to sites designed to compromise unpatched computers.
The redirects started at 0804 UTC July 7, and while Gandi’s geeks had reversed the changes by 1615 it was several more hours before the changes propagated throughout the DNS for all affected domains.
About the theft of its password, Gandi wrote:

These credentials were likewise not obtained by a breach of our systems and we strongly suspect they were obtained from an insecure connection to our technical partner’s web portal (the web platform in question allows access via http).

It’s not clear why a phishing attack, which would seem the more obvious way to obtain a password, was ruled out.
Gandi posted a detailed timeline here, while Swiss registry Switch also posted an incident report from its perspective here. An effected customer, which just happened to be a security researcher, posted his account here.
Gandi says it manages over 2.1 million domains across 730 TLDs.