Latest news of the domain name industry

Recent Posts

ICANN may scrap its $0.18 reg tax in coronavirus “solidarity”

Kevin Murphy, April 28, 2020, Domain Registrars

ICANN is thinking about whether to temporarily waive the $0.18 it charges registrars (and therefore registrants) whenever a gTLD domain name is registered.

Execs said the idea was being considered during a conference call explaining ICANN’s new budget this afternoon.

The idea was floated by GoDaddy policy head James Bladel during the call, and supported by others, but it appears it had already also occurred to ICANN.

Bladel suggested that it might not make a big impact on registrants’ wallets, but that it would be a show of “solidarity” with registrars and registries that have waived domain recovery fees to help registrants that have been hit by coronavirus.

ICANN said it was looking at the idea but did not commit one way or the other.

Should such a waiver come into effect, it’s not clear whether it would be uniformly passed on to registrants.

GoDaddy signs up 30 partners to lockdown-era marketing scheme

Kevin Murphy, April 15, 2020, Domain Registrars

GoDaddy has signed up 30 companies to a new marketing program that it says is designed to help small business keep afloat during the coronavirus lockdown.

It’s called #OpenWeStand, and the company is doing its level best to cast it as a community “movement” rather than a way to shift product as the world stands on the precipice of pandemic-induced recession.

The companies signed up so far are: Acronis, American Express, Association for Enterprise Opportunity, Avetta, BrandCrowd, Brex, ChowNow, Digital Air Strike, Evite, Gift Up!, GoFundMe, Hello Alice, Inc. Media, Kabbage, Keap, Keysight Technologies, Moneypenny, Next Insurance, Next Street, Nextdoor, PayPal, Rocket Lawyer, Ruby, Salesforce, Seed Spot, ServiceTitan, Shaw Academy, Slack, SurveyMonkey, and Zenefits.

What are all these companies offering worried business owners? It’s not entirely clear yet, but the answer so far appears to be primarily: discounts.

Evite, for example, is offering customers a free year of its premium service, which usually goes for $249, according to the OpenWeStand web site.

Customers of GoDaddy that are also customers of collaboration tool Slack will get a 25% discount on any Slack upgrade they buy.

Food delivery aggregator ChowNow says it’s designed a loyalty scheme product designed to put uo-front fees in restaurants’ pockets at a time when delivery is basically their only option.

Inc magazine’s contribution appears to be limited to a pledge to continue publishing.

GoDaddy itself is offering free social media makeovers and marketing services.

There’s not a whole lot more in the way of offers right now, but the site has placeholders for the likes of PayPal, American Express and Salesforce to promote their offerings soon.

In terms of offering advice to small business owners, we’re looking at a collection of GoDaddy blog posts and a LinkedIn group with about 200 members.

It’s obviously far too early to say whether any of this will ultimately be useful or attractive enough to help small businesses survive the lockdown, but I also think it would be churlish to dismiss it as a cynical marketing ploy at this stage.

A slick GoDaddy video promoting #OpenWeStand, which appears to have been voiced by the soothing, avuncular gravel of Donald Sutherland, has received over 12 million views since it was published March 25, so their may be an appetite for this kind of “movement”.

To show new focus on registry, Uniregistry dumps “registry” from its brand. Um…

Uniregistry (or possibly “Uni Registry” or just “Uni”) has announced that it is changing its branding yet again.

UNR logoThe company now wishes to be known as UNR, which stands for Uni Naming & Registry, according to a press release today.

The change is related of course to the acquisition of several former Uniregistry business units — namely the registrar, the portfolio and the marketplace — by GoDaddy. That was announced in February but appears to have just closed.

UNR said it is “singularly focused on registry expansion”. It manages 20-odd of its own gTLDs and offers registry back-end services to others.

Its old web site, uniregistry.com, now displays GoDaddy branding — “Uni, a GoDaddy brand” — and functions as a retail registrar.

UNR is now using unr.link and unr.com, according to the press release. Both, for me, resolve to uniregistry.link — .link is one of the gTLDs UNR runs under ICANN contract.

So, Uniregistry is now a registrar in the GoDaddy stable and UNR is the registry. Or something. Got it? Good.

End of the road for Neustar as GoDaddy U-turns again and buys out its registry biz

GoDaddy has changed its mind about the registry side of the industry yet again, and has acquired the business of Neustar, one of the largest and oldest registries.

The deal will see GoDaddy purchase, for an undisclosed sum, all of Neustar’s registry assets, amounting to 215 TLDs and about 12 million domains.

It means the gTLD .biz is now under the new GoDaddy Registry umbrella, as are the contracts to run the ccTLDs .us, .in, and .co, 130 dot-brand gTLDs and 70 open gTLDs.

Neustar’s registry staff are also being taken on.

“We’re bringing the whole team aboard. One of the things we’re very excited about is bringing the team aboard,” Andrew Low Ah Kee, GoDaddy’s chief operating officer, told DI today.

He added that, due to coronavirus job insecurities wracking many minds right now, GoDaddy has promised its entire workforce that there will be no layoffs in the second quarter.

Nicolai Bezsonoff, currently senior VP of Neustar’s registry business, will run the new unit. He said for him the opportunity for “innovation” was at the heart of the deal.

“We’ve always been one step removed from the customer, so it can be hard to understand what customer wants to do,” he said. “This gives us huge customer insight into what customers want and how they want to use domains.”

Pressed for hypothetical examples of innovation, Bezsonoff floated ideas about selling domains for partial-year periods, or doing more to crack down on DNS abuse.

The deal is an example of “vertical integration”, which has been controversial due to the potential risk of a dominant registry playing favorites with its in-house registrar, or vice versa.

While registries such as Donuts, CentralNic and until recently Uniregistry vertically integrated with little complaint, the industry is currently nervous about Verisign’s newfound ability under its ICANN contract to own and run a registrar.

Because GoDaddy is the Verisign — the runaway market leader — of the registrar side of the industry, one might expect this deal (expected to close this quarter) to get more scrutiny than most.

But the company says it’s going to “strictly adhere to a governance model that maintains independence between the GoDaddy registry and registrar businesses”.

Low Ah Kee said that this means the registry and registrar “won’t share any information that gives or appears to given any unfair advantage” to the GoDaddy registrar, that their business performance will be assessed separately, and that they’ll be audited to make sure they’re not breaking this separation.

If GoDaddy appears to be preemptively expecting criticism, there’s a good reason why: the proposed acquisition of .org manager PIR by private equity group Ethos Capital has caused huge upset in recent months, and there are some parallels here.

First, like .org, pricing restrictions were lifted in Neustar’s .biz under a contract renewal with ICANN last year. It fell under the radar a little as .biz is substantially smaller, not a legacy gTLD as such, and not widely used.

Like the .org deal, the transfer of control of .biz will also be subject to ICANN’s approval before GoDaddy and Neustar can seal the deal.

Could we be looking at another big public fight over a gTLD acquisition?

But unlike Ethos with .org, GoDaddy says it has no intention of raising prices with .biz.

“We will not be raising prices, in fact we will look into reducing prices for some TLDs,” Bezsonoff said.

One TLD where one assumes prices won’t be going down is .co, where Neustar has just had its margins massively slashed by the Colombian government.

The acquisition was announced just days after the Colombian government announced that it has renewed its contract with Neustar to run .co for another five years, but under financial terms hugely more favorable to itself.

Whereas the initial 10-year term saw the government being paid 6% to 7% of the .co take, that number has soared to 81%, making .co — arguably Neustar’s registry crown jewel — a substantially less-attractive TLD to manage.

One assumes that the acquisition price would have fluctuated wildly based on the outcome of the .co renegotiation, but the GoDaddy/Neustar execs I talked to today didn’t want to talk about terms.

GoDaddy’s history with the registry side of the business has been changeable.

As far as ICANN contract is concerned, it is already a registry because it owns the .godaddy dot-brand. But that’s currently unused, with the registry functions outsourced to — cough — Neustar’s arch-rival Afilias.

Given Neustar’s religious devotion to the dot-brand concept, and the weirdness of using one of your primary competitors for a key function, one might expect both of those situations to change.

GoDaddy did also apply for .casa and .home back in 2012, but changed its mind and abandoned both bids fairly early in the process.

The sudden excitement about the registry business today begs the question of why GoDaddy didn’t buy Uniregistry’s registry business at the same time as it bought its secondary market and registrar earlier this year, but apparently it was not for sale.

Following the acquisition, Neustar is keeping its DNS resolution services and GoDaddy will continue to use them, so Neustar is not entirely out of the domain game, but it looks like the end of the road for Neustar as a brand I regularly report on.

The registry started life in 2000 as “NeuLevel”, a joint-venture between Neustar and Aussie registrar Melbourne IT formed to apply to ICANN for new gTLDs. It wanted .web, but got .biz, which now has about 1.7 million names under management, down from a 2014 peak of 2.7 million.

ICANN expects “significant” budget impact from coronavirus

Kevin Murphy, April 7, 2020, Domain Policy

The ongoing coronavirus pandemic is expected to have a “significant” impact on ICANN’s budget, according to an update from the organization.

The organization published its expectations of a $140.4 million budget for the fiscal year that begins this July last December, and opened it up for public comments.

In its summary of those comments (pdf), which had a February 25 deadline and therefore were not focused on the pandemic’s potential impact, ICANN said:

the COVID-19 pandemic is affecting significantly the entire world. ICANN expects that its activities and financial position will be significantly impacted as well. The ICANN org is working with the Board to assess and monitor the potential impact to ICANN’s funding, and planned work such as face-to-face meetings, travel, etc.

Any pandemic-related changes to the budget will be published prior to board approval, ICANN said.

So where is ICANN expecting the impact? It’s not entirely clear. I would expect to see some minor gains from slashing its travel budget in the wake of social distance rules, but it’s less obvious where a “significant” shortfall could occur.

ICANN had operational revenue — the money it gets from billing registries and registrars — of $136.8 million in the fiscal year ending June 30, 2019, its most recently reported year (pdf).

Of that total, roughly $56 million came from the market leaders in both segments, Verisign and GoDaddy, both of which have been given glowing analyst coverage since the outbreak began.

One commentator recently wrote that Verisign is “immune” from coronavirus and GoDaddy’s CFO told analysts just last week that he expects the impact of coronavirus to be “minimal” in the first quarter. That could of course change in future.

Almost half of ICANN’s revenue, some $65.7 million, comes from the top 10 registries and registrars.

So is ICANN expecting to see weakness in the long tail, the few thousand accredited registrars and gTLD registries that account for under $1 million in ICANN contributions per year? Is it expecting reduced voluntary contributions from the ccTLDs and Regional Internet Registries?

Will coronavirus cause huge numbers of small businesses to abandon their domains as they go out of business? Will it inspire large numbers of the recently unemployed and quarantined to start up web-based businesses in an attempt to put food on the table? Will it cause large portfolio owners to downsize to save costs?

All of these outcomes seem possible, but these are unprecedented times, and I couldn’t being to guess how it will play out.

ICANN grants Verisign its price increases, of course

Kevin Murphy, March 30, 2020, Domain Registries

ICANN has given Verisign its ability to increase .com prices by up to 7% a year, despite thousands of complaints from domain owners.

The amendments give Verisign the right to raise prices in each of the last four years of its six-year duration. The current price is $7.85 a year.

Because the contract came into effect in late 2018, the first of those four years begins October 26 this year, but Verisign last week said that it has frozen the prices of all of its TLDs until 2021, due to coronavirus.

Not accounting for discounts, .com is already already worth $1.14 billion in revenue to Verisign every year, based on its end-of-2019 domains under management.

In 2019, Verisign had revenue of $1.23 billion, of which about half was pure, bottom-line, net-income profit.

In defending this shameless money-grab, ICANN played up the purported security benefits of the deal, while offering a critique of the domainers and registrars that had lobbied against it.

Göran Marby, ICANN’s CEO, said in a blog post.

I believe this decision is in the best interest of the continued security, stability, and resiliency of the Internet.

Overall, the decision to execute the .COM Registry Agreement amendment and the proposed binding Letter of Intent is of benefit to the Internet community.

The decision was explained in more detail in a eight-page analysis document (pdf) published late last week.

I’ll summarize this paper in three bullet points (my words, not ICANN’s):

  • Domainers are hypocrites.
  • The deal is good for DNS security.
  • Our hands were tied anyway.

First, while ICANN received over 9,000 comments about the proposed amendment, almost all negative, it said that publicity campaigns from domainer group the Internet Commerce Association and domainer registrar Namecheap were behind many of them.

the Internet Commerce Association (ICA) and Namecheap, are active players in the so called “aftermarket” for domain names, where domain name speculators attempt to profit by “buying low and selling high” on domain names, forcing end users to pay higher than retail prices for desirable domain names

It goes on to cite data from NameBio, which compiles lists of secondary market domain sales, to show that the average price of a resold domain is somewhere like $1,600 (median) to $2,400 (mean).

Both Namecheap and ICA supporter GoDaddy, which sells more .coms than any other registrar, have announced steep increases in their .com retail renewal fees in recent years — 20% in the case of GoDaddy — the ICANN document notes.

This apparent hypocrisy appears to be reason ICANN felt quite comfortable in disregarding many of the negative public comments it received.

Second, ICANN reckons other changes to the .com contract will benefit internet security.

Under a side deal (pdf) Verisign’s going to start giving ICANN $4 million a year, starting next January and running for five years, for what Marby calls “ICANN’s initiatives to preserve and enhance the security, stability, and resiliency of the DNS.” These include:

activities related to root server system governance, mitigation of DNS security threats, promotion and/or facilitation of Domain Name System Security Extensions (DNSSEC) deployment, the mitigation of name collisions, and research into the operation of the DNS.

Note that these are without exception all areas in which ICANN already performs functions, usually paid for out of its regular operating budget.

Because it looks like to all intents and purposes like a quid pro quo, to grease the wheels of getting the contract amendments approved, Marby promised that ICANN will commit to “full transparency” as to how its new windfall will be used.

The new contract also has various new provisions that standardize technical standardization and reporting in various ways, that arguably could provide some minor streamlining benefits to internet security and stability.

But ICANN is playing up new language that requires Verisign to require its registrars to forbid their .com registrants from doing stuff like distributing malware and operating botnets. Verisign’s registrar partners will now have to include in their customer agreements:

a provision prohibiting the Registered Name Holder from distributing malware, abusively operating botnets, phishing, pharming, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law and providing (consistent with applicable law and any related procedures) consequences for such activities, including suspension of the registration of the Registered Name;

Don’t expect this to do much to fight abuse.

It’s already a provision that applies to hundreds of other TLDs, including almost all gTLDs, and registrars typically incorporate it into their registration agreements by way of a link to the anti-abuse policy on the relevant registry’s web site.

Neither Verisign nor its registrars have any obligation to actually do anything about abusive domains under the amendments. As long as Verisign does a scan once a month and keeps a record of the total amount of abuse in .com — and this is data ICANN already has — it’s perfectly within the terms of its new contract.

Third and finally, ICANN reckons its hands were pretty much tied when it comes to the price increases. ICANN wrote:

ICANN org is not a competition authority or price regulator and ICANN has neither the remit nor expertise to serve as one. Rather, as enshrined in ICANN’s Bylaws, which were
developed through a bottom up, multistakeholder process, ICANN’s mission is to ensure the security and stability of the Internet’s unique identifier systems. Accordingly, ICANN must defer to relevant competition authorities and/or regulators, and let them determine if any conduct or behavior raises anticompetition concerns and, if so, to address such concerns, whether it be through price regulation or otherwise. As such, ICANN org has long-deferred to the DOC and the United States Department of Justice (DOJ) for the regulation of wholesale pricing for .COM registry services.

It was of course the DoC, under the Obama administration, that froze Verisign’s ability to raise prices and, under the Trump administration, thawed that ability in November 2018.

If you’re pissed off that the carrying cost of your portfolio is about to go up, you can blame Trump, in other words.

Namecheap and others banning coronavirus domains

Kevin Murphy, March 26, 2020, Domain Registrars

Anyone wanting to buy a coronavirus-related domain for scamming purposes won’t be able to do it via Namecheap, which has preemptively banned keyword domains on its storefront.

For the last several days, the registrar has rejiggered its web site to prevent customers adding domains containing certain keywords — such as “coronavirus” or “covid” or “vaccine” — to their shopping carts.

The company said today that customers wishing to register such domains for legitimate purposes can continue to do so by calling up Namecheap customer service and having the name registered manually.

CEO Richard Kirkendall said in an email to customers that Namecheap is also “actively working with authorities to both proactively prevent, and take down, any fraudulent or abusive domains or websites related to COVID19”.

A GoDaddy spokesperson told DI this week that it has also taken down domains when alerted to their usage as coronavirus scams.

Meanwhile, .uk registry Nominet said that it has added keywords such as “coronavirus” and “covid” to its Domain Watch initiative, the same semi-automated system it uses to flag and suspend phishing and “rape” domains preemptively at point of registration. Nominet said:

Those that look suspicious — based on our algorithm and then a manual check — are suspended until we see evidence of good intentions from the registrants.

So far, we have suspended over 180 domains while we conduct this extra due diligence. A small proportion responded to our satisfaction and had their domain names reactivated. It’s highly likely that those who did not respond were intending to use their domains to manipulate a public in need of information.

Another domain company taking action is aftermarket site Dan.com, which today said on Twitter that it will remove all coronavirus related domains from its marketplace.

Namecheap is also offering some customers payment flexibility when it comes to some products — largely non-domain products such as hosting — if they can convince customer service reps of their coronavirus-related financial hardship.

“I urge you not to abuse this offer, please allow it to be used by those who need it most, who are otherwise unable to pay,” Kirkendall wrote.

Verisign, the .com registry, yesterday hinted that it will be offering its registrars some similar flexibility, which one assumes could be passed on to registrants.

US officials gunning for coronavirus domains

Kevin Murphy, March 24, 2020, Domain Registrars

US state and federal law enforcement are pursuing domain names being used to push bogus products and misinformation related to coronavirus Covid-19.
In separate actions, the US Department of Justice forced Namecheap to take down a scam site that was allegedly using fear of coronivirus to hoodwink visitors out of their cash, while the New York Attorney General has written to registrars to demand they take action against similar domains.
The DoJ filed suit (pdf) against the anonymous “John Doe” registrant of coronavirusmedicalkit.com on Saturday and on Sunday obtained a temporary restraining order obliging Namecheap to remove the DNS from the domain and lock it down, which Namecheap seems to have done.
Namecheap is not named as a defendant, but the complaint notes that the DoJ had requested the domain be taken down on March 19 and no action had been taken by the evening of March 21.
The web site in question allegedly informed visitors that the World Health Organization was giving away free coronavirus vaccines to anyone prepared to pay a $4.95 shipping fee by handing over their credit card details.
This is an identity theft scam and wire fraud, the complaint says.
Meanwhile, NYAG Letitia James has sent letters, signed by IT chief Kim Berger, to several large US registrar groups — including GoDaddy, Dynadot, Name.com, Namecheap, Register.com, and Endurance — to ask them to “stop the registration and use of internet domain names by individuals trying to unlawfully and fraudulently profit off consumers’ fears around the coronavirus disease”.
In the letter to GoDaddy (pdf), Berger asks for a “dialogue” on the following preventative measures:

  • The use of automated and human review of domain name registration and traffic patterns to identify fraud;
  • Human review of complaints from the public and law enforcement about fraudulent or illegal use of coronavirus domains, including creating special channels for such complaints;
  • Revising your terms of service to reserve aggressive enforcement for the illegal use of coronavirus domains; and
  • De-registration of the domains cited in the articles identified above that were registered at GoDaddy, and any holds in place on registering new domains related to coronavirus, or similar blockers that prevent rapid registration of coronavirus-related domains.

In other words: try to stop these domains being registered, and take them down if they are.
No specific malicious sites are listed in the letter. Rather, Berger cites a study by Check Point Software that estimates that something like 3% of the more than 4,000 coronavirus-related domains registered between January and March 5 are “malicious” in nature.

GoDaddy cancels in-person investor day over coronavirus fears

Kevin Murphy, March 13, 2020, Domain Registrars

GoDaddy has followed in the footsteps of many other companies and organizations, cancelling a large in-person meeting to avoid exacerbating the coronavirus pandemic.
The market-leading registrar, listed on the New York Stock Exchange, announced this week that will host its investor day, scheduled for April 2, as a webcast only, out of “concern for the health and well-being of participants and attendees”.
There had been planned a face-to-face component in New York, but that will no longer go ahead.
New York’s mayor this week slapped a ban on public gatherings of over 500 people, but GoDaddy’s announcement predates that edict.
The news came as ICANN conducted its first-ever online-only public policy meeting.

Guy gets 14 years for trying to steal a domain with a gun

Kevin Murphy, December 12, 2019, Domain Sales

An American man has received a sentence of 14 years in prison after being found guilty of a plot to steal a domain name at gunpoint.
Rossi Lorathio Adams II received the sentence on Monday, according to the US Attorney’s Office in Iowa, having been found guilty of “one count of conspiracy to interfere with commerce by force, threats, and violence”.
Adams, who went by the screen name Polo, attempted to obtain the domain doitforstate.com from its registrant to support a popular social media channel he managed.
When the registrant refused multiple times, Adams drove his cousin — armed with a gun and written instructions how to push the domain into Adams’ GoDaddy account — to the registrant’s house.
A fight broke out, described vividly by the US Attorney, during which both the registrant and the gunman got shot.
Both survived, and the gunman got 20 years behind bars for his role in the attack.
If there’s a moral about domaining here, I invite the reader to discover it on their own.