Latest news of the domain name industry

Recent Posts

Nominet wins Microsoft’s dot-brand business from Verisign

Kevin Murphy, October 30, 2023, Domain Registries

Nominet has taken over back-end registry services for Microsoft’s small portfolio of dot-brand gTLDs.

The company said it’s now running .azure, .bing, .hotmail, .microsoft, .windows and .xbox TLDs, bringing the total number of gTLDs on its registry platform to 74.

Microsoft had been with Verisign to date, but Verisign told us in July that it’s getting out of the dot-brand back-end business.

Almost 100 gTLDs have left Verisign this year, the vast majority landing at Identity Digital.

Nominet also took on .sky from Verisign earlier this year.

CentralNic expects revenue up 24% in Q1

Kevin Murphy, April 25, 2023, Domain Registries

CentralNic has disclosed its earnings expectations for the first quarter, and revealed it has diversified its pool of advertising partners.

The company expects revenue for the three months to March 31 to come it up 24% at $194.9 million, with adjusted EBITDA up 15% at $21.3 million. Excluding acquisitions, year-on-year organic growth for the trailing twelve months will be about 45%.

CentralNic started off as a domain registry, acquired its way into the registrar space, and nowadays makes most of its money from traffic arbitrage — buying Facebook ads, routing visitors through intermediary web sites to advertisers.

Mostly of the money it makes from advertising comes from Google’s ad network, but the company said today it has also signed up to Microsoft’s rival Bing platform, which reduces its exposure to a single partner.

CentralNic will report its full earnings May 15.

Microsoft seizes domains Russia was using to attack Ukraine

Kevin Murphy, April 11, 2022, Domain Policy

Microsoft says it has taken control of some domain names that we being using by hackers connected to the Russian security services to launch cyber attacks against Ukrainian, US and EU targets.

Company VP Tom Burt wrote that seven domains used by a group called Strontium were seized via a US court order and redirected to a Microsoft sinkhole, disrupting these attacks.

Burt wrote that the targets were Ukrainian media organizations and US and EU foreign policy think tanks, adding:

We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information.

One wonders why Russia would use domains under US jurisdiction to conduct such attacks.

Microsoft seizes “Russian election hacking” domains

Kevin Murphy, August 21, 2018, Domain Policy

Microsoft has taken control of six domains associated with a hacker group believed to be a part of Russian military intelligence, according to the company.
Company president Brad Smith blogged yesterday that Microsoft obtained a court order allowing it to seize the names, which it believes were to be used to attack institutions including the US Senate.
The domains in question look like they could be used in spear-phishing attacks. The are: my-iri.org, hudsonorg-my-sharepoint.com, senate.group, adfs-senate.services, adfs-senate.email and office365-onedrive.com.
Historical Whois records archived by DomainTools show they were registered last year behind WhoisGuard, the Panama-based privacy service. Now, of course, the Whois records are all redacted due to GDPR.
Smith said that Microsoft believes intended targets besides the Senate also include the International Republican Institute and the Hudson Institute, two conservative think-tanks.
The company believes, though it did not show evidence, that the domains were created by the group it calls “Strontium”.
Strontium is also known as “Fancy Bear”, among other names. It’s believed to be backed by the GRU, Russia’s intelligence agency.
It’s the same group alleged members of which Special Counsel Robert Mueller recently indicted as part of his investigation into Russian meddling in the 2016 US presidential election.
“We have now used this approach 12 times in two years to shut down 84 fake websites associated with this group,” Smith said in his blog post.
He added that Microsoft does not know whether the domains have been used in an attack yet.

Tech giants gunning for AlpNames over new gTLD “abuse”

A small group of large technology companies including Microsoft and Facebook have demanded that ICANN Compliance take a closer look at AlpNames, the budget registrar regularly singled out as a spammers’ favorite.
The ad hoc coalition, calling itself the Independent Compliance Working Party, wrote to ICANN last week to ask why the organization is not making better use of statistical data to bring compliance actions against the small number of companies that see the most abuse.
AlpNames, the Gibraltar-based registrar under common ownership with new gTLD portfolio registry Famous Four Media, is specifically singled out in the group’s letter.
The letter, sourcing the August 2017 Statistical Analysis of DNS Abuse in gTLDs (pdf), says there “is a clear problem with one particular contracted party”.
AlpNames was the registrar behind over half of the new gTLD domains blacklisted by SpamHaus over the study period, for example, the letter states.
The tiny territory of Gibraltar also frequently ranks unusually highly on abuse lists due to AlpNames presence there, the letter and report say.
The ICWP letter also says that the four gTLDs .win, .loan, .top, and .link were used by over three quarters of abusive domains over the SADAG study period.
The letter calls the abuse rates “troublesome” and says:

We are alarmed at the levels of DNS abuse among a few contracted parties, and would appreciate further information about how ICANN Compliance is using available data to proactively address the abusive activity amongst this subset of contracted parties in order to improve the situation before it further deteriorates.

It goes on to wonder whether high levels of unaddressed abuse could amount to violations of new gTLD Registry Agreements and Registrar Accreditation Agreements, and to ask whether there any barriers to ICANN Compliance pursuing breach claims against such potential violations.
The ICWP comprises Adobe, DomainTools, eBay, Facebook, Microsoft and Time Warner. It’s represented by Fabricio Vayra of Perkins Coie.
Other than the letter (pdf), the Independent Compliance Working Party does not appear to have any web presence, and a spokesperson has not yet responded to DI’s request for more information.
The SADAG report also singled out Chinese registrar Nanjing Imperiosus Technology Co, aka DomainersChoice.com, as having particularly egregious levels of abuse, but noted that this abuse disappeared after ICANN terminated its RAA last year.
AlpNames has not to date had any public breach notices issued against it, but this is certainly not the first time it’s been singled out for public censure.
In November last year, ICANN’s Competition, Consumer Trust, and Consumer Choice Review Team (CCT) named it in a report that claimed: “Certain registries and registrars appear to either positively encourage or at the very least willfully ignore DNS abuse.”
AlpNames seems to have been used often by abusers due to its bargain-basement, often sub-$1 prices — making disposable domains more cost effective — and its tool that allowed up to 2,000 domains to be registered simultaneously.
If not actively soliciting abusive behavior, these factors certainly don’t make abuse any more difficult.
But will ICANN Compliance take action in response to the criticism leveled by CCT and now ICWP?
The main problem with the ICWP letter, and the SADAG report it is based upon, is that the data it uses is now rather old.
The SADAG report sourced abuse databases only up to January 2017, a time when AlpNames’ total gTLD domains under management was at its peak of around three million names.
Since then, the company has been hemorrhaging DUM, losing hundreds of thousands of domains every month. At the end of November 2017, the most recent data compiled by DI shows that it was down to around 838,000 domains.
It’s quite possible that AlpNames’ customer base is no longer the den of abuse it once was, whether due to natural attrition or a proactive purge of bad actors.
A month ago, in a press release connected with a $5.4 million buy-out of an co-founder, AlpNames chairman Iain Roache said he has a “10-year strategic plan” to turn AlpNames into a “Tier-1” registrar and “bring the competition to the incumbents”.

Google beats Microsoft to .docs

Google and Microsoft seem to have settled their contention set for the .docs new gTLD, with Google emerging the victor.
Microsoft withdrew its application for .docs this week.
It’s not clear how the deal was made, but Google is known to have participated in private auctions for other strings.
Google Docs is of course Google’s office document service.
Microsoft also has a Docs service, a collaboration with Facebook at Docs.com, but it seems to have been in beta since April 2010 and, by the looks of the site, isn’t what you’d call a success.

Microsoft dumps .live gTLD bid

Kevin Murphy, April 24, 2014, Domain Registries

Microsoft has abandoned its application for the .live new gTLD, leaving the erstwhile dot-brand in the hands of either Donuts or Google.
I found this quite surprising initially, as “Live” has been a core, cross-platform brand for the company, covering services such as Windows Live, Xbox Live and Office Live. The company also owns live.com.
But it recent years the brand has started to be phased out.
While Xbox Live is still a thing, Windows Live was closed down in April 2013 and Office Live seems to have suffered a similar fate in 2012, after the new gTLD application phase ended.
The withdrawal means that the .live contention set now only comprises Google’s Charleston Road Registry and a Donuts subsidiary. It’s likely headed to ICANN auction.
Unlike Microsoft, both remaining applicants propose open-registration spaces.

.nokia — a dot-brand without a brand?

Kevin Murphy, April 22, 2014, Domain Registries

Will .nokia be the next withdrawal from the new gTLD program?
It seems possible, if reports about the death of the Nokia brand are to be believed.
The news blog Nokia Power User reported yesterday that Nokia the company will be renamed Microsoft Mobile following the close of the $7.2 billion acquisition of Nokia by Microsoft this Friday.
The blog, which may live to regret its own choice of brand, quoted from a memo from the company to business partners, reading:

Please note that upon the close of the transaction between Microsoft and Nokia, the name of Nokia Corporation/Nokia Oyj will change to Microsoft Mobile Oy. Microsoft Mobile Oy is the legal entity name that should be used for VAT IDs and for the issuance of invoices.

However, in a blog post confirming the April 25 close date, Microsoft general counsel Brad Smith did not mention a rebranding.
The domain name nokia.com will live for up to a year, he said:

While the original deal did not address the management of online assets, our two companies have agreed that Microsoft will manage the nokia.com domain and social media sites for the benefit of both companies and our customers for up to a year.

What does that mean for the .nokia gTLD application?
According to the ICANN web site, Nokia is currently “in contracting” for the dot-brand.
It would not be unprecedented if it were to withdraw its application, however. Back in February 2013, the American insurance company AIG withdrew its bid for .chartis after a rebranding.

Dotless domains are dead

Kevin Murphy, August 16, 2013, Domain Policy

ICANN has banned dotless gTLDs, putting a halt to Google’s plans to run .search as a dotless search service and confounding the hopes of some portfolio applicants.
ICANN’s New gTLD Program Committee, acting with the powers of its board of directors passed the resolution on Tuesday. It was published this morning. Here’s the important bit (links added):

Resolved (2013.08.13.NG02), in light of the current security and stability risks identified in SAC053, the IAB statement and the Carve Report, and the impracticality of mitigating these risks, the NGPC affirms that the use of dotless domains is prohibited.

The current version of the Applicant Guidebook bans dotless domains (technically, it bans apex A, AAAA and MX records) but leaves the door open for registries to request an exception via Extended Evaluation.
This new decision closes that door.
The decision comes a week after the publication of Carve Systems’ study of the dotless domain issue, which concluded that the idea was potentially “dangerous” and that if ICANN intended to allow them it should do substantial outreach to hardware and software makers, essentially asking them to change their products.
The Internet Architecture Board said earlier that “dotless domains are inherently harmful to Internet security.”
Microsoft, no doubt motivated in part at least by competitive concerns in the search market, had repeatedly implored ICANN to implement a ban on security grounds.
Google had planned to run .search as a browser service that would allow users to specify preferred search engines. I doubt the dotless ban will impact its application’s chances of approval.
Donuts and Uniregistry, which together have applied for almost 400 gTLDs, had also pushed for ICANN to allow dotless domains, although I do not believe their applications explicitly mentioned such services.

IAB gives dotless domains the thumbs down

Kevin Murphy, July 11, 2013, Domain Tech

The Internet Architecture Board believes dotless domain names would be “inherently harmful to Internet security.”
The IAB, the oversight committee which is to internet technical standards what ICANN is to domain names, weighed into the debate with an article apparently published yesterday.
In it, the committee states that over time dotless domains have evolved to be used only on local networks, rather than the internet, and that to start delegating them at the top level of the DNS would be dangerous:

most users entering single-label names want them to be resolved in a local context, and they do not expect a single name to refer to a TLD. The behavior is specified within a succession of standards track documents developed over several decades, and is now implemented by hundreds of millions of Internet hosts.

By attempting to change expected behavior, dotless domains introduce potential security vulnerabilities. These include causing traffic intended for local services to be directed onto the global Internet (and vice-versa), which can enable a number of attacks, including theft of credentials and cookies, cross-site scripting attacks, etc. As a result, the deployment of dotless domains has the potential to cause significant harm to the security of the Internet

The article also says (if I understand correctly) that it’s okay for browsers to interpret words entered into address bars without dots as local resources and/or search terms rather than domain names.
It’s pretty unequivocal that dotless domains would be Bad.
The article was written because there’s currently a lot of talk about new gTLD applicants — such as Google, Donuts and Uniregistry — asking ICANN to allow them to run their TLDs without dots.
There’s a ban in the Applicant Guidebook on the “apex A records” that would be required to make dotless TLDs work, but it’s been suggested that applicants could apply to have the ban lifted on a case by case basis.
More recently, ICANN’s Security and Stability Advisory Committee has stated almost as unequivocally as the IAB that dotless domains should not be allowed.
But for some reason ICANN recently commissioned a security company to look into the issue.
This seems to have made some people, such as the At Large Advisory Committee, worried that ICANN is looking for some wiggle room to give its new gTLD paymasters what they want.
Alternatively, ICANN may just be looking for a second opinion to wave in the faces of new gTLD registries when it tells them to take a hike. It was quite vague about its motives.
It’s not just a technical issue, of course. Dotless TLDs would shake up the web search market in a big way, and not necessarily for the better.
Donuts CEO Paul Stahura today published an article on CircleID that makes the case that it is the browser makers, specifically Microsoft, that are implementing DNS all wrong, and that they’re objecting to dotless domains for competitive reasons. The IAB apparently disagrees, but it’s an interesting counterpoint nevertheless.