Latest news of the domain name industry

Recent Posts

Verisign predicts more gloom as registrars shun .com growth

Verisign has yet again massively downgraded its expectations for .com growth, after it lost almost two million domains in the second quarter.

The company said it had 170.6 million .com and .net domains at the end of June, down 1.8 million compared to Q1 and a 2.2% decrease compared to a year earlier.

CEO Jim Bidzos said Verisign now expects the domain name base for the full year to be between -2% and -3%. That compares to a range of between +0.25% and -1.75% predicted in April and +1% to -1% predicted in February.

The Q2 renewal rate is expected to be 72.6% compared to 73.4% a year ago and 74.1% in Q1.

Bidzos said he does not expect the base to return to positive growth until the second half of 2025.

Bidzos, talking to analysts, acknowledged that Verisign’s wholesale .com price increases “may have had an impact” but put the blame for the growth shortfall squarely on what he called the “unregulated retail channel” in the US.

American registrars have been cranking up their prices in order to prioritize average revenue per user over volume, he said, meaning retail prices for .com have gone up “more than twice” Verisign’s own price hikes, leading to fewer sales as a result.

“Our research shows that the benefit from our capped wholesale prices is not always passed on to consumers,” he said.

He faced a barrage of questions from analysts about recent calls for the US government to sever its ties with Verisign over .com and put the TLD out for competitive rebidding, but reiterated the company’s position that if the government cuts it off, it still gets to run .com under its contract with ICANN.

Despite the volume woes, Verisign continues to be a high-margin cash-generating machine.

The company reported Q2 net income of $199 million, up from $186 million a year ago, on revenue up 4.1% at $387 million. Operating income was up to $266 million from $249 million and operating cash flow up to $160 million from $145 million.

Republicans quiz NTIA on Verisign .com renewal

Three Republican members of the US House of Representatives have raised the specter of Verisign having to compete to renew its .com deal with the US government.

In a letter to the National Telecommunications and Information Administration, the Congresspeople ask whether NTIA has made any efforts to renegotiate or obtain public feedback on its contract with Verisign.

They also ask whether NTIA has looked at the “effect of the recent price increases implemented by Verisign on the .com domain name marketplace” and “the impact of potential registration price increases on the .com domain name market”.

The Cooperative Agreement between NTIA and Verisign is what allows the company to raise .com wholesale fees. That power was frozen for years under the Obama administration but returned under Trump.

The letter follows missives from three campaign groups a month ago, which called Verisign, NTIA and ICANN a “cartel” that enables Verisign’s monopoly and called for the .com contract to be put out to bid.

The Congresspeople’s letter doesn’t come anywhere close to asking for the same, but it does cite previous instances where legislators and the Department of Justice have called for a competitive bidding process.

Verisign has responded to earlier letters by pointing out that even if NTIA were to cancel the agreement, the .com Registry Agreement with ICANN would still stand.

The letter (pdf) is signed by House Energy and Commerce Committee chair Cathy McMorris Rodgers, Subcommittee on Communications and Technology chair Bob Latta, and Subcommittee on Oversight and Investigations chair Morgan Griffith.

The Cooperative Agreement is set to auto-renew in November. The Congresspeople want answers from NTIA before August 8.

Smaller, more intense ICANN meetings with no free cocktails?

Kevin Murphy, July 25, 2024, Domain Policy

ICANN has floated the idea of hosting smaller, more focused meetings that eschew tedious PowerPoint presentations and do away with the free cocktail receptions.

Seeking to eliminate $10 million from its annual budget, management recently reached out to community leaders to see if they can put their heads together to make ICANN’s public meetings less expensive.

Ideas include scrapping one of the thrice-yearly in-person meetings entirely and replacing it with a virtual-only event, along the lines of the seven that were held over Zoom during the recent coronavirus pandemic.

The suggestions appear in a “How We Meet” discussion paper (pdf), presented as a jumping-off point for community discussions rather than a top-down edict.

Straight to the important stuff: ICANN is proposing to “reduce or eliminate ICANN-hosted or ICANN-sponsored social and outreach events” such as receptions, group dinners and other social networking events.

ICANN could seek third-party sponsors for these kind of events or, horror of horrors, operate a “cash bar”, the document states.

No more free booze!

If cost-conscious alcoholics have a reason to be concerned, it’s arguably worse news for community time vampires who enjoy nothing more than sucking up 45 minutes of their hour plodding through a PowerPoint explaining what their group has been up to since the last meeting.

The document suggests focusing meetings on “timely topics”, such as those with upcoming deadlines, that require “interactive dialogue in a hybrid format”, and cutting some of the extraneous nonsense.

Therefore, “extensive slide presentations, updates, and meetings (including between ICANN staff and community groups) that do not clearly require in-person or hybrid interactions will not be scheduled”, the document suggests.

Speaking as a remote participant in recent years, I’ve often chose to wait for session recordings to become available, rather than listening live, precisely so I can fast-forward through that kind of thing. That’s obviously not an option for an in-person attendee, many of whom are there on ICANN’s dime.

The document also suggests getting rid of “informational and training” events, such as the “How It Works” sessions, which it says “incur significant costs” but have “limited participation”.

ICANN is also floating the idea of reducing the number of sessions overall, and grouping constituency-specific sessions into a tighter schedule over fewer days (presumably in order to slash the hotel bill).

But the biggest shake-up of them all is arguably the idea of reducing the number of full in-person community meetings from three to two, with the cut meeting replaced with a virtual one.

Given the shared experiences from seven, consecutive Virtual Public Meetings during the pandemic and the costs of a hybrid ICANN Public Meeting, it may be timely to discuss whether there is, in fact, a current need to have three in-person/hybrid ICANN Public Meetings each year, or whether the community can work just as effectively if at least one of these meetings is conducted virtually.

It does not say which meeting could be cut, but points out that reducing the number of public meetings may increase the need for smaller, intersessional events that focus on individual constituencies or topics.

The discussion document will inform a series of calls interim CEO Sally Costerton will hold with community leaders over the next month or so. Any consensus reached could be acted up as early as September.

Private auctions to be banned in next new gTLD round

Kevin Murphy, July 25, 2024, Domain Policy

ICANN plans to ban private auctions in the next new gTLD application round, chair Tripti Sinha has told governments.

The board of directors plans to accept the Governmental Advisory Committee’s recent advice to “prohibit the use of private auctions in resolving contention sets in the next round of New gTLDs”, Sinha told her GAC counterpart in a letter published this week.

This is a significant departure from the 2012 round, where many contention sets were resolved privately, with tens of millions of dollars changing hands. Simply applying for a gTLD, in order to lose an auction rather than actually running a registry, will quite possibly no longer be a business model.

What replaces private auctions is yet to be determined. ICANN plans to publish a paper and hold two community webinars in August to discuss alternatives, and reach a decision at its meeting in early September.

Sinha warned that if it cannot reach a conclusion by the September meeting, it might delay the publication of the Applicant Guidebook and thus the opening of the next application window.

It’s quite an aggressive deadline, given the complexity of the problem. ICANN is essentially trying to figure out a way to prevent unscrupulous actors from attempting to game the system for financial gain.

Ideas such as allowing good-faith joint ventures to be formed between competing applicants have been floated in recent months, but have faced scrutiny as they might permit side-deals to be inked that have the same effect as private auctions.

What seems certain is that “last resort” auctions — where ICANN gets all the money for its already $200 million war chest — will still be an option in the next round, which is current penciled in for the first half of 2026.

ICANN’s board plans to pass resolutions on the matter next Monday, so we should have a little more clarity by the start of August at the latest.

Crowdstrike screw-up took down ICANN’s email

Kevin Murphy, July 22, 2024, Domain Tech

The domain name industry seemed to have dodged a bullet when it came to last Friday’s devastating worldwide computer outage, but it emerged over the weekend that at least one ear was grazed.

ICANN revealed late Friday that its email systems, hosted by an external provider, were affected by the bug, which saw millions of Windows endpoints bricked by a dodgy patch from security firm Crowdstrike.

At 2035 UTC, ICANN said: “ICANN is having email issues and we may not receive your email. ICANN’s external email vendor has been affected by today’s global IT outages”.

But by 0121 UTC Saturday, it reported: “ICANN’s email service has been restored and all email-dependent services have resumed.”

Given that ICANN often uses 2359 UTC as a cut-off point for things like public comment submissions, which are received via email, it’s easy to see how the lack of an inbox over that window could have caused some minor headaches on a different day.

I’m not aware of reports of any serious incidents in the wider domain space caused by the Crowdstrike bug. DNS resolution services do not typically rely upon the uninterrupted availability of Windows endpoints.

We grassed up .TOP, says free abuse outfit

Kevin Murphy, July 18, 2024, Domain Services

A community-run URL “blacklist” project has claimed credit for the complaints that led to .TOP Registry getting hit by an ICANN Compliance action earlier this week.

.TOP was told on Tuesday that it has a month to sort of its abuse-handing procedures or risk losing the .top gTLD, which has over three million domains.

ICANN said the company had failed to respond to an unspecified complainant that had reported multiple phishing attacks, and now the source of that complaint has revealed itself in a news release.

URLAbuse says it was the party that reported the attacks to .TOP, which according to ICANN happened in mid April.

“Despite repeated notifications, the .TOP Registry Operator failed to address these issues, prompting URLAbuse to escalate the matter to ICANN,” URLAbuse said, providing a screenshot of ICANN’s response.

URLAbuse provides a free abuse blocklist that anyone is free to incorporate into their security setup. Domain industry partners include Radix, XYZ.com and Namecheap.

ICANN to earmark $10 million for new gTLD subsidies

Kevin Murphy, July 18, 2024, Domain Policy

ICANN is planning to give $5 million of its auctions war-chest to new gTLD applicants from less well-off nations and wants community feedback on the idea.

The Org is sitting on over $200 million raised by auctioning gTLDs from the 2012 application round, and thinks some of it could be well-spent on subsidizing applicants in the next round.

It wants to create a $10 million fund for the Applicant Support Program, half of which will come from the auction proceeds and half of which will be covered by the existing program budget.

ICANN says this will be enough to provide “meaningful support for up to 45 new gTLD applicants”.

The auction funds have previously been used to replenish ICANN’s reserve and to launch the new Grant Program, which is making $10 million available with year to worthy, on-topic projects.

Clearly, at that rate, the Grant Program may well never exhaust the auction fund, given the likelihood of future auctions and investment gains over the next couple of decades.

The Applicant Support Program will be open to non-profit or small business applicants in most of the world’s territories, as I previously blogged. In the 2012 round, three applicants applied but only one received the discount.

The request to divert some of the cash into the ASP is not subject to a regular public comment process. Rather, ICANN’s community groups have been asked to send their thoughts to the board directly before August 12.

First registry gets breach notice over new abuse rules

.TOP Registry allegedly ignored reports about phishing attacks and has become the first ICANN contracted party to get put on the naughty step over DNS abuse rules that came into effect a few months ago.

ICANN has issued a public breach notice claiming that the registry, which runs .top, has also been ignoring the results of Uniform Rapid Suspension cases, enabling cybersquatting to take place.

The notice says that .TOP breached new rules, which came into effect April 5, that require it to act on reports of DNS abuse (such as malware or phishing attacks) by suspending the domains or referring them to the responsible registrar.

The registry didn’t do this with respect to a report of April 18, concerning “multiple .top domain names allegedly used to conduct phishing attacks”. It didn’t even read the report until contacted by ICANN, according to the notice.

As of yesterday, only 33% of the phishing domains have been suspended by their registrars, some three months after the attacks were reported, ICANN says.

Compliance is also concerned that .TOP seems to be ignoring notices from Forum, the company that processes URS cases, requiring domains to be locked within 24 hours when they’ve been hit with a charge of cybersquatting.

The registry “blatantly and repeatedly violated” these rules, according to ICANN.

.TOP has been given until August 15 to get its act together or risk having its Registry Agreement suspended or terminated.

The registry has about three million .top domains under management, having long been one of the most successful new gTLDs of the 2012 round in volume terms. It typically sells domains very cheaply, which of course attracts bad actors.

Americans and ICANNers avoid Kigali in droves

Kevin Murphy, July 15, 2024, Domain Policy

The number of North Americans and ICANN staffers turning up to the latest community meeting hit their lowest numbers since records began, according to newly published ICANN statistics.

In-person attendance plummeted compared to the same meeting last year, and the total number of North Americans collecting lanyards was the lowest since ICANN started tracking these things in 2016.

The number of staffers showing up to ICANN 80 in Kigali, Rwanda last month also tied as the lowest-ever turnout for Org employees.

There were 214 North Americans at Kigali, compared to 612 at the Washington DC meeting a year earlier and 262 at the meeting in The Hague in 2022, which was the first post-pandemic non-virtual meeting.

The previous low was 310, at the ICANN 65 meeting in Marrakech, Morocco.

It’s probably no surprise that many regular attendees stayed away. The shorter, mid-year Policy Forum meetings typically see the lowest in-person participation, and that’s particularly noticeable when the rotation has them held in Africa.

Flight web sites I checked show no direct flights from the US to Kigali. A connection at a European hub is required and you’re realistically looking at over 24 hours of travel time. Asian community members have it a little easier, with connecting hubs available in the Middle East.

For ICANN, the lower number of staff being sent may be indicative of the Org’s latest belt-tightening moves, which recently saw a number of staff laid off.

RDRS stats improve a little in June

Kevin Murphy, July 15, 2024, Domain Services

ICANN’s Registration Data Request Service saw a small improvement in usage and response times in June, but it did lose a registrar, according to statistics published today.

There were 170 requests for private Whois data in the month, up a little from May’s historic low of 153, and 20.88% were approved, compared to 20.29% in May.

The mean average response time for an approved request was down to 6.59 days, from 11.34 days in May and April’s huge 14.09 days. Since the RDRS project began last November, the median response time is two days.

Smaller registrar OwnRegistrar opted out of the program during the month, but the coverage in percentage terms held steady at 59%, with 90 registrars of various sizes still participating.