Recent Posts
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
- $2 million Christmas bonus for ICANN
- Another VW car dot-brand crashes out
- Largest back-end switch EVER as GoDaddy loses deal
- Yeah, we got phished, ICANN admits after crypto hack
- ICANN hacked to promote crypto scam
- Super Bowl a bit of a dud for .com?
- More gloom predicted for .com
- These are the .gov domains Trump has deleted so far
- Did Trump just create the world’s next ccTLD?
- $3,000 to do a Whois lookup?
- PIR to join GlobalBlock, but its crown jewel won’t
- LA wildfire victims get domain deletes delay
- .free domains to finally arrive as Amazon reveals three gTLD launches
- Six more gTLDs shown the door, five may be auctioned
- Registrar terminated after ignoring Whois transition
- $10 million ICANN giveaway winners picked
- Whois officially died today
- Typo left MasterCard open to hackers for years
- Could ICANN approve an R-word gTLD?
- These are the TLD growers and shrinkers of 2024 (part two)
- GoDaddy ordered to stop lying about crappy security
- These are the TLD growers and shrinkers of 2024 (part one)
- Dead terrorist domains for sale, just without the hyphens
- ICANN eyes more price hikes as it predicts dismal year for industry
- Meet the six people battling to join ICANN’s board
- New gTLD use cases not much use
- Defensive dot-brands are renewing, making ICANN millions
- Identity Digital offers free domain trials through LinkedIn
- Antisemitic remarks cost registrar dearly
- ICANN lawyers want to keep their clients secret
- Facebook cybersquatter asks ICANN to overturn UDRP ruling
- .xxx founder Stuart Lawley has died
- The new gTLD Next Round is really happening as two ICANN programs go live
- Verisign has much to be thankful for as .com contract renewed
- Another 40,000 .ai domains registered
- RDRS usage hits new low
- A dot-brand that was actually used is shutting down
- .id joins the million-domain club
- GoDaddy’s .xxx contract renewed
- Twitter clone Bluesky has one feature domain people should like
- ICANN confirms two bans on new gTLD gaming
- eBay slogan domain no longer has a BIN price
- Will Donald Trump be .io’s white knight?
- As customers flee legacy gTLDs, .org tops 11 million names
- Company accidentally puts porn domain on kids’ toys
- eBay’s new slogan looks like a $75,000 domain it doesn’t own
- Americans are deserting .com
- Weak Q3 for the domain universe, Verisign reports
- ICANN says it WILL raise its domain taxes soon
- Senator says domain industry “enables” Russian disinfo attacks
- bit.ليبيا? Libya to get its Arabic ccTLD
- Verisign gets eight more years running the root
- Two-horse race for open ICANN board seat
- Chinese say internet not ready for single-letter gTLDs
- Unloved INTA slams ICANN over new gTLDs
- Namecheap scores win in .org price-cap lawsuit
GoDaddy loses last Amazon business to Identity Digital
GoDaddy appears to have lost the last remnants of its Amazon back-end registry services deal.
IANA records show that GoDaddy was recently replaced by Identity Digital as the technical contact for all of the remaining 12 gTLDs it was serving.
The gTLDs in question are: .coupon, .song, .zero and the IDNs .ストア, .セール, .家電, .クラウド, .食品, .ファッション, .書籍, .ポイント and .通販, which are generic terms for things like “fashion” and “books”.
Five of the IDNs have actually launched and have been generally available for years, but they’re been phenomenally unsuccessful — the largest zone has just 146 domains in it. The remaining seven are dormant, unlaunched.
Amazon originally used GoDaddy (then Neustar) for all 54 of the gTLDs it successfully applied for back in the 2012 gTLD application round, but it switched all but 12 of them to Nominet back in 2019, where they remain today.
Zoom says GoDaddy took it down for hours
A screwup by MarkMonitor and GoDaddy was responsible for a two-hour outage affecting Zoom’s videoconferencing services yesterday, according to the company.
The widely used services were offline between 1825 and 2012 UTC yesterday because GoDaddy Registry, apparently acting under MarkMonitor’s instructions, shut down the zoom.us domain.
Screenshots posted to social media show zoom.us returning an NXDOMAIN error in web browsers. In-progress conference calls were reportedly shut off mid-stream.
Zoom said in a statement:
On April 16, between 2:25 P.M. ET and 4:12 P.M. ET, the domain zoom.us was not available due to a server block by GoDaddy Registry. This block was the result of a communication error between Zoom’s domain registrar, Markmonitor, and GoDaddy Registry, which resulted in GoDaddy Registry mistakenly shutting down zoom.us domain.
Zoom, Markmonitor and GoDaddy worked quickly to identify and remove the block, which restored service to the domain zoom.us. There was no product, security, network failure or Distributed Denial of Service (DDoS) attack at Zoom during the outage. GoDaddy and Markmonitor are working together to prevent this from happening again.
It’s not entirely clear what is meant by “server block”, but it sounds consistent with a serverHold EPP status, where a registry prevents a domain from resolving in the DNS.
GoDaddy is the registry for .us domains. MarkMonitor is a hands-on corporate registrar dealing primarily with high-value brand clients.
Zoom is the incredibly popular conferencing service that grew to such popularity during the pandemic one could almost argue that it could be considered critical infrastructure.
While two hours downtime is hardly the end of the world, it’s still one hell of a screwup.
.co deal worth $77 million up for grabs
The Colombian government has put the contract to run .co out for bidding, and it looks like the successful registry could make as much as $77 million over the lifetime of the deal.
GoDaddy currently runs .co through its subsidiary .CO Internet, which it acquired when in bought Neustar five years ago. The government’s RFP does not rule out the incumbent reapplying despite some friction in the past.
It’s not simply a back-end registry services deal. The successful registry will have to be the public face of .co too, handling front-of-house services and marketing as well.
Extrapolating from some figures and formulas in the RFP, it seems GoDaddy’s share (19% of the total revenue) has worked out to about $7.7 million a year on average over the last five years. The new contract would be a 10-year deal.
But is .co on the decline? According to the RFP, the were 3,217,570 .co domains in January this year, down from 3.4 million in 2022 and 3.3 million in 2023. Numbers for 2024 were not included.
That downward trend may merely be the post-Covid slump experienced by many TLDs. Indeed, when the current contract was signed in 2020, there were just 2.3 million .co domains under management, so GoDaddy’s done a pretty good job of growing the namespace.
Largest back-end switch EVER as GoDaddy loses deal
It’s going to be the largest ever migration of a single TLD between back-end registry service providers, but it was announced without fanfare late last week.
On page four of Tucows CEO Elliot Noss’s prepared fourth-quarter remarks to analysts last week, he revealed the company has beaten GoDaddy to take over the contract to run India’s .in ccTLD:
Tucows Domains was recently selected to be the technical services provider for the .IN country code domain, operated by the National Internet Exchange of India. Our teams are closely collaborating and we are establishing a dedicated team in India to support this initiative
Noss said that the migration involves “approximately 4 million domains” and will take place “later this year”.
While NIXI does not publish its registration numbers, Verisign’s Domain Name industry Brief put .in at 4.1 million names at the end of 2024.
Even accounting for upwards rounding by Noss, 4 million names would make the migration the largest in the history of the DNS.
The current record was set in 2018, when Afilias (now Identity Digital) took over Australia’s .au from Neustar (now GoDaddy. There were 3.1 million names in .au at that time.
When Neustar/GoDaddy took over .in from Afilias/Identity Digital in 2019, it was reportedly because it had bid $0.70 per domain, undercutting the incumbent’s offer of $1.10
But, while the deal is surely worth many millions (maybe $10 million over five years if we guess at a $0.50 bid) to Tucows’ top line, it may not be especially profitable.
Noss said in his remarks to analysts: “The pricing and margin contribution for this piece of business is typical of a large, high volume customer.”
But a demonstrable track record of handling large migrations often comes up in registry RFPs, so the .in deal puts Tucows in a strong position in future contract opportunities.
Super Bowl a bit of a dud for .com?
Having two of its largest registrars advertising during Sunday’s Super Bowl broadcast doesn’t seem to have given Verisign’s declining .com flagship much of a boost.
According to numbers published on the company’s web site, .com has grown by about 30,000 domains in the last two days.
While that’s certainly not to be sniffed it, it’s well within the parameters of a normal day’s operation for .com. The TLD’s zone file shrinks more days than it grows nowadays, but five-figure daily upticks are not uncommon.
GoDaddy and Squarespace both took out 30-second spots during the Super Bowl. Both featured high-profile actors and had high production values, but neither mentioned domain names once.
GoDaddy’s focused on its Airo tool and Squarespace’s… goodness knows what that was all about.
Verisign CEO Jim Bidzos last week told analysts that the two commercials were a sign that its registrar partners are starting to focus more on customer acquisition, which should help .com return to growth.
GoDaddy ordered to stop lying about crappy security
GoDaddy has agreed to roll out some pretty basic security measures and has been told to stop lying about how secure its hosting is, under an agreement with US regulators.
It turns out that the company, while claiming that security “was at the core of everything we do”, was failing to do some pretty basic stuff like installing software patches, retiring end-of-life servers, or securing internet-facing APIs.
Its settlement with the Federal Trade Commission finds that GoDaddy engaged in “false or misleading” advertising and orders that it “must not misrepresent in any manner” its security profile in future.
The FTC complaint (pdf), filed in 2023 after reports of mass hacking incidents, states:
Despite its representations, GoDaddy was blind to vulnerabilities and threats in its hosting environment. Since 2018, GoDaddy has violated Section 5 of the FTC Act by failing to implement standard security tools and practices to protect the environment where it hosts customers’ websites and data, and to monitor it for security threats.
The complaint says that GoDaddy had a slack patching regime that was left up to individual product teams to execute, with no centralized management.
This meant thousands of boxes in its Shared Hosting environment were subject to critical vulnerabilities that allowed bad guys to get in and steal data such as user credentials and credit card info for months.
The complaint also describes a custom internet-facing API designed to enable customer support staff to access details about managed WordPress users, such as login credentials.
This API was apparently open to the internet, unfirewalled, used plaintext for credentials, and had no multi-factor authentication in place, again enabling hackers to steal data.
One or more “threat actors” abused this lax security to pwn tens of thousands of servers between October 2019 and December 2022, according to the complaint.
The settlement (pdf), in which GoDaddy does not admit or deny any wrongdoing, does not come with an associated fine.
Instead, GoDaddy has agreed to a fairly extensive list of requirements designed to increase the security of its hosting services.
ICANN lawyers want to keep their clients secret
IP lawyers in the ICANN community have come out swinging against proposed rules that would require them to come clean about who they work for, rules that are supported by registrars and governments.
A proposed policy that would force lawyers to disclose the identities of their clients when they participate in policy-making would violate their clients’ human rights, according to the Intellectual Property Constituency.
The criticisms came in response to an ICANN public comment period on a draft Community Participant Code of Conduct Concerning Statements of Interest, which opened in October and closed this week.
The draft would close a loophole that allows ICANN policy makers to keep their potential conflicts of interest secret when “professional ethical obligations” prevent them from disclosing this information.
“When disclosure cannot be made, the participant must not participate in ICANN processes on that issue,” the draft states.
The changes are keenly supported by the Registrar Stakeholder Group as a whole and by GoDaddy and Tucows in particular. As far as the registrars are concerned, the main problem with the draft is the somewhat vague enforcement mechanisms.
GoDaddy, for example, said in its comments:
We recognize that there may be situations in which a party is unable to disclose their client(s), and in those rare cases, GoDaddy agrees with ICANN’s conclusion that the participant forfeits the ability to participate in associated processes.
It added, echoing the RrSG as a whole, that more clarity is needed on enforcement, where the buck seems to stop with the chair of the working group where the disclosure infraction is alleged to have taken place, with no escalation.
On the opposing side are the IPC, the Business Constituency, and the International Trademark Association, which all filed comments criticizing the proposed changes. The IPC said:
The often-argued response of having attorneys not participate if they fail to uphold their ethical duty to their clients effectively vitiates the human right of representation by counsel and is not for the public benefit. ICANN has agreed to uphold human rights and therefore counsel cannot be compelled to disclose client identity.
Two of the concerns from lawyers is that the policy could require their clients to divulge trade secrets, such as whether they intend to apply for a new gTLD in the forthcoming application round.
Perhaps anticipating the Governmental Advisory Committee’s expected support for the policy changes, which was no secret, the IPC also raises the specter of the policy being broad enough to apply to the governments themselves: should they all be compelled to reveal the names of all the lobbyists who knock on their doors?
This forcing of transparency of national interest would significantly inhibit GAC members from fulfilling their role. Imagine a GAC member from one country filing an SOI saying that their government was being lobbied by numerous parties to gain favor in the New gTLD Rounds?
The GAC’s response to the public comment period was in fact cautiously supportive of the rule changes, saying:
Prima facie, the proposal referring to Statements of Interests seems to be in the right direction, and to fulfil the expectations expressed by the GAC. At the same time, the GAC looks forward to the reactions from ICANN org to the views expressed during the public comment period
Like the registrars, the GAC is looking for more clarity on enforcement mechanisms.
The public comments will by summarized for publication mid-December and the ICANN board could take action on the proposals next year.
GoDaddy’s .xxx contract renewed
GoDaddy’s .xxx gTLD will no longer be “sponsored”, following a vote of ICANN’s board of directors last week.
At its ICANN 81 AGM in Istanbul, the board approved the renewal of GoDaddy subsidiary ICM Registry’s Registry Agreement.
The new deal closely follows the text of the standard RA most other gTLDs use, scrapping restrictions that GoDaddy found onerous but which were vital in getting the deal approved in the first place back in 2011.
It means the end of IFFOR, the International Foundation For Online Responsibility, the largely toothless oversight body that had been tasked with creating policies and issuing grants to worth causes but arguably did neither.
It also means less friction for the .xxx registration process, as registrants will no longer have to affirm they are members of the “sponsored community”, which never existed in any real sense anyway.
Some elements of the original sponsorship agreement, such as strict prohibitions on child sexual abuse material and the suggestion thereof, have been moved to Public Interest Commitments that ICANN could in theory enforce.
In its resolution text, ICANN noted that the Governmental Advisory Committee, which almost got .xxx killed off a couple decades ago, had not felt strongly enough about the new deal to publicly comment on it one way or the other.
.xxx makes most of its money from defensive registrations. It had almost 45,000 domains under management at the end of June, but barely 7,000 of those appeared in its zone file of the same date. That does not included domains blocked via the AdultBlock and GlobalBlock services, which are not counted in any public document but which I estimate are measured in five figures.
Senator says domain industry “enables” Russian disinfo attacks
An influential US senator has accused major registries and registrars including GoDaddy and Namecheap of facilitating Russian disinformation campaigns.
Senator Mark Warner, the Democrat chair of the Senate Select Committee on Intelligence, told registrars that “legislative remedies” may be required unless they “take immediate steps to address the continued abuse of your services for foreign covert influence”.
The threat came in letters sent to registrar groups Namecheap, GoDaddy, Cloudflare, NewFold Digital, NameSilo, and .com registry Verisign today.
Warner’s letters seem to have been inspired by Facebook owner Meta, perhaps the domain industry’s most prolific antagonist, and align closely with Meta’s views on issues such as cybersquatting and Whois access.
The criticisms also stem from a recent FBI seizure of 32 domains that were being use to proliferate fake news about the invasion of Ukraine and the upcoming US presidential election.
The Russian campaign, known as Doppelganger, used domains such as fox-news.in and washingtonpost.pm to trick visitor into thinking they were reading news sources they trust.
Warner tells the registrars (pdf) they have “ostensibly facilitated sustained covert influence activity by the Russian Federation and influence networks operating on its behalf”.
The main concern appears to be the lack of access to private information in Whois records. Warner’s list of industry sins includes:
withholding vital domain name registration information from good-faith researchers and digital forensic investigators, ignoring inaccurate registration information submitted by registrants, and failing to identify repeated instances of intentional and malicious domain name squatting used to impersonate legitimate organizations
Warner called for “immediate” action “to address the continued abuse of your services” as the US presidential election looms, and in its aftermath. Voters go to the polls November 5.
Former .co registry defeated in $350 million contract fix case
The Neustar spin-off that once operated the .co TLD reportedly has lost a case against the Colombian government in which it had sought $350 million in damages over the acrimonious renewal of its registry contract.
According to local reports, the International Center for the Settlement of Investment Disputes, part of the World Bank, last week ruled in favor of Colombia on both the merits and on jurisdictional grounds.
The case had been brought in late 2019 by Neustar, which at the time managed some 2.3 million .co domains, under government contract, via a Colombian subsidiary it acquired in 2014.
Neustar has since been acquired by GoDaddy, which continues to run .co, but the ICSID case was inherited by Vercara, the DNS security services arm of the company that GoDaddy didn’t buy.
As .CO Internet, Vercara was hired by Colombia to turn .co into a global alternative to .com with a much-hyped 2010 relaunch. It was very successful, but when it came time to renew the initial 10-year contract, Colombia instead put it out for rebid and started behaving very strangely.
You may recall from coverage here on DI and on The Register that the Colombian tender process seemed to have been specially constructed so that only Afilias, then Neustar’s fiercest rival and now part of Identity Digital, could win.
The government’s RFP had set technical thresholds, such as daily registry transactions, that Afilias could show it met but Neustar could not. It looked naive and arbitrary at best and dodgy at worst.
So Neustar took Colombia to arbitration with ICSID, saying (pdf) the government was in breach of the Trade Promotion Agreement between the US and Colombia.
Neustar ended up winning the contract anyway, albeit on terms that were massively more favorable to the government, and it sold its entire registry services business to GoDaddy days later.
Now, almost five years later, it seems Vercara has lost the case it inherited. While ICSID has not yet published its arbitration panel’s decision, local newspapers have got hold of a copy.
Colombia’s oldest newspaper, El Spectador, reports: “The court, in addition to stating that it does not have jurisdiction to hear Vercara’s claims, rejected all the claims on the merits.”
In unrelated news, Vercara’s recently announced acquisition by DigiCert closed yesterday.
Recent Comments