Latest news of the domain name industry

Recent Posts

GoDaddy Registry to raise some TLD prices, lower others

Kevin Murphy, February 16, 2022, Domain Registries

GoDaddy Registry is to raise the base price of three of its recent acquired gTLDs and lower the price on three others.

The company is telling registrars that the prices of .biz, .club and .design domains are going up later this year, while the prices of .luxe, .abogado and .case are going down.

For .biz, which GoDaddy took over when it acquired Neustar’s registry business in 2020, the price will increase by $0.87 to $13.50.

While .biz hasn’t been price-regulated by ICANN since 2019, the new rise is lower than the annual 10% it was allowed to impose under its previous, price-capped contracts. It’s around 7% this year, roughly in line with .com’s capped increase. It will mean the price of a .biz has gone up by over 70% in the last decade.

For .club, which GoDaddy acquired last year, registrations, renewals and transfers are going up by a dollar to $10.95, the fourth consecutive year in which .club fees have increased.

It’s in the ball-park of what previous owner .CLUB Domains was already doing — .club launched in 2014 with a $8.05 fee, but that went up to $8.95 in 2019, then $9.45 in 2020, then $9.95 last year.

.club has about a million domains under management at the moment. If that level holds, it’s an extra million bucks a year to GoDaddy, which frankly will barely register on the company’s now billion-dollars-a-quarter income statement.

For lower-volume .design, another one of the 2021 acquisitions, the price is going up by $2 to $35.

All of these price changes go into effect September 1 this year, giving registrants over six months to lock-in their pricing for up to 10 years by committing to a multi-year renewal before the changes kick in.

Registrars in most cases pass on registry price increases to their customers, but they don’t have the same six-month notification obligations as registries.

For three other GoDaddy Registry TLDs, prices are coming down in the same timeframe, so registrants may wish to see if the savings are passed on in future by registrars.

.luxe prices are going down from $15 a year to $12, .abogado is going down from $25 to $20 and .casa is going down from $7.50 to $6. The latter two mean “lawyer” and “home” respectively in Spanish.

GoDaddy isn’t currently altering the regular price of the TLDs it acquired from MMX, but it is bumping the restore fee for expired domains by $10 to $40, bringing them into line with .com.

GoDaddy now making over $1 billion a quarter

Kevin Murphy, February 11, 2022, Domain Registrars

It doesn’t seem like five minutes ago that GoDaddy became the first domain registrar to top $1 billion in annual revenue. It was actually 2013. Now, it’s doing that in a quarter.

The company last night reported fourth-quarter revenue of $1.02 billion, almost half of which was from domains, up from $873.9 million a year earlier.

Domains revenue was up a whopping 23.6% at $497.3 million, but this was mainly due to aftermarket sales and the registry business.

The company does not report its domains under management, growth or renewal rates in its quarterly earnings announcements.

CFO Mark McCaffrey told analysts that up to two thirds of the growth could be attributed to the aftermarket, where domains sell at premium prices, and GoDaddy “saw an uptick in both volume and average deal size”.

He also highlighted GoDaddy Registry as a key growth contributor, due to the launch in Q4 of a “reputation protection solution” that I can only assume refers to the AdultBlock service that blocks trademarks in the company’s four porn gTLDs.

GoDaddy sent out renewal notices for AdultBlock, valued at as much as $30 million, in December.

It’s not currently possible to measure the success of AdultBlock from public data sources. GoDaddy expunged the roughly 80,000 blocked .xxx domains from its zone file on December 1. Whereas they previously resolved to a registry placeholder, now they do not resolve at all.

Domains revenue for the full year was $1.81 billion, up 19.5%. Including non-domains businesses, annual revenue was $3.81 billion, up 15%.

The company had 2021 net income of $242.8 million, reversing a loss of $494.1 million in 2020.

.xxx shows up in botnet top-five TLDs for the first time

Kevin Murphy, January 21, 2022, Domain Registries

It is a truth universally acknowledged that the cheaper a TLD, the more likely it is to be abused by bad actors, and that may be what happened to .xxx in the fourth quarter.

SpamHaus listed .xxx as its fourth most-abused TLD for botnet command and control domains in its newly published Q4 statistics, a new entry on the top 20 table that raised researchers’ eyebrows.

From zero, .xxx went up to 223 C&C domains in the period, sandwiched between .ga’s 143 and .xyz’s 396, SpamHaus said. It worked out to 2.4% of .xxx’s active domains, the compamny said.

.com was of course still the runaway leader, with 3,719 C&C domains. .top came in second, with 715 domains.

SpamHaus said:

We don’t often see new TLD entries within the top five of this Botnet C&C Top 20; however, .xxx, an adult TLD, run by registry ICM, has entered at #4. With less than 10,000 active domains but a total of 223 domains associated with botnet C&C activity in Q4 we can only assume that there are problems.

It’s noteworthy because .xxx is not a cheap TLD. With wholesale prices around $60, they usually sell for around $100 a year. Botnet operators, like other types of malefactor, usually choose cheap domains for their activities.

But in 2021 .xxx was celebrating its 10th anniversary, and at least one company was offering names at a .com-equivalent $10 a year, starting in the middle of the year and extending into Q4.

While .xxx registry ICM is now owned by GoDaddy, it was still part of MMX at the time the pricing promotion began.

New gTLD pioneer MMX to wind up

Kevin Murphy, January 14, 2022, Domain Registries

MMX, the new gTLD registry also known as Minds + Machines, has decided to close down and de-list.

The company said today that it plans to return its remaining cash to investors through a tender offer and then cancel its remaining shares, which are listed on London’s Alternative Investment Market.

The cancellation plan is subject to shareholder approval at a February 7 general meeting, but the tender does not require approval.

MMX will buy back shares to the tune of £19 million ($26 million) at 10.4 pence per share, a premium of 26.1% on yesterday’s closing price and 24.8% on the last month’s average price.

It follows an $80 million tender offer completed in October.

MMX sold off its major assets — 22 new gTLD registry contracts — to GoDaddy last year in a $120 million deal, and has wound down its legacy registrar businesses.

Now, all that remains is a transition services agreement with GoDaddy, which will soon end.

There had been talk of using the AIM listing as a reverse-takeover vehicle for an operating business seeking quick access to the public markets, but it appears that’s no longer on the table.

If everything goes according to plan, MMX will cease to exist as a public company on February 22. Shareholders have until January 28 to accept the tender offer.

It seems the remaining shareholders will be losing out — if the tender offer is fully subscribed, they’ll only get to sell one share for every 1.485 shares they currently own.

“National security” cited as registry says you have to ask its CEO if you want to register more than TWO domains

Kevin Murphy, January 10, 2022, Domain Registries

India, a country with some 2.2 million ccTLD domains, has implemented perhaps the strangest and most Draconian restrictions on bulk registration of modern times.

The local registry, NIXI, informed its registrars all over the world in late December that they will have to seek formal written permission directly from the CEO if a customer wishes to register more than two .in domains.

Registrars breaking the rules face losing their accreditation, NIXI said.

A terse notice (pdf) published on the registry’s web site, signed by CEO Anil Kumar Jain, reads:

It is decided that a written approval of CEO, NIXI is required if an individual Registrant submit a request for registering more than two domains.

In case a registered accredited company try to book domains more than 100 than also a written approval of CEO, NIXI is required.

In case any Registrar is booking domains violating the above norms NIXI has right to disallow/disconnect the domains booking under that category. A process may be initiated for de-accreditation of such Registrar.

Approval will be given within 24 hours of a request, regardless of weekends or holidays, the notice reads.

Asked for clarification, Jain told DI in an email that the “new procedure is drawn after reviewing national security concerns” and that “NIXI registry is not stopping any domain registration.”

“An individual can book up to 2 domains and a company can book up to 100 domains without permissions,” he wrote. “Permission sought is given within 24 hrs.”

The new rule has registrars scratching their heads, with one describing it as “crazy”, “very vague” and very difficult to enforce.

NIXI uses GoDaddy Registry as its back-end, but GoDaddy does not appear to be playing a role in the implementation of the new policy. A spokesperson said in a statement:

At this time, the responsibilities are on the registrars and it’s a discussion between NIXI and them. As the back-end provider, we work closely with .in on any changes they would like to make at the registry level.

GoDaddy gets another year to negotiate .xxx contract

Kevin Murphy, December 15, 2021, Domain Registries

ICANN and GoDaddy seem to have missed their deadline for long-term renewal of their .xxx registry agreement for a second time.

The contract was extended earlier this week until December 15, 2022, giving the parties another full year to bash out whatever amendments are needed.

The initial deal, signed in 2011, was due to expire March 31, but was extended until today to give more time for renegotiation.

.xxx was the last gTLD approved prior to the 2012 application round, and as such it has a few differences to the standard gTLD contract.

The fee structure is particularly complicated; originally, the registry had to pay ICANN $2 per domain, to stuff ICANN’s war chest for anticipated litigation, but that has been reduced through amendments over the years.

ICANN is always keen to bring older contracts into line with the standard Registry Agreement.

The .xxx contract, like legacy gTLDs before it, will be subject to public comment before approval.

GoDaddy is currently pushing renewals for its AdultBlock trademark-protection services.

GoDaddy wins .tv contract after Verisign blows off 20-year deal

Kevin Murphy, December 14, 2021, Domain Registries

GoDaddy is taking over the contract to run .tv from Verisign, after Verisign didn’t even bother to bid for renewal.

The deal brings to an end a relationship between Verisign and the tiny Pacific island nation of Tuvalu that has lasted 20 years and contributed millions to the country’s economy.

The country’s communications ministry said on its Facebook page that GoDaddy Registry was selected after a “competitive tender process”, but DI understands that Verisign did not participate.

While terms of the new GoDaddy deal have not been disclosed, it seems likely that Tuvalu was looking for a far bigger slice of the pie than the $5 million a year it was getting from Verisign, and for moneybags Verisign, with its .com cash-printing machine, it simply wasn’t worth the hassle.

Tuvalu has around 11,000 inhabitants and gross national income of around $60 million — its .tv money was a big deal for the country, even at the amount Verisign was paying.

With a likely bigger chunk of change coming from GoDaddy, it’s going to have more to invest in what it calls its “digital nation” strategy, which appears to involve investing heavily in blockchain-based technologies to compensate for the fact that it may well disappear beneath the waves over the next few decades.

.tv is a cornerstone of this strategy, the government says.

There’s thought to be at least half a million registered .tv domains, and the bog-standard non-premiums retail for about $50 a year, so it’s been a nice little earner for Verisign over the last two decades.

The company first took on .tv in 2001 when it acquired startup .tv Corp, which had inked the original deal with Tuvalu in 1998, for $45 million. The contract has been renewed a few times since then.

The ccTLD was the first example of a mainstream TLD offering tiered pricing, with premium strings carrying bigger price tags — controversial 20 years ago, almost standard practice today.

There have been reports over the years that the country thought it was getting short-changed by the deal, and the contract was put up for bidding earlier this year.

Despite reports that the tender seemed suspiciously tailored for a Donuts win, it seems GoDaddy has emerged the victor.

One can only assume it’s offered Tuvalu a bigger slice of the pie, which is what it had to do (under its previous incarnation as Neustar) to keep hold of the contract to run Colombia’s .co last year.

Neither Verisign nor GoDaddy has publicly released a statement about the switch. While it’s a lot of money, it’s not strictly material to either company’s already swollen top lines.

GoDaddy hack exposed a million customer passwords

Kevin Murphy, November 24, 2021, Domain Registrars

GoDaddy’s systems got hacked recently, exposing up to 1.2 million customer emails and passwords.

The attack started on September 6 and targeted Managed WordPress users, the company’s chief information security officer Demetrius Comes disclosed in a blog post and regulatory filing this week.

The compromised data included email addresses and customer numbers, the original WordPress admin password, the FTP and database user names and passwords, and some SSL private keys.

In cases where the compromised passwords were still in use, the company said it has reset those passwords and informed its customers. The breached SSL certs are being replaced.

GoDaddy discovered the hack November 17 and disclosed it November 22.

It sounds rather like the attack may have been a result of a phishing attack against a GoDaddy employee. The company said the attacker used a “compromised password” to infiltrate its WordPress provisioning system.

Comes wrote in his blog post:

We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection

You may recall that GoDaddy came under fire last December for punking its employees with a fake email promising an end-of-year bonus, which turned out to be an “insensitive” component of an anti-phishing training program.

About 500 staff reportedly failed the test.

Virgin territory as GoDaddy pushes $30 million porn domain renewals

Kevin Murphy, November 16, 2021, Domain Registries

Brand owners big and small are in for a potential surprise December 1, as their 10-year-old .xxx domain blocks expire and registrars bill their customers to convert them into a new annually-renewing GoDaddy service.

GoDaddy confirmed to DI today that it will “auto-convert” the old Sunrise B blocks, first sold by ICM Registry in 2011, to its new AdultBlock service, which provides essentially the same functionality but across four TLDs rather than one.

Tony Kirsch, head of professional services at GoDaddy Registry, said:

Registrars have been contacting all the Sunrise B owners and advising them that as of December 1 they will be grandfathered and automatically converted into an AdultBlock service, but they have a choice to expire that or stop that happening prior to December 1.

And if it is that they don’t do that before December 1, we’ll still give them a grace period of at least 45 days. If that happens they can then, as you’d normally do, just turn around to the registrar and say “We don’t want that” and we will of course refund the money.

This means that GoDaddy, which acquired .xxx and ICM from MMX earlier this year, is billing its .xxx registrar partners to convert and renew what could be as many as 81,000 Sunrise B blocks.

While the registry fee for AdultBlock has not been published, retail registrars I checked have priced the service at $370 to $400 per year, which we can probably assume is low-end pricing. Most .xxx domains are sold via the specialist brand-protection registrars like CSC and Markmonitor, which sometimes have more complex pricing.

So that’s something in the ballpark of $30 million worth of renewal invoices being sent out in the coming weeks, for something in many cases brand owners may have institutionally forgot about.

Kirsch said that AdultBlock was introduced by MMX about 18 months ago and that registrars have been preparing their customers for the Sunrise B expiration for some time.

Sunrise B was a program, unprecedented in the industry at the time, whereby trademark owners could pay a one-off fee — ICM charged its registrars about $160 wholesale — to have their brands removed from the available pool.

The domains exist in the .xxx zone file and resolve to a black page bearing the words “This domain has been reserved from registration”, but they’re not registered and usable like normal defensive or sunrise registrations would be.

Companies got to avoid not only the potential embarrassment of being porn-squatted, but also the hassle of having to explain to a tabloid reporter why they “owned” the .xxx domain in question.

The term of the Sunrise B block was 10 years. ICM told me at the time that this was because the company’s initial registry contract with ICANN only lasted for 10 years, so it was legally unable to sell longer-term blocks, but I’ve never been sure how much I buy that explanation.

Regardless, that 10 year period comes to an end in two weeks.

Because Sunrise B was unprecedented, this first renewal phase is also unprecedented. We’re in virgin territory (pun, of course, very much intended) here.

Will we see the industry’s first public “block junk drop”?

There are a number of reasons to believe trademark owners, assuming they don’t just blindly pay their registrar’s invoices, would choose to allow their blocks to expire or to ask for a refund after the fact.

First, the price has gone up — a lot.

While ICM charged $160 for a 10-year Sunrise B block (maybe marked up by registrars to a few hundred bucks) brand owners can expect to pay something like $3,000 retail for a single string blocked for 10 years.

But buyers do get a bit more bang for their buck. Unlike Sunrise B, AdultBlock also blocks the trademark in three additional GoDaddy-owned TLDs — .porn, .sex and .adult — as standard.

Kirsch said he expects buyers to see a 40% to 50% saving compared to the cost of defensively registering each domain individually.

Second, the appetite for defensive registrations has waned over the past 10 years, with trademark owners employing more nuanced approaches to brand protection, largely due to the flood of new gTLDs since 2013.

When .adult, .sex and .porn launched, without the possibility of Sunrise B blocks, they got about 2,000 regular sunrise registrations each. And that’s extraordinarily high — for most new gTLDs a couple hundred was a good turnout.

Third, the .xxx launch attracted a whole lot of controversy and overreaction, and the .xxx zone file today contains a lot of Sunrise B crap.

When I scrolled a little through the zone, cherry-picking silly-looking blocks in 2019, I found these examples:

100percentwholewheatthatkidslovetoeat.xxx, 101waystoleaveagameshow.xxx, 1firstnationalmergersandacquisitions.xxx, 1stchoiceliquorsuperstore.xxx, 2bupushingalltherightbuttons.xxx, 247claimsservicethesupportyouneed30minutesguaranteed.xxx, 3pathpowerdeliverysystembypioneermagneticsinc.xxx

Is it worth $400 a year to block the trademark “100 Percent Whole Wheat That Kids Love To Eat”? Is there any real danger of a cybersquatter going after that particular brand (apart from the fact that I’ve now written about it twice)?

Kirsch said a “small percentage” of Sunrise B owners have already said they don’t want to convert, but given that the rest will auto-convert, and that the registrars are doing all the customer-facing stuff, the company has limited visibility into likely uptake.

Brian King, director of policy at MarkMonitor, told us: “We generally encourage our clients to consider blocks. They can be cost effective and a lot of times clients would rather have their brand be unavailable without having to register in TLDs where they don’t want to own domain registrations for any number of reasons.”

One reason brand owners may want to consider converting to AdultBlock — it’s rumored that GoDaddy will be relaxing its eligibility criteria for .xxx next year, removing the requirement for registrants to have a nexus to the porn industry.

It’s always been kind of a bullshit rule, basically a hack to allow ICM to run a “sponsored” TLD under ICANN’s rules from the 2003 application round, but doing away with it would potentially make it easier for cybersquatters to get their hands on .xxx domains.

CSC told customers in a recent webinar that the rules are likely to be changed next year, increasing the risk of cybersquatting.

There’s some circumstantial evidence to suggest that CSC might be on to something — pretty much every “sponsored” gTLD from the same 2003 application round as .xxx has relaxed their reg rules to some extent, sometimes when their contracts come up for renewal and ICANN tries to normalize them with the text of the standard 2012-round agreement.

And GoDaddy’s .xxx contract with ICANN is being renegotiated right now. It was due to expire in March, but it was extended in February until December 15, a little under a month from now. We may soon see ICANN open up the new text for public comment.

Kirsch, who’s not part of the negotiations, could not confirm that the eligibility relaxation is going to happen or that it’s something GoDaddy is pushing for.

If it were to happen, it wouldn’t be for some time, and it wouldn’t necessarily impact on the December 1 deadline for Sunrise B conversions, which is going to be interesting to watch in its own right.

“There are registrations that are protecting people’s trademarks that are expiring and our primary objective here is to ensure that that protection continues, and that’s what we’ll do,” GoDaddy’s Kirsch said.

“If we just let them expire, it would create a lot of opportunity for brand infringement. Faced with that choice, our primary objective is to protect trademark owners,” he said.

GoDaddy says it turned around Neustar, and .biz numbers seem to confirm that

Kevin Murphy, November 4, 2021, Domain Registrars

GoDaddy is pleased with how its new registry division is doing, with CEO Aman Bhutani claiming last night that it’s managed to turn around the fortunes of Neustar, which became part of GoDaddy Registry a year ago.

Reporting a strong third quarter of domains revenue growth, Bhutani highlighted the secondary market and the registry as drivers. In prepared remarks, he said:

On Registry, we are continuing to prove our ability to acquire, integrate, and accelerate. A great example is the cohort performance within GoDaddy Registry. When we acquired Neustar’s registry assets in Q3 last year, its new cohorts were shrinking, with new unit registrations down 4% year over year. We are now one year into the acquisition, and we’re pleased to report that within that first year, we have been able to accelerate new business significantly. We are now seeing new unit registrations increase nearly 20% year over year — all organically.

If you’re wondering what a “cohort” is, it appears to refer to GoDaddy’s way of, for analysis purposes, slicing up its customers, how much they spend and how profitable they are, into tranches according to the years in which they became customers.

So GoDaddy’s saying here that Neustar’s number of new customers was going down, and it was selling 4% fewer new domains, at the time of the acquisition last year, but that that trend has now been reversed, with new regs up 20%.

The numbers are not really possible to verify. Neustar’s main three TLDs for volume purposes were .us, .co and .biz, and of those only .biz is contractually obliged to publish its zone file and registry numbers.

But look at .biz!

.biz zone graph

That’s .biz’s daily zone file numbers for the last two years, with the August 2020 acquisition highlighted by a subtle arrow. It’s only added about 50,000 net names since the deal, but it’s reversing an otherwise negative trend.

Monthly transaction reports show .biz had been on a general downward, if spiky, line since its early 2014 peak of 2.7 million names. It’s now at about 1.4 million.

When asked how the company achieved such a feat, Bhutani credited “execution” and left it at that. Perhaps this means something to financial analysts.

When asked by an analyst whether GoDaddy was giving its own TLDs preferential treatment, promoting its owned strings on the registrar in order to better compete with .com at the registry, Bhutani denied such frowned-upon behavior:

We don’t do that. All TLDs work on our registrar side in terms of their merit. It’s about value to the customer — whatever works best irrespective of whether we own the registry side or not. That’s what we’ll sell in front of the customer.

The company reported domains revenue up 17% at $453.2 million for the third quarter, with overall revenue up 14% at $964 million compared to year-ago numbers. Net income was up to $97.7 million from $65.1 million a year ago.

GoDaddy expects domains revenue to grow in the low double digits percent-wise in the current quarter.