Latest news of the domain name industry

Recent Posts

One year on, Namecheap still fighting aborted .org takeover and may target GoDaddy and Donuts next

Kevin Murphy, February 5, 2021, Domain Registrars

Even though Ethos Capital’s proposed takeover of Public Interest Registry was rejected last May, registrar Namecheap is still doggedly pursuing legal action against ICANN’s handling of the deal, regardless.

The Independent Review Process complaint filed last February is still active, with Namecheap currently fighting a recent ICANN motion to dismiss the case.

The company is also demanding access to information about GoDaddy’s acquisition of Neustar and Donuts’ acquisition of Afilias, and is threatening to file separate actions related to both those deals.

Namecheap has essentially two beefs with ICANN. First, that it should not have lifted price caps in its .org, .biz and .info registry contracts. Second, that its review of Ethos’ bid for PIR lacked the required level of transparency.

ICANN’s trying to get the IRP complaint thrown out on two fairly simple grounds. First, that Namecheap lacks standing because it’s failed to show a lack of price caps have harmed it. Second, that it rejected the PIR acquisition, so Namecheap’s claims are moot.

In its motion to dismiss (pdf), its lawyers wrote:

Namecheap’s entire theory of harm, however, is predicated on the risk of speculative future harm. In fact, nearly every explanation of Namecheap’s purported harm includes the words “may” or “potential.” Namecheap has not identified a single actual, concrete harm it has suffered.

Namecheap’s claims related to the Change of Control Request should be dismissed because ICANN’s decision not to consent to the request renders these claims moot
and, separately, Namecheap cannot demonstrate any harm resulting from this decision.

In December, Namecheap had submitted as evidence two analyses of its business prospects in the event of registry price increases, one compiled by its own staff, the other prepared by a pair of outside expert economists.

While neither shows Namecheap has suffered any directly quantifiable harm, such as a loss of revenue or customers, Namecheap argues that that doesn’t matter and that the likelihood of future harm is in fact a current harm.

A mere expectation of an increase in registry prices is sufficient to show harm. This is because such expectation reduces Namecheap’s expected profits and its net present value.

It further argues that if Namecheap was found to not have standing, it would give ICANN the ability to evade future IRP accountability by simply adding a 12-month delay to the implementation of controversial decisions, pushing potential complainants outside the window in which they’re able to file for IRP.

On the PIR change of control requests, Namecheap says it’s irrelevant that ICANN ultimately blocked the Ethos acquisition. The real problem is that ICANN failed in its transparency requirements related to the deal, the company claims.

The fact that ICANN withheld its consent is no excuse for refusing to provide full transparency with respect to the actions surrounding the proposed acquisition and ICANN’s approval process. Namecheap’s claims relate to the non-transparent process; not the outcomes of such process. Irrespective of the outcome, lack of transparency increases the level of systemic risk in Namecheap’s business environment.

How did ICANN come to its decision? Was an imminent request for a change of control known to ICANN, when it took the decision to remove the price control provisions? What was discussed in over 30 hours of secret meetings between ICANN org and the Board? What discussions took place between ICANN, PIR and other entities involved? All these questions remain unanswered

Namecheap refers to two incidents last year in which ICANN hid its deliberations about industry acquisitions by conducting off-the-books board discussions.

The first related to the PIR deal. I called out ICANN for avoiding its obligation to provide board meeting minutes in a post last May.

The second relates to the board’s consideration of Donuts’ proposed (and ultimately approved) acquisition of Afilias last December. Again, ICANN’s board discussed the deal secretly prior to its official, minuted December 17 meeting, thereby avoiding its transparency requirements.

In my opinion, this kind of bullshit has to stop.

Namecheap is also now threatening to bring the Afilias deal and GoDaddy’s acquisition of Neustar’s registry business last April into the current IRP, or to file separate complaints related to them, writing in its response to ICANN’s motion (pdf):

Namecheap seeks leave to have ICANN’s actions and inactions regarding its consideration of the Neustar and Afilias changes of control reviewed by this IRP Panel. If, per impossibile such leave is not granted, Namecheap reserves all rights to initiate separate proceedings on these issues.

The deals are similar because both involve the change of control of legacy gTLD contractors with millions of domains under management that have recently had their price caps lifted — Afilias ran .info and Neustar ran .biz.

Gun nut site crashes at Epik after GoDaddy shoots it down

Kevin Murphy, January 18, 2021, Domain Registrars

A site for American gun enthusiasts has switched registrars, moving its domain to Epik — apparently with the consent of CEO Rob Monster — after GoDaddy turfed it out for allegedly inciting violence.

According to a GoDaddy statement at the weekend, the registrar had received complaints about content on AR15.com — that’s the name of a gun popular with spree killers — and determined it “incited violence”.

It informed the domain’s owner the same day, January 8, two days after the Capitol Hill riots, giving him 24 hours to remove the offending content.

It’s not clear what the content in question was, but given the timing and the fact that the site is a scarily popular forum with largely user-generated content, it’s not difficult to imagine.

AR15.com’s owner, identified in a video as GoatBoy, claims that by the time he received the email from GoDaddy, the forum’s moderators had already removed the posts on the grounds that the site also has a policy against incitement to violence.

But GoDaddy disagrees, saying the content could still be found after its supposed removal. It took down the domain on January 11. It said in a statement:

We do not take action on complaints that would constitute censorship of content that represents the exercise of freedom of speech and expression on the Internet. In instances where a site goes beyond the mere exercise of these freedoms, however, and crosses over to promoting, encouraging, or otherwise engaging in violence, as was the case with AR15.com, we will take action.

The AR15.com domain is now hosted by Epik, which has in recent years made a name for itself as a refuge for sites frequented by those with far-right views, such as 8chan, Gab and Parler.

GoatBoy says in the video embedded below: “I had the privilege of speaking with some of the guys on the executive staff, including the owner of Epik. Their views really align well with ours. They’re very pro First Amendment and very pro Second Amendment.”

GoDaddy’s female geeks make a bit more than men

Kevin Murphy, January 4, 2021, Domain Registrars

Women working at GoDaddy in technology roles on average make a penny more on the dollar than their male counterparts, but their bosses don’t fare nearly as well, according to the company’s latest published diversity data.

The market-leading registrar said last week that on average across the company globally, women make the same amount as men in like roles, but the female techies make $1.01 for every $1.00 the men make.

But women in leadership roles make $0.95 for every dollar made by than their male counterparts, the company said.

Comparable data for 2019 was not available.

However, in its native US, GoDaddy is paying women a penny more on average across all roles, up one cent on the 2019 data.

The reverse trend was true of female employees in leadership roles in the US, where they made $0.95 on the dollar in 2020, compared to $1.02 in the previous year.

In tech, the ratio approached parity, with women getting $1.01 on the dollar, compared to $1.03 in 2019.

Women make up 30% of GoDaddy employees, 33% of leadership, but only 19% of techies, the report says. Those are all slight improvements on 2019.

GoDaddy pranks employees with “insensitive” phishing test

Kevin Murphy, December 28, 2020, Domain Registrars

GoDaddy has apologized to its staff after teasing them with a $650 Christmas bonus that turned out to be nothing but a test of whether they could be duped into handing over their sensitive personal info.

Employees worldwide reportedly received emails promising the bonus December 14 from an official-looking but presumably spoofed address.

Those who clicked through and filled out a form with their personal data received a second email a few days later informing them they’d actually just failed a “phishing test” and would “need to retake the Security Awareness Social Engineering training.”

Around 500 staff reportedly failed the test.

But many were pissed off that the company would dangle a bonus, only to snatch it away, just a week before Christmas and at a time when the coronavirus pandemic has caused many to fear for their livelihoods.

While GoDaddy rode out the pandemic just fine, it laid off hundreds, regardless.

After the prank last week attracted media attention, the company apologized to its employees, saying in a statement sent to the AFP:

GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologised. While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees.

I sincerely hope nobody spent their illusory $650 in the days before the test was revealed.

GoDaddy has a secret weapon in its push into corporate domains

Kevin Murphy, November 19, 2020, Domain Registrars

While GoDaddy has been focused for the last two decades on small and microbusiness customers, its entry this year into the corporate domains management space should not be dismissed — the company has one huge advantage.

Earlier this week, the company announced the launch of GoDaddy Corporate Domains, really just a rebranding of the company Brandsight, which it acquired back in February.

The move pits GoDaddy against industry leaders such as MarkMonitor, CSC, Com Laude, Safenames et al.

But the company has one huge advantage that its new competitors do not have: cybersquatters and criminals.

Buried at the bottom of this week’s press release is the announcement of a new service, the Verified Intellectual Property program, which “provides pre-vetted, well-known and famous brands an escalation path to address IP abuse”.

It sounds basically like a trusted notifier service not unlike those offered at the registry level by the likes of Donuts and Radix.

VIP clients will be able to get sites and domains hosted on GoDaddy taken down much quicker, via a special escalation email address, a spokesperson said. Takedown requests will still be subject to manual review, he said.

VIP is currently invitation-only, but I assume being a Corporate Domains customer would help expedite an invitation.

This kind of service is something GoDaddy’s new rivals cannot offer — they generally have no retail channel or hosting, so have no cyberquatters, pirates or counterfeiters as customers. If they want to take down a domain or web site, it’s not a simple matter of flipping a switch.

They also don’t have tens of millions of domains under management, many of which, through no fault of GoDaddy, will be maliciously registered.

This is potentially a pretty cool USP for GoDaddy, which could have rivals worried.

GoDaddy set to pay millions to settle robocalling class action

Kevin Murphy, November 5, 2020, Domain Registrars

GoDaddy is due to pay a bunch of class action lawyers millions of dollars to settle a lawsuit alleging historical illegal robocalling practices, while giving affected customers a lousy $35 apiece.

The lawyers have reportedly filed for final approval of a settlement (pdf) agreed to in May that put GoDaddy on the hook for up to $35 million.

The Alabama suit, Drazen v Goddady, alleged that the registrar between 2014 and 2016 broke the US Telephone Consumer Protection Act by using software to automatically call and text customers with upsell offers without their permission.

GoDaddy denied, and continues to deny, any allegations of wrongdoing.

Still, it’s decided to pay the lawyers to go away, to avoid costly ongoing litigation.

While the payout is capped at $35 million, in reality the company will be paying substantially less.

Affected US-based customers who filed a claims form before October 7 will either receive a check for $35 cash or store credit, redeemable within one year, for $150.

Reportedly, only 24,000 of the 1.46 million potential class members filed their claims by the deadline, so GoDaddy only stands to pay out $840,000 cash, $3.6 million in store credit, or some value between the two.

The class action plaintiff’s lawyers, on the other hand, stand to get up to 30% of the $35 million settlement, or $10.5 million.

The representative plaintiffs who put their names to the complaint get $5,000 each for their trouble.

GoDaddy sees 12% growth in domains revenue

Kevin Murphy, November 5, 2020, Domain Registrars

GoDaddy delivered another quarter of impressive growth in the third quarter, showing again the resilience of the domain name market to the coronavirus pandemic.

The company reported total revenue up 11% on the same period last year at $844.4 million, with net income sliding from $76.8 million to $65.1 million.

GoDaddy spent more on marketing during the quarter, saying that as demand for its services increases it needs to make sure it captures as many customers as possible.

Revenue from domains slightly outperformed overall growth, coming in at $387.4 million, up 12.2% year over year.

The domains segment was also a bit more profitable because GoDaddy no longer has to pay Neustar for domains in TLDs managed by what is now GoDaddy Registry.

The business applications segment, which includes email and third-party apps such as shopping carts, was the standout growth segment, coming in at $154.6 million, up 18.7%.

GoDaddy expects to see a similar pattern in Q4, with domains growth coming in at low double figures and business apps growth coming in at high double figures.

Both Q3 growth and Q4 outlook were better than analysts expected, and GoDaddy stock was rewarded accordingly.

The company also announced the departure of COO Andrew Low Ah Kee after 10 years with the company. His position will not be immediately refilled, and he is said to be taking a presidential role at a company outside of the domain industry.

These eight companies account for more than half of ICANN’s revenue

Kevin Murphy, October 19, 2020, Domain Policy

While 3,207 companies contributed to ICANN’s $141 million of revenue in its last fiscal year, just eight of them were responsible for more than half of it, according to figures just released by ICANN.

The first two entries on the list will come as no surprise to anyone — they’re .com money-mill Verisign and runaway registrar market-leader GoDaddy, together accounting for more than $56 million of revenue.

Registries and registrars pay ICANN a mixture of fixed fees and transaction fees, so the greater the number of adds, renews and transfers, the more money gets funneled into ICANN’s coffers.

It’s perhaps interesting that this top-contributors list sees a few companies that are paying far more in fixed, per-gTLD fees than they are in transaction fees.

Binky Moon, the vehicle that holds 197 of Donuts’ 242 gTLD contracts, is the third-largest contributor at $5.2 million. But $4.9 million of that comes from the annual $25,000 fixed registry fee.

Only 14 of Binky’s gTLDs pass the 50,000-name threshold where transaction fees kick in.

It’s pretty much the same story at Google Registry, formally known as Charleston Road Registry.

Google has 46 gTLDs, so is paying about $1.1 million a year in fixed fees, but only three of them have enough regs (combined, about one million names) to pass the transaction fees threshold. Google’s total funding was almost $1.4 million.

Not quite on the list is Amazon, which has 55 mostly unlaunched gTLDs and almost zero registrations. It paid ICANN $1.3 million last year, just to sit on its portfolio of dormant strings.

The second and third-largest registrars, Namecheap and Tucows respectively, each paid about $1.7 million last year.

The only essentially single-TLD company on the list is Public Interest Registry, which runs .org. Despite having 10 million domains under management, it paid ICANN less than half of Binky’s total last year.

The anomaly, which may be temporary, is ShortDot, the company that runs .icu, .cyou and .bond. It paid ICANN $1.6 million, which would have been almost all transaction fees for .icu, which peaked at about 6.5 million names earlier this year.

Here’s the list:

[table id=62 /]

Combined, the total is over $70.5 million.

The full spreadsheet of all 3,000+ contributors can be found over here.

GoDaddy denies weird front-running claim

Kevin Murphy, September 21, 2020, Domain Registrars

GoDaddy has been forced to deny (again) that it engages in front-running after a social media post attracted hundreds of comments.

Front-running is the practice of a registrar monitoring customers’ availability searches then registering the name itself in order to mark it up to a premium price.

No reputable registrar does this any more, if only because it would be reputation suicide.

But a poster on HackerNews claimed to have been exploited in precisely this way,

searched a few days ago for felons.io, looked for unique names for simple game didn’t know if I wanted it or not

guess godaddy decided for me: 1 days old Created on 2020-09-16 by GoDaddy.com, LLC

just a warning if you have a special name do not use godaddy to check if its available

Domains can appear to be front-run due to the law of large numbers. Registrants may think they’re the only one with a unique domain idea, but they’re likely not.

After the HackerNews post attracted hundreds of comments (largely promoting Namecheap as a superior competitor) and a post from Eliot Silver, GoDaddy decided to issue a response.

“These accusations are 100% false. This type of behavior is predatory, unethical, and goes against everything we stand for as a company,” registrar head Paul Bindel posted over the weekend.

Bindel went on to post the results of search queries for “felons” and related terms over a couple of weeks. There weren’t a huge amount.

Complicating the story, he also says that the felons.io domain was suspended not long after registration, and will soon be deleted, after it was flagged as a fraudulent registration by a compromised account.

Interestingly, the HackerNews account used to post the original allegation appears to have been created on the same day as the post, which is literally the only thing he or she ever posted on the site.

GoDaddy could lose control of .co this week

Kevin Murphy, September 8, 2020, Domain Registries

It looks like GoDaddy’s recently acquired .co registry could lose formal control of the ccTLD this week.

ICANN’s board of directors has “Transfer of the .CO (Colombia) top-level domain to the Ministry of Information and Communications Technologies” on its agenda for its meeting this Thursday.

Since 2009, IANA record for .co shows the Colombian company .CO Internet as the sponsor, admin contact and tech contact.

.CO Internet was acquired by Neustar for $109 million in 2014. Neustar’s registry business, including the .co contract, was acquired by GoDaddy earlier this year. Most of .CO Internet’s original staff are still with the company.

GoDaddy now has the contract to run .co for the next five years, but as a service provider rather than having full administrative control of the TLD.

A redelegation to the Colombian ministry will not affect that contract, and in fact seems to have been envisaged by it.

Back in April when the renewal was announced, MinTIC said it would in future “be in charge of its [.co’s] administration through a group dedicated to Internet governance with technical personnel with knowledge and ability to manage and administer the domain”.

The new deal also sees Colombia receive 81% of the profits from .co, compared to the 6-7% it received under the old deal.

Assuming the ICANN board gives the redelegation the nod this week, it usually only takes IANA a day or two to make the appropriate updates to its registry.