Recent Posts
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
- Private Whois requests hit new low after Tucows quits RDRS
- Zoom says GoDaddy took it down for hours
- The Soviet Union might be safe after all
- Google says its ccTLDs “are no longer necessary”
- Facebook thinks ICANN is a bit rubbish
- ICANN spending $365,000 a year on coffee and booze
- Regulator going after suicide site that even Epik banned
- .ai sees $600,000 auction sales in a month
- Pru trims its dot-brand portfolio
- UK’s Nigel Hickson has died
- .blog registry ordered to change name to Knock Knock RDAP There
- WordPress buys Canadian, swaps CentralNic for CIRA
- Latest ICANN salary porn ruins my terrible pun
- .co deal worth $77 million up for grabs
- I get a wrongful kicking as .su registry denies turn-off plan
- Sales and profits dip at Team Internet
- Four deadbeat registrars get terminated
- “No timeline” to retire Soviet Union from the DNS
- ICANN to kill off 60-day domain transfer lock
- Lancaster bags up its dot-brand
- Google readying its next batch of gTLD launches?
- NomCom confirms Americans rejected from ICANN board
- Nova announces $45 million of new gTLD applications
- Registry makes .ai an option for Koreans
- it.com now bigger than Guatemala
- ICANN turns to AI and crowdsourcing for new gTLD program
- Amazon lawyer DiBiase elected to ICANN board
- Is .io safe now? Identity Digital now running Mauritian ccTLD
- Tucows quits ICANN’s Whois disclosure pilot
- Toshiba goes all-in on its dot-brand
- Google scuppers Team Internet acquisition after profit warning
- .ai channel doubles under new management
- Trump inclined to back deal that threatens .io
- As .com shrinks, China adds another 1.2 million domains
- Second new gTLD contention set revealed
- UK intros global domain takedown law
- No more Americans as Holland wins ICANN board seat
- Registries have started shutting down Whois
- ICANN wins IRP because complainant literally doesn’t exist
- .com could return to growth this quarter
- Could Musk’s DOGE kill off D3’s .doge?
Namecheap offers free services to Russian dissidents
Namecheap will offer “free anonymous domain registration and free web hosting” to anti-war protest web sites based in Russia or Belarus.
The registrar said in a statement today that the move is in response to imprisoned Russian opposition leader Alexei Navalny’s call for war protests in Russia.
The offer modifies the company’s hard-line position from earlier in the week, in which it banned Russians altogether from its services and gave registrants there a week to get out.
Namecheap’s English-language customer service is based in Ukraine, including in cities under heavy bombardment this week.
Russians interested in the free hosting offer are asked to contact customer service for details.
Namecheap boss goes nuclear on Russian customers
Namecheap has banned all Russians from its services in a comprehensive, surprising, and unprecedented expression of solidarity with Ukraine, the invaded country where most of its support staff are based.
CEO Richard Kirkendall said yesterday that Namecheap, which has over 14 million domains under management, “will no longer be providing services to users registered in Russia”, in an email to Russian customers.
Namecheap says it has over 1,000 employees in Ukraine.
It uses a company there called Zone3000 for its English-language customer support, from three locations across the country, mostly in Kharkiv, one of the cities that has been particularly affected by the Russian invasion over the last five days.
Kirkendall has given Russian customers until March 6, one week from the time of the email, to move to another registrar.
The email was posted online, and I’ve confirmed with Namecheap that it’s accurate. Kirkendall said:
Unfortunately, due to the Russian regime’s war crimes and human rights violations in Ukraine, we will no longer be providing services to users registered in Russia. While we sympathize that this war may not affect your own views or opinion on the matter, the fact is, your authoritarian government is committing human rights abuses and engaging in war crimes so this is a policy decision we have made and will stand by.
If you hold any top-level domains with us, we ask that you transfer them to another provider by March 6, 2022.
I’m told the words “any top-level domains” just means ‘any domains in any TLDs’.
Kirkendall went on to say that anyone using Russian and Belarusian ccTLDs — .ru, .xn--p1ai (.рф), .by, .xn--90ais (.бел), and .su — will no longer be able to use Namecheap’s email or hosting services.
After some negative replies, accusing Namecheap of going too far, Kirkendall wrote:
We haven’t blocked the domains, we are asking people to move. There are plenty of other choices out there when it comes to infrastructure services so this isn’t “deplatforming”. I sympathize with people that are not pro regime but ultimately even those tax dollars they may generate go to the regime. We have people on the ground in Ukraine being bombarded now non stop. I cannot with good conscience continue to support the Russian regime in any way, shape or form. People that are getting angry need to point that at the cause, their own government. If more grace time is necessary for some to move, we will provide it. Free speech is one thing but this decision is more about a government that is committing war crimes against innocent people that we want nothing to do with.
It’s by some way the strongest stance anyone in the domain industry has yet taken on the war in Ukraine.
Namecheap intends to issue a formal statement outlining its position later today.
ICANN takes the lamest swipe at Namecheap et al over blockchain domains
ICANN has come out swinging against blockchain domains and the registrars that sell them. And by “come out” I mean it’s published a blog post. And by “swinging” I mean “offered the weakest criticism imaginable”.
The post starts off well enough, observing that services marketed as “domain names” that are not automatically compatible with the global DNS are probably not a great purchase, because they don’t work like regular domains.
Using these alternatives requires something like a browser plug-in or to reconfigure your device to use a specialist DNS resolver network, the post notes, before concluding with a brief caveat emptor message.
All good stuff. ICANN has been opposed to alt-root domain efforts for at least 20 years, and the policy is even enshrined in so-called ICP-3, which nobody really talks about any more but appears to still be the law of ICANN Land.
So, which domain-alternatives is ICANN referring to here, and which registrars are selling them? The post states:
Name resolution systems outside the DNS have existed for a long time. One could mention the Sun Microsystem Network Information Service (NIS), the Digital Object Architecture (DOA), or even the Ethereum Name Service (ENS)…
With some ICANN-accredited registrars now selling NIS, DOA, or other similar domains alongside standard domain names, the potential for confusion among unsuspecting customers seems high.
You may be asking: what the heck (or, if you’re like me, fuck) are NIS and DOA domains, and which registrars are selling them?
Great questions.
NIS is an authentication protocol (a bit like LDAP) for Unix networks developed in 1985 (the same year the original DNS standard was finalized) by Sun Microsystems, a company that hasn’t existed in over a decade.
To the best of my knowledge they’ve never been marketed as an alternative to regular domain names. Nobody’s ever used them to address a publicly available web site. Nobody sells them.
DOA, also known as the Handle System, is a more recent idea, first implemented in 1994, before some of you were born. Handles are mostly numeric strings used to address digital objects such as documents. Libraries use them.
The main thing to know about Handles for the purposes of this article is that they’re specifically designed to convey no semantic information whatsoever. They’re not designed to look like domain names and they’re not used that way.
So how many registrars are selling NIS/DOA domains? I haven’t checked them all, but I’m going to go out on a pretty sturdy limb and guess the answer is “none”, which is a lot less than the “some” that ICANN asserts.
But ICANN also mentions the Ethereum Name Service, a much newer and sexier way of cybersquatting, based on the Ethereum cryptocurrency blockchain.
ENS allows people to buy .eth domain names (which do not function in the consensus DNS) for the Ethereum equivalent of about $5. As far as I can tell, you can only buy them through ens.domains, and no ICANN-accredited registrar is functionally capable of selling them.
The ICANN post also contains a brief mention of “Handshake”, and this appears to be what ICANN is actually worried about.
Handshake domains, also known as HNS, look like regular domain names and a handful of ICANN-accredited registrars are actually selling them.
Handshake is also based on blockchain technology, but unlike ENS it also allows people to create their own TLDs (which, again, do not function without special adaptations). Registrars including Namecheap, 101domain and EnCirca sell them.
It’s Namecheap’s storefront hover text, warning that HNS domains don’t work in the regular DNS, that ICANN appears to be paraphrasing in its blog post.
The registrar has a lengthy support article explaining some of the ways you can try to make a Handshake domain work, including an interactive comment thread in which a Namecheap employee suggests that DNS resolvers may choose to resolve HNS TLDs instead of conflicting TLDs that ICANN approves in future.
That’s the kind of thing that should worry ICANN, but it’s got a funny way of expressing that concern. Sun Microsystems? Digital Object Architecture? What’s the message here?
Twenty years ago, I interviewed an ICANN bigwig about New.net, one of the companies attempting to sell alt-root domains at the time. He told me bluntly the company was “breaking the internet” and “selling snake oil”, earning ICANN a snotty lawyer’s letter.
Today’s ICANN post was ostensibly authored by principal technologist Alain Durand, but I’m going to give him the benefit of the doubt and assume comms and legal took their knives to it before it was published.
While some things haven’t changed in the last two decades, others have.
.com and NameSilo fingered as “most-abused” after numbers rocket
SpamHaus has revealed the most-abused TLDs and registrars in its second-quarter report on botnets.
The data shows huge growth in abuse at Verisign’s .com and the fast-growing NameSilo, which overtook Namecheap to top the registrar list for the first time.
Botnet command-and-control domains using .com grew by 166%, from 1,549 to 4,113, during the quarter, SpamHaus said.
At number two, .xyz saw 739 C&C domains, up 114%.
In the registrar league table, NameSilo topped the list for the first time, unseating Namecheap for the first time in years.
NameSilo had 1,797 C&C domains on its books, an “enormous” 594% increase. Namecheap’s number was 955 domains, up 52%.
Botnets are one type of “DNS abuse” that even registrars agree should be acted on at the registrar level.
The most-abused lists and lots of other botnet-related data can be found here.
Price caps on .org could return, panel rules
ICANN could be forced to reimpose price caps on .org, .biz and .info domains, an Independent Review Process panel has ruled.
The panel handling the IRP case filed by Namecheap against ICANN in February 2020 has decided to allow the registrar to continue to pursue its claims that ICANN broke its own bylaws by removing price controls from the three gTLD contracts.
Conversely, in a win for ICANN, the panel also threw out Namecheap’s demand that the IRP scrutinize ICANN’s conduct during the attempted takeover of .org’s Public Interest Registry by Ethos Capital in 2019.
The split ruling (pdf) on ICANN’s motion to dismiss Namecheap’s case came March 10 and was revealed in documents recently published by ICANN. The case will now proceed on the pricing issue alone.
The three-person panel decided that the fact that ICANN ultimately decided to block Ethos’ acquisition of PIR meant that Namecheap lacked sufficient standing to pursue that element of its case.
Namecheap had argued that ICANN’s opaque processing of PIR’s change of control request created uncertainty that harmed its business, because ICANN may approve such a request in future.
But the panel said it would not prejudge such an eventuality, saying that if another change of control is approved by ICANN in future, Namecheap is welcome to file another IRP complaint at that time.
“Harm or injury flowing from possible future violations by the ICANN Board regarding change of control requests that are not presently pending and that may never occur does not confer standing,” the panel wrote.
On the pricing issue, the panel disagreed with ICANN’s argument that Namecheap has not yet been harmed by a lack of .org price caps because PIR has not yet raised its .org prices.
It said that increased prices in future are a “natural and expected consequence” of the lack of price controls, and that to force Namecheap to wait for such increases to occur before filing an IRP would leave it open to falling foul of the 12-month statute of limitations following ICANN decision-making baked into the IRP rules.
As such, it’s letting those claims go ahead. The panel wrote:
This matter will proceed to consideration of Namecheap’s request for a declaration that ICANN must annul the decision that removed price caps in the .org, .info and .biz registry agreements. The Panel will also consider Namecheap’s request for a declaration that ICANN must ensure that price caps from legacy gTLDs can only be removed following policy development process that takes due account of the interests of the Internet user and with the involvement of different stakeholders. The Panel will consider Namecheap’s request for a declaration that “registry fees… remain as low as feasible consistet with the maintenance of good quality service” within the context of removal of price caps (not in the context of regulating changes of control).
In other words, if Namecheap prevails, future price caps for pre-2012 gTLDs could be decided by the ICANN community, with an assumption that they should remain as low as possible.
That would be bad news for PIR, as well as .info registry Donuts and .biz registry GoDaddy.
But it’s important to note that the IRP panel has not ruled that ICANN has done anything wrong, nor that Namecheap is likely to win its case — the March 10 ruling purely assesses Namecheap’s standing to pursue the IRP.
The panel has also significantly extended the proposed timeline for the case being resolved. There now won’t be a final decision until 2022 at the earliest.
The panel last week delayed its final hearing in the case from August this year to January next year, according to a document published this week.
Other deadlines in the case have also been pushed backed weeks or months.
Facebook gunning for Web.com in latest $27 million-plus cybersquatting lawsuit
Facebook has sued what it believes is a Web.com subsidiary, claiming the company has been engaged in wholesale cybersquatting for well over a decade.
The complaint, filed in a Pennsylvania District Court, alleges that New Venture Services Corp current owns 74 domains, and has previously owned 204 more, that infringe its Facebook, Instagram and WhatsApp trademarks.
While no other named defendants are listed, the complaint makes it abundantly clear that it believes NVSC is a subsidiary of Web.com and a sister of Network Solutions, Register.com, SnapNames and Perfect Privacy.
Facebook is suing partly under the Anti-Cybersquatting Consumer Protection Act, allowing it to claim $100,000 damages per infringing domain, so we’re looking at a floor of $27.8 million of potential damages should the lawsuit be successful.
But it’s also looking for NVSC to hand over any profits it’s made from the domains in question, which are generally parked with ads and listed for sale via the SnapNames network for premium fees.
While NVSC is registered in the British Virgin Islands and uses a Pennsylvania post office box as its mailing address, there’s a wealth of evidence going back to 2007 that it’s been affiliated first with NetSol and then Web.com.
Web.com’s last regulatory filing before it went private in 2017 lists NVSC as a subsidiary, which is probably the most compelling piece of evidence establishing ownership.
It appears that NVSC is a shell company that Web.com uses to hold potentially valuable or traffic-rich domains that its customers have allowed to expire. The names are then parked and put up for resale.
Example domains listed in the complaint include httpinstagram.com, faceebbok.com, facebooc.net, instagram-login.com, and installwhatsapps.com.
One would have to assume these names were captured using a fully automated process; even a cursory human review would clock that they’re useful only to bad actors.
The lawsuit is the latest in Facebook’s crusade against mainstream registrars it believes are profiting by infringing its trademarks, which has already ensnared Namecheap a year ago and OnlineNIC in October 2019.
Namecheap recently filed a counterclaim in which it tries to get some of Facebook’s trademarks cancelled.
Facebook has all but admitted that putting legal pressure on registrars is part of its strategy when it comes to getting the policies it wants out of ICANN on privacy and Whois access, where there’s currently an impasse.
Here’s the complaint (pdf).
Nominet members wail as ousted director made CEO
Nominet has been accused of being “tone deaf” to its members’ criticisms after it appointed two staffers to its board of directors and named a recently ousted director as interim CEO.
The .uk registry told members last week that Eleanor Bradley will occupy the corner office “for approximately 6 months” while a permanent replacement for Russel Haworth is sought.
Haworth quit last month rather than face the wrath of members at an Extraordinary General Meeting that shortly thereafter voted to remove Bradley and three other directors from the board.
Bradley has been with the company for many years and was head of registry at Nominet, and seems like an obvious pick for an internal appointment, but members took to social media to express their displeasure.
The EGM was held after a campaign to round up the votes at PublicBenefit.uk, organized by Simon Blackler of Krystal Hosting. Members had hoped to install Sir Michael Lyons and Axel Pawlik on the board as chair and deputy chair.
But Nominet said that its bylaws would not allow directors to be selected this way, and there was no vote on that motion.
Instead, after the vote, relatively new director Rob Binns has taken the acting chair’s job and CIO Adam Leach and company secretary Rory Kelly joined the board from staff.
Binns informed the members of the appointments in a letter March 31 (pdf), which also said that Pawlik has been offered a consulting gig but had declined.
While eating a generous slice of humble pie, assuring members that the EGM was “an opportunity to reset and begin rebuilding the relationship between membership and Nominet”, the plan for the company he outlined was not a million miles away from the plan Nominet had put forward to address members’ concerns under its previous management.
Crucially, Nominet is still backing its non-core security business, which many members believe is an unnecessary diversification that diverted focus from the registry and profits from public benefit causes.
Binns said: “We believe those capabilities are integral to the public benefit we provide, so we want to develop a refreshed structure that protects that capability while addressing members’ desire for Nominet to focus more on its core activities.”
He also backed plans for a Registry Advisory Council, which would have seats for members, and said Nominet will bring back its web-based member discussion forum, which was closed down last year.
His letter contains no mention of reducing prices, one of the five big asks the PublicBenefit.uk campaign made.
Most of the social media reaction to Binns’ letter was negative. Notably, Richard Kirkendall, CEO of Namecheap, one of the largest registrars to publicly expressed its support for the campaign, tweeted:
Quite honestly, your decisions after the EGM and your public statements are absolutely tone deaf. The proposed RAC and the fact that your sticking to the same plan proposed by the previous board is ludicrous.
— Richard Kirkendall (@NamecheapCEO) March 31, 2021
Others had similar points of view, and some speculated that a second EGM may be required to set Nominet on the path the majority of its members appear to want.
One year on, Namecheap still fighting aborted .org takeover and may target GoDaddy and Donuts next
Even though Ethos Capital’s proposed takeover of Public Interest Registry was rejected last May, registrar Namecheap is still doggedly pursuing legal action against ICANN’s handling of the deal, regardless.
The Independent Review Process complaint filed last February is still active, with Namecheap currently fighting a recent ICANN motion to dismiss the case.
The company is also demanding access to information about GoDaddy’s acquisition of Neustar and Donuts’ acquisition of Afilias, and is threatening to file separate actions related to both those deals.
Namecheap has essentially two beefs with ICANN. First, that it should not have lifted price caps in its .org, .biz and .info registry contracts. Second, that its review of Ethos’ bid for PIR lacked the required level of transparency.
ICANN’s trying to get the IRP complaint thrown out on two fairly simple grounds. First, that Namecheap lacks standing because it’s failed to show a lack of price caps have harmed it. Second, that it rejected the PIR acquisition, so Namecheap’s claims are moot.
In its motion to dismiss (pdf), its lawyers wrote:
Namecheap’s entire theory of harm, however, is predicated on the risk of speculative future harm. In fact, nearly every explanation of Namecheap’s purported harm includes the words “may” or “potential.” Namecheap has not identified a single actual, concrete harm it has suffered.
…
Namecheap’s claims related to the Change of Control Request should be dismissed because ICANN’s decision not to consent to the request renders these claims moot
and, separately, Namecheap cannot demonstrate any harm resulting from this decision.
In December, Namecheap had submitted as evidence two analyses of its business prospects in the event of registry price increases, one compiled by its own staff, the other prepared by a pair of outside expert economists.
While neither shows Namecheap has suffered any directly quantifiable harm, such as a loss of revenue or customers, Namecheap argues that that doesn’t matter and that the likelihood of future harm is in fact a current harm.
A mere expectation of an increase in registry prices is sufficient to show harm. This is because such expectation reduces Namecheap’s expected profits and its net present value.
It further argues that if Namecheap was found to not have standing, it would give ICANN the ability to evade future IRP accountability by simply adding a 12-month delay to the implementation of controversial decisions, pushing potential complainants outside the window in which they’re able to file for IRP.
On the PIR change of control requests, Namecheap says it’s irrelevant that ICANN ultimately blocked the Ethos acquisition. The real problem is that ICANN failed in its transparency requirements related to the deal, the company claims.
The fact that ICANN withheld its consent is no excuse for refusing to provide full transparency with respect to the actions surrounding the proposed acquisition and ICANN’s approval process. Namecheap’s claims relate to the non-transparent process; not the outcomes of such process. Irrespective of the outcome, lack of transparency increases the level of systemic risk in Namecheap’s business environment.
…
How did ICANN come to its decision? Was an imminent request for a change of control known to ICANN, when it took the decision to remove the price control provisions? What was discussed in over 30 hours of secret meetings between ICANN org and the Board? What discussions took place between ICANN, PIR and other entities involved? All these questions remain unanswered
Namecheap refers to two incidents last year in which ICANN hid its deliberations about industry acquisitions by conducting off-the-books board discussions.
The first related to the PIR deal. I called out ICANN for avoiding its obligation to provide board meeting minutes in a post last May.
The second relates to the board’s consideration of Donuts’ proposed (and ultimately approved) acquisition of Afilias last December. Again, ICANN’s board discussed the deal secretly prior to its official, minuted December 17 meeting, thereby avoiding its transparency requirements.
In my opinion, this kind of bullshit has to stop.
Namecheap is also now threatening to bring the Afilias deal and GoDaddy’s acquisition of Neustar’s registry business last April into the current IRP, or to file separate complaints related to them, writing in its response to ICANN’s motion (pdf):
Namecheap seeks leave to have ICANN’s actions and inactions regarding its consideration of the Neustar and Afilias changes of control reviewed by this IRP Panel. If, per impossibile such leave is not granted, Namecheap reserves all rights to initiate separate proceedings on these issues.
The deals are similar because both involve the change of control of legacy gTLD contractors with millions of domains under management that have recently had their price caps lifted — Afilias ran .info and Neustar ran .biz.
ICANN grants Verisign its price increases, of course
ICANN has given Verisign its ability to increase .com prices by up to 7% a year, despite thousands of complaints from domain owners.
The amendments give Verisign the right to raise prices in each of the last four years of its six-year duration. The current price is $7.85 a year.
Because the contract came into effect in late 2018, the first of those four years begins October 26 this year, but Verisign last week said that it has frozen the prices of all of its TLDs until 2021, due to coronavirus.
Not accounting for discounts, .com is already already worth $1.14 billion in revenue to Verisign every year, based on its end-of-2019 domains under management.
In 2019, Verisign had revenue of $1.23 billion, of which about half was pure, bottom-line, net-income profit.
In defending this shameless money-grab, ICANN played up the purported security benefits of the deal, while offering a critique of the domainers and registrars that had lobbied against it.
Göran Marby, ICANN’s CEO, said in a blog post.
I believe this decision is in the best interest of the continued security, stability, and resiliency of the Internet.
…
Overall, the decision to execute the .COM Registry Agreement amendment and the proposed binding Letter of Intent is of benefit to the Internet community.
The decision was explained in more detail in a eight-page analysis document (pdf) published late last week.
I’ll summarize this paper in three bullet points (my words, not ICANN’s):
- Domainers are hypocrites.
- The deal is good for DNS security.
- Our hands were tied anyway.
First, while ICANN received over 9,000 comments about the proposed amendment, almost all negative, it said that publicity campaigns from domainer group the Internet Commerce Association and domainer registrar Namecheap were behind many of them.
the Internet Commerce Association (ICA) and Namecheap, are active players in the so called “aftermarket” for domain names, where domain name speculators attempt to profit by “buying low and selling high” on domain names, forcing end users to pay higher than retail prices for desirable domain names
It goes on to cite data from NameBio, which compiles lists of secondary market domain sales, to show that the average price of a resold domain is somewhere like $1,600 (median) to $2,400 (mean).
Both Namecheap and ICA supporter GoDaddy, which sells more .coms than any other registrar, have announced steep increases in their .com retail renewal fees in recent years — 20% in the case of GoDaddy — the ICANN document notes.
This apparent hypocrisy appears to be reason ICANN felt quite comfortable in disregarding many of the negative public comments it received.
Second, ICANN reckons other changes to the .com contract will benefit internet security.
Under a side deal (pdf) Verisign’s going to start giving ICANN $4 million a year, starting next January and running for five years, for what Marby calls “ICANN’s initiatives to preserve and enhance the security, stability, and resiliency of the DNS.” These include:
activities related to root server system governance, mitigation of DNS security threats, promotion and/or facilitation of Domain Name System Security Extensions (DNSSEC) deployment, the mitigation of name collisions, and research into the operation of the DNS.
Note that these are without exception all areas in which ICANN already performs functions, usually paid for out of its regular operating budget.
Because it looks like to all intents and purposes like a quid pro quo, to grease the wheels of getting the contract amendments approved, Marby promised that ICANN will commit to “full transparency” as to how its new windfall will be used.
The new contract also has various new provisions that standardize technical standardization and reporting in various ways, that arguably could provide some minor streamlining benefits to internet security and stability.
But ICANN is playing up new language that requires Verisign to require its registrars to forbid their .com registrants from doing stuff like distributing malware and operating botnets. Verisign’s registrar partners will now have to include in their customer agreements:
a provision prohibiting the Registered Name Holder from distributing malware, abusively operating botnets, phishing, pharming, piracy, trademark or copyright infringement, fraudulent or deceptive practices, counterfeiting or otherwise engaging in activity contrary to applicable law and providing (consistent with applicable law and any related procedures) consequences for such activities, including suspension of the registration of the Registered Name;
Don’t expect this to do much to fight abuse.
It’s already a provision that applies to hundreds of other TLDs, including almost all gTLDs, and registrars typically incorporate it into their registration agreements by way of a link to the anti-abuse policy on the relevant registry’s web site.
Neither Verisign nor its registrars have any obligation to actually do anything about abusive domains under the amendments. As long as Verisign does a scan once a month and keeps a record of the total amount of abuse in .com — and this is data ICANN already has — it’s perfectly within the terms of its new contract.
Third and finally, ICANN reckons its hands were pretty much tied when it comes to the price increases. ICANN wrote:
ICANN org is not a competition authority or price regulator and ICANN has neither the remit nor expertise to serve as one. Rather, as enshrined in ICANN’s Bylaws, which were
developed through a bottom up, multistakeholder process, ICANN’s mission is to ensure the security and stability of the Internet’s unique identifier systems. Accordingly, ICANN must defer to relevant competition authorities and/or regulators, and let them determine if any conduct or behavior raises anticompetition concerns and, if so, to address such concerns, whether it be through price regulation or otherwise. As such, ICANN org has long-deferred to the DOC and the United States Department of Justice (DOJ) for the regulation of wholesale pricing for .COM registry services.
It was of course the DoC, under the Obama administration, that froze Verisign’s ability to raise prices and, under the Trump administration, thawed that ability in November 2018.
If you’re pissed off that the carrying cost of your portfolio is about to go up, you can blame Trump, in other words.
Namecheap and others banning coronavirus domains
Anyone wanting to buy a coronavirus-related domain for scamming purposes won’t be able to do it via Namecheap, which has preemptively banned keyword domains on its storefront.
For the last several days, the registrar has rejiggered its web site to prevent customers adding domains containing certain keywords — such as “coronavirus” or “covid” or “vaccine” — to their shopping carts.
The company said today that customers wishing to register such domains for legitimate purposes can continue to do so by calling up Namecheap customer service and having the name registered manually.
CEO Richard Kirkendall said in an email to customers that Namecheap is also “actively working with authorities to both proactively prevent, and take down, any fraudulent or abusive domains or websites related to COVID19”.
A GoDaddy spokesperson told DI this week that it has also taken down domains when alerted to their usage as coronavirus scams.
Meanwhile, .uk registry Nominet said that it has added keywords such as “coronavirus” and “covid” to its Domain Watch initiative, the same semi-automated system it uses to flag and suspend phishing and “rape” domains preemptively at point of registration. Nominet said:
Those that look suspicious — based on our algorithm and then a manual check — are suspended until we see evidence of good intentions from the registrants.
So far, we have suspended over 180 domains while we conduct this extra due diligence. A small proportion responded to our satisfaction and had their domain names reactivated. It’s highly likely that those who did not respond were intending to use their domains to manipulate a public in need of information.
Another domain company taking action is aftermarket site Dan.com, which today said on Twitter that it will remove all coronavirus related domains from its marketplace.
Starting from today, we will be removing all Corona Virus related domains from https://t.co/vpmKVzih2D.
We're seeing astronomical high prices being asked for these domains and find that unethical and unacceptable.
— DAN.COM (@Undeveloped) March 26, 2020
Namecheap is also offering some customers payment flexibility when it comes to some products — largely non-domain products such as hosting — if they can convince customer service reps of their coronavirus-related financial hardship.
“I urge you not to abuse this offer, please allow it to be used by those who need it most, who are otherwise unable to pay,” Kirkendall wrote.
Verisign, the .com registry, yesterday hinted that it will be offering its registrars some similar flexibility, which one assumes could be passed on to registrants.
Recent Comments