Recent Posts
- Is a .tree gTLD very cool or very silly?
- The internet just got its first new TLD since 2022
- Kid-friendly domains could be reborn
- Shrinking .us TLD is up for grabs
- Namecheap saw 116,000 phishing attacks last year
- .io safe for now as Trump puts Chagos deal on ice
- Amazon sells three gTLDs to Identity Digital
- .radio’s new owners might have a fight on their hands
- WIPO doubles the speed of UDRP cases
- Amazon joining GlobalBlock
- Unstoppable buys 10 new registrars
- ICANN cleaning house, cans four more registrars
- ICANN to throw millions more at cheapo gTLDs
- Introducing Stringtel, my new free new gTLD tool
- GlobalBlock signs the two best deals it will ever get
- Seven registrars get terminated
- GoDaddy launches DomainMaxxing to optimize your domains
- .latino gTLD to launch soon
- Amazon readies .pay gTLD
- Nominet reveals first DNS tech funding recipients
- ICANN hit with tinfoil-hat lawsuit
- .pn relaunches — you’ll never guess what they say it means
- Unstoppable focuses on proper domains, admits crypto was “craze”
- ICANN boss: no plans to scrap Oman meeting
- China domains dip in 2026
- ICANN maps out new gTLD timeline
- War disrupts ICANN 85
- Namecheap abandons fight for .org price caps
- Identity Digital acquires another gTLD
- Seven dead registrars on the out
- Sav.com owner takes over .radio gTLD
- .com zone tops 160 million domains
- ai.com, the most-expensive domain sale ever
- .ai hits seven figures, raises prices
- Typosquatter gets two years in jail
- Epstein low-balled registrants to get his exact-match domain
- Epstein bought “mother” domains for Fergie while serving time
- Two former ICANN directors want back in
- Former ICANN director could lose control of ccTLD
- UK launches “police.ai”, but does it own the domain?
- Team Internet still in talks to sell off domains unit
- NamesCon returning to Miami in November
- “Mad Dog” politician registers nazis.us, redirects to Trump admin site
- “Lowest Price Guaranteed!” $48 .com registrar canned
- No RDAP? No accreditation
- Fifth-largest gTLD not dead after all
- Half of registrar’s domains are abusive, ICANN says
- Burr joins PIR after leaving ICANN board
- Refunds galore as gTLD losers finally bow out
- .goo terminated as search engine closes down
- GoDaddy to offer domain blocking to people who don’t have trademarks
- Happy new year expected for domain industry, says ICANN
- Salesforce to apply for a dot-brand
- Team Internet looking to break up
- Noss to leave Tucows corner office
- Rubens Kühl has died
- Sinha angry with Chapman’s firing as ICANN vice chair
- Glitch redux: ICANN screws up new gTLD security again
- CentralNic claims second-largest TLD migration ever
- DNS issue at Amazon takes out major apps and sites
- .io sales almost double over three years
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
Hackers break .mobi after Whois domain expires
It’s probably a bad idea to let a critical infrastructure domain expire, even if you don’t use it any more, as Identity Digital seems to be discovering this week.
White-hat hackers at WatchTowr today published research showing how they managed to undermine SSL security in the entire .mobi TLD, by registering an expired domain previously used as the registry’s Whois server.
Identity Digital, which now runs .mobi after a series of acquisitions, originally used whois.dotmobiregistry.net for its Whois server, but this later changed to whois.nic.mobi and the original domain expired last December.
WatchTowr spotted this, registered the name, and set up a Whois server there, which went on to receive 2.5 million queries from 135,000 systems in less than a week.
Sources of the queries included security tools such as VirusTotal and URLSCAN, which apparently hadn’t updated the hard-coded Whois URL list in their software, the researchers said.
GoDaddy and Domain.com were among the registrars whose Whois tools were sending queries to the outdated URL, WatchTowr found.
Incredibly, so was Name.com, which is owned by Identity Digital, the actual .mobi registry.
More worryingly, it seems some Certificate Authorities, responsible for issuing the digital certificates that make SSL work, were also using the old Whois address to verify domain ownership.
WatchTowr says it was possible to obtain a cert for microsoft.mobi by providing its own email address in a phony Whois record served up by its bogus Whois server.
“Effectively, we had inadvertently undermined the CA process for the entire .mobi TLD,” the researchers wrote.
They said they would have also been able to send malicious code payloads to vulnerable Whois clients.
While WatchTowr’s research doesn’t mention ICANN, it might be worth noting that the change from whois.dotmobiregistry.net to whois.nic.mobi is very probably a result of .mobi’s transition to a standardized gTLD registry contract, which requires all registries to use the whois.nic.[TLD] format for their Whois servers.
As a pre-2012 gTLD, .mobi did not have this requirement until it signed a new Registry Agreement in 2017. There are still some legacy gTLDs, such as .post, that have not migrated to the new standard URL format.
The WatchTowr research, with a plentiful side order of cockiness, can be read in full here.
Unstoppable reveals gTLD bid doomed to fail
It’s finally happened. Somebody has announced an application for a new gTLD that will almost certainly fall foul of ICANN’s rules and be rejected.
The would-be applicant is Farmsent, a United Arab Emirates startup that is building a blockchain-based marketplace for farmers and buyers of farm produce, and its domains partner is Unstoppable Domains.
Unstoppable said last week that the two companies are launching .farms domains on Unstoppable’s alternative naming system, and that an ICANN application for a proper gTLD is in the works.
The company said it “will be collaborating with Farmsent to plan and strategize for the next ICANN gTLD application, further solidifying .farms in the wider domain ecosystem”.
The problem is that .farms will likely be banned under the rules set out in ICANN’s Applicant Guidebook for the next round, unless the current draft recommendations are completely rewritten or rejected.
ICANN is to be told to reject applications for the plural and singular variants of existing gTLDs in the next round, and .farms is of course the plural of .farm, which is one of the few hundred names in Identity Digital’s stable.
The draft recommendations would merely require for ICANN to be informed that an applied-for string is a single or plural variant of an existing gTLD in the same language and check in a dictionary to confirm that is indeed the case.
In the case of .farm and .farms, I doubt the dictionary verification would realistically even be needed — though I’d bet checking that box would be at least one billable hour for somebody — as it’s a pretty clear-cut case of a bannable clash.
The ICANN staff/community working group drafting the recommendations has spent a huge amount of time arguing about the language of the plurals rule. It’s a surprisingly tricky problem, especially when ICANN is terrified of being seen as a content regulator.
Pride fails to reverse gay domains decline
There are any number of ways gay people can express themselves during Pride, but buying gay-themed domain names doesn’t appear to be one of them.
Zone files show that the .gay gTLD lost over 700 domains in June, which is recognized in most Anglophone liberal democracies as Pride Month, to end the period with about 21,400 names.
Meanwhile, .lgbt lost about 80 domains over the same period, ending the month with about 3,700 domains in its zone.
The declines were not unique to June. Both gTLDs have been on the slide for a while, with .gay peaking at 29,761 domains last November and .lgbt peaking at about 3,930 in May 2023.
.gay is managed by GoDaddy, .lgbt by Identity Digital.
GlobalBlock blocking 2.5 million domains
GoDaddy-led brand protection project GlobalBlock says it is already blocking over 2.5 million domains, just a couple of weeks after its formal launch.
The GlobalBlock web site reports that 2,569,815 domains are currently being blocked across 559 extensions (a mix of ccTLDs, gTLDs, third-level domains and blockchain names), for an average of just under 4,600 per extension.
It’s difficult to extrapolate much useful information about rapid market demand for the service from this one number, for a variety of reasons.
First, the more-expensive GlobalBlock+ service can block well north of 10,000 domains, mostly homographic variants of a trademark, for a single fee, which could mean as few as just a couple hundred customers have signed up so far at the most pessimistic interpretation.
Second, GlobalBlock offered pricing incentives to existing customers of GoDaddy’s AdultBlock and Identity Digital’s Domain Protected Marks List, both of which are over a decade old, in the months-long run-up to launch.
The vanilla, single-brand GlobalBlock service retails for about $6,000 per year, with GlobalBlock+ going for closer to $9,000.
Namecheap sues ICANN over .org price caps
Namecheap has sued ICANN in California, asking a court to force the Org to revisit its decision to lift price caps on .org and .info domain names five years ago.
Registrar CEO Richard Kirkendall announced the suit on Twitter this afternoon:
Today we filed suit against @ICANN. After a previous ruling via a mediation process they have taken little action towards the recommendations of that ruling and so our hand has been forced to take this action. We feel that ICANN is in direct violation of their mandate and…
— Richard Kirkendall (@NamecheapCEO) February 5, 2024
The lawsuit follows an Independent Review Process case that Namecheap partially won in December 2022, where the panel said ICANN should hire an economist to look at whether price caps are a good idea before revisiting its decision to scrap them.
The panel found that the ICANN board of directors had shirked its duties to make the decision itself and had failed to act as transparently as its bylaws mandate.
Namecheap says that over a year after that decision was delivered, ICANN has not implemented the IRP panel’s recommendations, so now it wants the Superior Court in Los Angeles to hand down an injunction forcing ICANN to do so.
Before 2019, .org was limited to 10% price increases every year, but the cap was lifted, along with caps in .info and .biz, when ICANN renewed, standardized and updated the respective registries’ Registry Agreements.
After the decision was made to scrap .org price caps, despite huge public outrage, Namecheap rounded up its lawyers almost immediately.
The caps decision led to the ulimtately unsuccessful attempt by Ethos Capital to acquire Public Interest Registry, which runs .org.
Namecheap’s new lawsuit wants the judge to issue “an order directing ICANN to comply with the recommendations of the IRP Panel”.
That means ICANN’s board would be told to consider approaching PIR and .info registry Identity Digital to talk about reintroducing price caps, to hire the economist, and to modify its procedures to avoid any future transparency missteps.
Airline gTLD crashes and burns
Another would-be dot-brand has added itself to the list of “On second thoughts…” gTLD registries, asking ICANN to tear up its contract.
Century-old Avianca, Colombia’s largest airline, filed its termination papers with ICANN in December and ICANN published them for comment last week.
While the original 2012 application clearly stated that .avianca was intended as a single-registrant dot-brand, Avianca never actually got around to applying for its Spec 13 exemptions so I won’t be technically counting it as a dead dot-brand.
Despite being operational since early 2016, the TLD never had any registrations beyond the mandatory nic.avianca registry placeholder.
The back-end registry services provider and original application consultant was Identity Digital (née Afilias).
INCO flips a gTLD to Identity Digital
Internet Naming Co has sold one of its gTLDs to Identity Digital, barely a year after taking it from UNR.
The Registry Agreement for .juegos — Spanish for “games” — was assigned to ID subsidiary Dog Beach in early December, according to ICANN records.
ID already runs the English-language .games, while XYZ runs the singular .game. There is no singular gTLD in the Spanish.
.juegos in volume terms has been a disappointment. Originally with UNR predecessor Uniregistry, it peaked at 2,353 domains under management in 2016, when names were priced at around $20 a year.
But the gTLD was affected by Uniregistry’s decision to massively increase prices to compensate for weak volume in 2017, which caused some of the leading registrars to drop the TLDs from their storefront.
To this day, GoDaddy still does not carry .juegos, but Tucows seems to have started selling it again, at an eye-watering $500 a year. Wholesale pricing is believed to be $300 a year. Namecheap sells it for $368 a year.
.juegos had 649 domains under management at the last count. The largest registrar in Entorno, which unsurprisingly based in Spain.
INCO took over .juegos, along with a bunch of other former Uniregistry gTLDs, in late 2022.
It will be interesting to see if ID reduces prices to match .games, which is believed to wholesale at $20 a year.
GoDaddy service to let you block domains in over 650 TLDs
GlobalBlock, a domain blocking service introduced to little fanfare by GoDaddy Registry and Identity Digital in June, is planning to launch next month with support from over 650 gTLDs and ccTLDs.
Built on the successes of GoDaddy’s AdultBlock and Identity Digital’s DPML, the new service was supposed to launch last week under the banner of the Brand Safety Alliance, but was delayed until January.
GlobalBlock enables trademark owners to pay one fee to block their marks across all participating TLDs, saving money on defensive registrations. Company names and celebrity names are also covered. A premium version, GlobalBlock+ also covers typos and IDN homographs.
It’s not just gTLD registries that have signed up. Nominet is participating, as is CoCCA. BSA is promising some pretty obscure ccTLDs will be part of the service.
In what appears to be a game-changing innovation, a feature of the service called Priority Autocatch seems set to stop cybersquatters and phishers from drop-catching domains that match strings protected by the block list.
Say you’re Facebook and you see some scumbag has registered facébook.ninja, if you’re subscribed to GlobalBlock+, the AutoCatch feature will see the domain removed from the available pool when it expires, rather than dropping so a second ne’er-do-well can register it.
GlobalBlock appears to be the reason no fewer than 35 registries covering over 300 gTLDs have recently asked ICANN for permission to launch a “Label Blocking Service” via the Registry Service Evaluation Process.
There’s money in blocking services. GoDaddy is making millions from AdultBlock. Some research I’ve been doing recently suggests some registries might be making more from blocks and defensive registrations than they are from regular domain sales.
For registries with small TLD portfolios, blocking services generally offer a poor value proposition. Services like DPML, which covers hundreds of TLDs, or AdultBlock, which covers all the porny ones, have been successful.
The BSA is offering brand owners a lot of carrots to get them to sign up early.
First, if you already have an AdultBlock or DPML subscription, your marks are already pre-validated. GoDaddy is also offering a 50% discount on AdultBlock until January 30; AdultBlock and DPML subscribers get 10% off GlobalBlock until April 30.
BSA says that pricing for GlobalBlock and the initial list of TLDs will be released in early January. Wholesale pricing will go up probably every six months as new TLDs are added, but customers will only pay the increased price upon renewal while benefiting from the added blocks.
General availability pricing begins February 15.
Group to seek .io TLD takeover after OECD human rights ruling
A group composed of displaced Chagossians will ask ICANN to redelegate the increasingly popular .io top-level domain, according to the group’s lawyer.
The move, still in its very early stages, follows a recent ruling under the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct, which mildly chastised the current registry, Identity Digital.
“The next move is domain reassignment,” lawyer Jonathan Levy, who brought the OECD complaint on behalf of the Chagos Refugees Group UK, told us. The proposed beneficiary would be “a group composed of Chagossians” he said.
.io is the ccTLD for the archipelago currently known as the British Indian Ocean Territory. It’s one of those Postel-era “Just Some Guy” developing-world delegations that pre-date ICANN.
But BIOT is a controversial territory. Originally the Chagos Archipelago, the few thousand original inhabitants were forced out by the UK government in the 1970s so the US military could build a base on Diego Garcia, the largest island.
Most of the surviving Chagossians and their descendants live in Mauritius, but have been fighting for their right to return for decades. In 2019, the UN ruled the UK’s current administration of BIOT is unlawful.
In recent years, since .io became popular, the ccTLD has become part of the fight.
The original and technically still-current registry for .io is a UK company called Internet Computer Bureau. ICB was acquired by Afilias in 2017 for $70 million. Afilias was subsequently acquired by Donuts, which is now called Identity Digital.
Corporate accounts filed by ICB name its ultimate owner as Beignet DTLD Holdings of Delaware, which appears to be a part of $2.21 billion private equity firm Ethos Capital, Identity Digital’s owner, which is co-managed by former ICANN CEO Fadi Chehadé.
None of these companies have a connection to BIOT beyond paying a local company called Sure (Diego Garcia) Limited for a mail-forwarding service. The only people believed to reside in the territory at all are US and UK military and contractors.
Levy, on behalf of the Chagossian refugees and a group of victims of cryptocurrency scams operated from .io domains, filed a complaint with the Ireland National Contact Point for the OECD Guidelines for Multinational Enterprises on Responsible Business Conduct — basically a mediation service operated by the Irish government — seeking a share of the money from .io sales and/or redelegation.
According to its most-recent public accounts, ICB had turnover of £16.4 million ($19.8 million) in 2021, up from £12.8 million ($15.5 million) in 2020, but also had absolutely horrible gross margins for a registry with only one employee.
The company had cost of sales of £15.8 million and a gross margin of 3.58%. It pays no ICANN fees and the UK government receives no cut beyond the regular corporate tax ICB pays (about £26,000 in 2021).
The OECD’s Guidelines are voluntary guidelines that countries sign up to that are meant to guide how multinational companies behave with regards human rights and so on. Enforcement seems to be relatively toothless, with national NCPs only having the power to “recommend” actions.
In fact, Afilias declined to participate in mediation and appears to have received only a mild finger-wagging in the Irish NCP’s decision (pdf), which was published in September. One of its recommendations reads:
The NCP recommends that in cases in which a product, including a digital asset, is associated with long-running disputes regarding human rights, multinational enterprises should be able to demonstrate that they have carried out human rights due diligence
Levy thinks the NCP’s decision is a big deal, saying it means the OECD has validated the Chagossians’ concerns. Coupled with the UN sanction on the UK related to BIOT, he reckons it could play in their favor in a future redelegation request.
.io domain owners shouldn’t be too worried right now, however. Redelegation takes a very long time even when the losing party agrees, and it doesn’t tend to happen without the consent of the incumbent.
Identity Digital keeps .org back-end deal
Public Interest Registry is to keep Identity Digital as its back-end registry services provider following a competitive RFP process, the organization announced today.
The deal’s highlight TLD is of course .org, with its 11 million domains, but it also includes the much smaller .charity, .foundation, .gives, .giving, .ngo, .ong, .орг, .संगठन , and .机构.
Identity Digital inherited the contract when it acquired Afilias a few years back. PIR announced the RFP back in March.
There’s no word on whether Identity Digital is taking a pay cut as a result of the competitive process, but it should become clear when non-profit PIR eventually publishes its tax returns.
Recent Comments