Recent Posts
- China domains dip in 2026
- ICANN maps out new gTLD timeline
- War disrupts ICANN 85
- Namecheap abandons fight for .org price caps
- Identity Digital acquires another gTLD
- Seven dead registrars on the out
- Sav.com owner takes over .radio gTLD
- .com zone tops 160 million domains
- ai.com, the most-expensive domain sale ever
- .ai hits seven figures, raises prices
- Typosquatter gets two years in jail
- Epstein low-balled registrants to get his exact-match domain
- Epstein bought “mother” domains for Fergie while serving time
- Two former ICANN directors want back in
- Former ICANN director could lose control of ccTLD
- UK launches “police.ai”, but does it own the domain?
- Team Internet still in talks to sell off domains unit
- NamesCon returning to Miami in November
- “Mad Dog” politician registers nazis.us, redirects to Trump admin site
- “Lowest Price Guaranteed!” $48 .com registrar canned
- No RDAP? No accreditation
- Fifth-largest gTLD not dead after all
- Half of registrar’s domains are abusive, ICANN says
- Burr joins PIR after leaving ICANN board
- Refunds galore as gTLD losers finally bow out
- .goo terminated as search engine closes down
- GoDaddy to offer domain blocking to people who don’t have trademarks
- Happy new year expected for domain industry, says ICANN
- Salesforce to apply for a dot-brand
- Team Internet looking to break up
- Noss to leave Tucows corner office
- Rubens Kühl has died
- Sinha angry with Chapman’s firing as ICANN vice chair
- Glitch redux: ICANN screws up new gTLD security again
- CentralNic claims second-largest TLD migration ever
- DNS issue at Amazon takes out major apps and sites
- .io sales almost double over three years
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
- GoDaddy counts cost of losing .co deal
- Wine producers worried about new gTLDs
- Goodyear tires of its dot-brand
- Team Internet loses Radix to Tucows
- ICANN’s “review of reviews” kicks off
- Huge registrars flee from RDRS
- Namecheap loses attempt to bring back .org price caps
- Registrar shamed for alleged crypto abuse neglect
- Poblete’s ICANN board seat safe
- .com off to strong start in Q3
- .my is growing like crazy
- ICANN settles $77 million sexual harassment suit
- Chinese domain spikiness ends in first half
- Registrars agree to higher ICANN fees
- ICANN to review reviews after review review request fails
- Got junk? June’s biggest gTLD growers do
- ICANN ditches Oman due to Middle-East conflicts
- ICANN’s mighty overlord flexes on transparency
- ICANN faces first pushback over DEI U-turn
- Loads of firms flunk out of next-round gTLD back-end program
- presidenttrump.xxx among thousands of dead .xxx domains suddenly springing to life
- One of the dumbest gTLDs just switched back-ends
- GoDaddy loses .co to Team Internet
- Governments erect bulk-reg barrier to new gTLD next round
- Little interest in cheapo gTLD program
- US government opposes most new gTLDs
- GoDaddy loses last Amazon business to Identity Digital
- Third Amazon gTLD launch dates revealed
- .TOP promises to play nice on DNS abuse
- Court denies ICANN’s #MeToo “cover up” attempt
- Launch dates for two more Amazon gTLDs revealed
- An end to “Club Med for geeks” ICANN?
- Some people paid premiums for .hot domain hacks
- .io questions in sharp focus as UK signs Chagos treaty
- Big .gdn registrar at risk
- ICANN “reaffirms its commitment to diversity and inclusion”
- ICANN kills off diversity and inclusion
- Kaufmann picked for ICANN board
- Conflicted? STFU under new ICANN rules
- .hot is for hookers? Amazon’s first premium regs revealed
- Gname adds another 200 registrars
- New Pope’s .com domain was registered the day Francis died
- Two deadbeat registrars get their ICANN marching orders
- DotMusic has sold a lot of names, but not many are turned on
- .med is a deeply weird gTLD, but it wants to be more normal
- ICANN cuts off money to UASG
- Web.com getting dumped
- .es and .pt riding out massive power outage
- .com is back as Verisign discounts bear fruit
- Dot-brand actually being used to get deleted
- Verisign gave Trump $100,000
Uniregistry to grandfather existing domains before big price increases
Uniregistry has backtracked on its plan to hike renewal fees on thousands of domain name registrations.
CEO Frank Schilling described the U-turn, which followed a ferocious backlash from domain investors, as “the right thing to do”.
The company had announced price increases across 16 of its 27 gTLDs that in one case exceeded 3,000% but in many more cases represented increases in the hundreds of percent.
The increases were to apply to new and renewing registrations, and Schilling had said that they were necessary to keep the affected TLDs afloat.
But domainers were furious, taking to blogs and message boards to announce and decry the death of all new gTLDs.
Leading registrar Go Daddy soon said that it would no longer sell Uniregistry TLDs, at least temporarily.
But yesterday Uniregistry announced a change of heart, providing an unusually detailed account of the thought process leading to the price increases that’s worth quoting at length.
“The registration providers we consulted reported that differentiating prices based on the time of the registration was technically difficult and confusing for customers,” said Bret Fausett, head of the Registry Services Team. “Based on that feedback, and considering the small number of registrants affected, we made the difficult decision to raise prices for all registrants.”
“After the announcement, however, we, and our registration partners, have heard clearly from our end users that the ability to register ten-years at the existing price does not ameliorate the pain of subsequent price increases for registrants facing substantial price increases,” said Mr. Fausett. “So, for the names in our highest-priced tiers, the price changes will affect only new registrations. We are asking our registration partners to do whatever is necessary to enable this approach.”
“Creating a legacy tier of prices for inaugural registrants in our niche, premium top-level domains is technically more difficult,” said Frank Schilling, Managing Director of Uniregistry, “but it’s the right thing to do for those pioneering individuals and companies who have staked their claims in the new Internet real estate.”
In other words, if you register a name in the affected gTLDs before September 8, your renewal fee will be at the current lower level.
Whether this will be enough to mitigate Uniregistry’s reputational damage in the domainer community remains to be seen.
But the company also said it plans to overhaul its premium names pricing by the end of the second quarter, scrapping the multi-tier pricing approach in favor of a one-size-fits-all menu.
Schilling said that price reductions will affect “millions” of reserved names and mean “hundreds of millions” of dollars of hypothetical value have been wiped from the portfolio.
China approves more Donuts, Afilias gTLDs
Donuts and Afilias have had two batches of new gTLDs approved for use in China.
The Ministry of Industry and Information Technology approved five Afilias TLDs and six Donuts TLDs last month. This means customers of Chinese registrars will now be able to legally use those names in China.
Afilias was approved for .info, .mobi and .pro, which were delegated following the 2000 and 2003 new gTLD application rounds and .kim and .red from the 2012 round.
Donuts simultaneously was cleared for .ltd, .group, .游戏 (“game”), .企业 (“business”), .娱乐 (“entertainment) and .商店 (“store”).
The approvals more than double the number of new gTLDs in Latin script to get the nod from MIIT, in what now appears to be a monthly occurrence.
In February, .ink and four Chinese-script TLDs passed the regulatory process, following .site and .shop in January and .vip, .club and .xyz in December.
MIIT approval means the chance of usage by Chinese registrants should go up, but it also ties these Western registries to relatively Draconian government policies when it comes to Chinese registrations.
New gTLD registries want a $17 million ICANN rebate
Many gTLDs are performing more poorly than expected and their registries want some money back from ICANN to compensate.
The Registries Stakeholder Group this week asked ICANN for a 75% credit on their quarterly fees, which they estimate would cost $16.875 million per year.
The money would come from leftover new gTLD application fee money, currently stashed in an ICANN war chest valued at nearly $100 million.
The RySG, in a letter to ICANN (pdf), also asked for $3 million from the fund to be used to pay for advertising the availability of new gTLDs.
“These measures combined would support ICANN’s mission to promote competition for the public interest and operational interoperability of the internet,” the proposal states.
Currently, all gTLDs on the 2012-round contract have to pay ICANN $25,000 per year, split into quarterly payments, in fixed fees.
Transaction volume over 50,000 transactions per year is taxed at $0.25 per add, renewal or transfer.
The RySG wants the $6,250 quarterly fee reduced by $4,687.50 for a year, with the possibility of the discount being renewed in subsequent years.
In its letter, it cites an example of 900 delegated gTLDs being affected, which would cost $16.875 million per year.
However, that’s only three quarters of the total number of new gTLDs in the root. That currently stands at over 1,200 string, so the actual cost would presumably be closer to £23 million.
Because the new gTLD program, with its $185,000 application fees, was never meant to turn a profit, the RySG thinks it’s fair that the excess money comes back to the companies that originally paid it.
The rationale for the discount is that many new gTLDs (not all, as the RySG is quick to point out) are struggling under poor sales volumes, meaning a 5,000-name TLD, of which there are many, is in effect costing the registry $5 per name per year in fixed ICANN fees.
But that rationale does not of course apply to all new gTLDs. There are currently almost 470 dot-brand gTLDs in the root, which have business models oriented on harder-to-quantify ROI rather than sales volumes and profits.
It’s not clear from the RySG letter whether the discount would apply to all gTLDs or only those with a straightforward old-school profit motive.
.feedback gTLD in breach of contract after big brand “fraud” claims
ICANN has slapped .feedback operator Top Level Spectrum with a contract breach notice after a huge complaint about alleged fraud filed by a gang of big brands.
The company becomes the third new gTLD to be hit by a breach notice, and the first to receive one as a result of losing a Public Interest Commitments Dispute Resolution Process case.
While TLS dodged the “fraud” charges on a technicality, the breach is arguably the most serious found by ICANN in a new gTLD registry to date.
The three-person PICDRP panel found TLS was in violation of the following commitment from its registry agreement:
Registry Operator will operate the TLD in a transparent manner consistent with general principles of openness and non-discrimination by establishing, publishing and adhering to clear registration policies.
But TLS dodged the more serious charges of “fraudulent” behavior, which it denied, largely on the technicality that its PICs only require it to bar its registrants from such behavior.
There’s nothing in the PICs preventing the registry from behaving fraudulently, so the PICDRP panel declined to rule on those allegations, saying only that they “may be actionable in another forum”.
The complainants, which filed their 1,800-page complaint in October, were MarkMonitor and a bunch of its clients, including Adobe, American Apparel, Best Buy, Facebook, Levi and Verizon.
They’d claimed among other things that 70% of .feedback domains were trademarked names actually registered by the registry, and that TLS had stuffed each site with reviews either paid for or scraped from services such as Yelp!.
They claimed that Free.Feedback, a free domains service hosted by an affiliated entity, had been set up to auto-populate Whois records with the names of brand owners (or whoever owned the matching .com domain) even when the registrant was not the brand owner.
This resulted in brand owners receiving “phishing” emails related to domains they’d never registered, the complainants stated.
TLS denied all all the allegations of fraud, but the PICDRP panel wound up not ruling on many of them anyway, stating:
the Panel finds that Respondent’s Registry Operator Agreement contains no covenant by the Respondent to not engage in fraudulent and deceptive practices.
The only violations it found related to the transparency of .feedback’s launch policies.
The panel found that TLS had not given 90 days notice of policy changes and had not made its unusual pricing model (which included an extra fee for domains that did not resolve to live sites) transparent.
The registry had a number of unusual launch programs, which I outlined in December 2015 but which were apparently not adequately communicated to registrars and registrants.
The panel also found that Free.Feedback had failed to verify the email addresses of registrants and had failed to make it easy for trademark owners to cancel domains registered in their names without their consent.
Finally, it also found that TLS had registered a bunch of trademark-match domain names to itself during the .feedback sunrise period:
self-allocating or reserving domains that correspond to the trademark owners’ marks during the Sunrise period constitutes a failure by the Respondent to adhere to Clause 6 of its Registration and Launch policies, versions 1 and 2. According to the policies, Sunrise period is exclusively reserved for trademark owners
TLS, in its defense, denied that it had self-allocated these names and told the panel it had “accidentally” released them into the zone file temporarily.
As a result of the PIC breaches found by the panel, ICANN Compliance has issued a breach notice (pdf) against the company.
To cure the breach, and avoid having its Registry Agreement taken away, TLD has to, by April 15:
Provide ICANN with corrective and preventative action(s), including implementation dates and milestones, to ensure that Top Level Spectrum will operate the TLD feedback in a transparent manner consistent with general principles of openness and nondiscrimination by establishing, publishing and adhering to clear registration policies;
That seems to me like it’s probably vague enough to go either way, but I’d be surprised if TLS doesn’t manage to comply.
Government anger over two-letter domains
ICANN’s Governmental Advisory Committee has clashed with its board of directors over the lack of protections for two-letter domain names that match country codes.
The board has now formally been urged to reconsider its policy to allow registries to sell these names, after angry comments and threats from some GAC members.
Governments from Brazil, Iran, China and the European Union are among at least 10 angered that the names are either not adequately protected or only available for exorbitant prices,
The debate got very heated at ICANN 58 here in Copenhagen on Wednesday morning, during a public session between the GAC and the board, with Iran’s outspoken GAC rep, Kavous Arasteh, almost yelling at Chris Disspain, the board’s point man on the topic.
Arasteh even threatened to take his concerns, if not addressed, to the International Telecommunications Union when it convenes for a plenipotentiary next year.
“Your position is not acceptable. Rejected categorically,” he said.
“The multistakeholder process was not easily accepted by many countries. Still people have difficulty with that,” he said. “We have a plenipotentiary coming in 2018, and we will raise the issue if the matter is not resolved… It is not always commercial, government also has some powers, and we exercise our powers.”
Invoking the ITU is a way to turn a relatively trivial disagreement into an existential threat to ICANN, a typical negotiating tactic of governments that don’t get what they want from ICANN.
The relatively trivial disagreement in this case is ICANN’s decision to allow gTLD registries to release all previously reserved two-letter strings.
In November, ICANN approved a policy that released all two-letter strings on the proviso that registrants have to assert that they will not pass themselves off as affiliated with the countries concerned.
Registries also were given a duty to investigate — but not necessarily act upon — governmental complaints about confusion.
ICANN thinks that this policy is perfectly compliant with the GAC’s latest official advice, supplied following the Helsinki meeting last June, which asked ICANN to:
urge the relevant Registry or the Registrar to engage with the relevant GAC members when a risk is identified in order to come to an agreement on how to manage it or to have a third-party assessment of the situation if the name is already registered.
Disspain patiently pointed out during Wednesday’s session that governments have no legal rights to their ccTLD strings at the second level, and that most of the complaining governments don’t even protect two-letter strings in their own ccTLDs.
But some GAC reps disagreed.
China stated (via the official interpreter): “We believe the board doesn’t have the right or the mandate to decide whether GAC members have the right over two-character domain names.”
While no government spoke in favor of the ICANN policy on Wednesday, the complaining governments do appear to be in a minority of the GAC.
Despite this, they seem to have been effective in swaying fellow committee members to issue some stern new advice. The Copenhagen communique, published last night (pdf), reads:
a. The GAC advises the ICANN Board to:
I. Take into account the serious concerns expressed by some GAC Members as contained in previous GAC Advice
II. Engage with concerned governments by the next ICANN meeting to resolve those concerns.
III. Immediately explore measures to find a satisfactory solution of the matter to meet the concerns of these countries before being further aggravated.
IV. Provide clarification of the decision-making process and of the rationale for the November 2016 resolution, particularly in regard to consideration of the GAC advice, timing and level of support for this resolution.
ICANN is being compelled to retroactively revisit a policy that was issued in compliance with previous GAC advice, it seems.
The next ICANN meeting is being held in Johannesburg in June, so the clock is ticking.
Two-letter domains are valuable properties even in new gTLDs. With each expected to sell for thousands, two-letter names are likely to be a multimillion dollar windfall for even moderately sized portfolio registries.
Schilling expects GoDaddy to return after dumping Uniregistry gTLDs
Uniregistry CEO Frank Schilling has expressed his “surprise” that GoDaddy has decided to stop selling his company’s gTLDs, but said he expects the registrar to return in future.
GoDaddy’s decision to stop new registrations and inbound transfers for Uniregistry’s portfolio of gTLDs came after the registry revealed price increases for 16 strings that ranged from nominal to over 3,000%.
The registrar told Domain Name Wire yesterday that Uniregistry’s move presented “an extremely poor customer experience” and “does not reflect well on the domain name industry”.
Registrars are of course the customer-facing end of the domain name industry, and the burden of explaining renewal price increases of 5x falls on their shoulders.
But Schilling seems to expect the ban to be temporary.
“We are extremely surprised by GoDaddy’s reaction but are pleased that our extensions are available at many other registrars who support our approach. We remain ready to support GoDaddy when they decide on a path which works for their customers,” he told DI today.
“We expect them to return,” he added.
It’s a plausible prediction. GoDaddy’s statement to DNW said Uniregistry had been cut off “until we can assess the impact on our current and potential customers”, which suggests it’s not necessarily permanent.
GoDaddy is Uniregistry’s first or second-largest registrar in most of the affected gTLDs.
But because the gTLDs in question have so few domains in them, the number of GoDaddy-sponsored domains is typically under 1,000 per gTLD.
Even in the much larger zones of .click and .link (which are receiving small price increases and will still wholesale for under $10), GoDaddy’s exposure is just a few thousand domains and it’s nowhere near the market leader.
I wonder how much of GoDaddy’s decision to drop Uniregistry has to do with the reaction from domain investors.
Ever since DI broke the news of the price increases a week ago, there’s been a stream of angry domainer blog and forum posts, condemning Schilling and Uniregistry for the decision and using the move as a stick to batter the whole new gTLD program.
For registrars, it doesn’t necessarily strike me a terrible deal.
While they will have to deal with customer fallout, over the longer term higher wholesale prices means bigger margins.
Registrars are already adding about a hundred bucks to the $300 cost of a .game domain, and the price increase from $10 to $300 of the Spanish equivalent, .juegos, likely means similar margins there too.
Schilling: big price increases needed to keep new gTLDs alive
Uniregistry is to massively increase the price of some of its under-performing new gTLDs in an effort to keep them afloat.
Sixteen TLDs from the company’s portfolio of 27 will see price increases of up to 3,000% starting September 8, CEO Frank Schilling confirmed to DI today.
“We need more revenue from these strings, especially the low volume ones, without question,” he said. “We can’t push on a string and stoke demand overnight. So in order for that string to survive as a standalone it has to be profitable.”
While domainers have taken to new gTLDs in greater numbers than Schilling anticipated, demand among worldwide consumers has been slower than expected, Schilling said.
“If you have a space with only 5,000 registrations, you need to have a higher price point to justify its existence, just because running a TLD isn’t free,” he said.
The alternative to repricing would be to sell the TLD in question to a competitor, which in turn would then be forced to reprice anyway, he said.
The TLDs seeing the biggest price hikes are .hosting and .juegos (Spanish for “games”) which are going up from about $20 retail and about $10 retail respectively to about $300 apiece.
Schilling said he believed that true web hosts could afford the new pricing. The .juegos increase is modeled on what Uniregistry has been doing with .game, which currently retails for closer to $400.
At the budget, sub-$10 end of the portfolio, .click and .link are to see fees rise by a buck or two per year.
Names in .audio, .blackfriday, .diet, .flowers, hiphop .guitars and .property, currently priced in the $10 to $25 range, will all start retailing for about $100 per year.
The other affected TLDs are .christmas, .help, .sexy and .tattoo, which will all see big increases but stay in the sub-$100 range.
The TLDs seeing the biggest price increases are among the ones with the fewest registrations — .juegos has about 1,000 names in its zone, while .hosting has fewer than 6,000. Most of the 16 TLDs have fewer than 10,000 names in their zones.
Uniregistry is no stranger to highly-priced domains. It runs .cars, .car and .auto, where it sells every domain at $2,888 a year retail (with no reserved premiums) but has fewer than 500 names in each zone.
Schilling said that in some ways he prefers this model to the more standard model of low-price base fees with high-price premiums.
The higher prices will likely lead in the short term to lower registration numbers (as speculators flee) but will give Uniregistry more cash to invest in marketing.
“That metering effect of high prices, we like that, in terms of trying to grow the namespace, and it gives us money we can use to try to market the strings to prosperity,” Schilling said.
“At a higher price point, the marketing can scale, but we just can’t do it on base registrations of ten bucks or twenty bucks,” he said.
He added that the higher base fee gives Uniregistry more flexibility to provide periodic discounts.
ICANN rules make it much easier to have a high base fee and keep it regularly discounted than to periodically increase fees, which requires six months notice.
“Between renewals promotions and pricing promotions, a lot of the effects of the price increases will be moot,” Schilling said.
Because the new prices don’t kick in until September, registrants are able to lock in pricing at current levels by renewing for up to 10 years.
While the price increases and Schilling’s relatively gloomy commentary will certainly fuel opponents of new gTLDs, whom are legion, Schilling is still bullish on the market, which he continues to characterize as a marathon rather than a sprint.
“Within ten years, will it be bigger? Absolutely. It’ll be quintuple what it is today,” he said. “But we need to get to 10 years, and to keep the lights on between here and there we need higher prices, without question.”
Donuts took down 11 domains for Hollywood last year
Donuts caused 11 domain names in its new gTLD portfolio to be taken down in the first 12 months of its deal with the US movie industry.
The company disclosed yesterday that the Motion Picture Association of America requested the suspension of 12 domains under their bilateral “Trusted Notifier” agreement, which came into effect last February.
The news follows the decisions by Public Interest Registry and the Domain Name Association not to pursue a “Copyright ADRP” process that would have made such Trusted Notifier systems unnecessary.
Of the 12 alleged piracy domains, seven were suspended by the sponsoring registrar, one was addressed by the hosting provider, and Donuts terminated three at the registry level.
For the remaining domain, “questions arose about the nexus between the site’s operators and the content that warranted further investigation”, Donuts said.
“In the end, after consultation with the registrar and the registrant, we elected against further action,” it said.
Trusted Notifier is supposed to address only clear-cut cases of copyright infringement, where domains are being using solely to commit mass piracy. Donuts said:
Of the eleven on which action was taken, each represented a clear violation of law—the key tenet of a referral. In some cases, sites simply were mirrors of other sites that were subject to US legal action. All were clearly and solely dedicated to pervasive illegal streaming of television and movie content. In a reflection of the further damage these types of sites can impart on Internet users, malware was detected on one of the sites.
Donuts also dismissed claims that Trusted Notifier mechanisms represent a slippery slope that will ultimately grant censorship powers to Big Content.
The company said “a mere handful of names have been impacted, and only those that clearly were devoted to illegal activity. And to Donuts’ knowledge, in no case did the registrant contest the suspension or seek reinstatement of the domain.”
It is of course impossible to verify these statements, because Donuts does not publish the names of the domains affected by the program.
Trusted Notifier, which is also in place at competing portfolio registry Radix, was this week criticized in an academic paper from professor Annemarie Bridy of the University of Idaho College of Law and Stanford University.
The paper, “Notice and Takedown in the Domain Name System: ICANN’s Ambivalent Drift into Online Content Regulation”, she argues that while Trusted Notifier may not by an ICANN policy, the organization has nevertheless “abetted the development and implementation of a potentially large-scale program of privately ordered online content regulation”.
India’s biggest bank switches to dot-brand
State Bank of India has announced plans to migrate all of its web sites to its new dot-brand gTLD.
The company has been responsible for .sbi since it was delegated by ICANN last April, but bank.sbi is its first live domain name.
Currently, while bank.sbi is live and resolving, the old domain sbi.co.in appears to still be its primary address.
However, SBI said “all of the bank’s internet presence… shall soon be migrated to the .sbi gTLD”.
There will be a period of crossover while customers get used to the change, it said in a press release.
The bank said: “a gTLD site like .sbi conveys an assurance to the customer that the site is authorised, genuine and is not an inappropriate or phishing site”.
The move is perhaps significant given that SBI is state-owned, and one might expect some level of nationalism when it comes to domain choice.
But SBI, India’s largest bank with $490 billion in assets under management, is not the first bank to say it plans to use its dot-brand as its primary TLD.
BNP Paribas, the world’s biggest non-Chinese bank, uses .bnpparibas for almost everything, particularly in its native France. It has three domains in the Alexa top 100,000 most-visited web sites.
Others with dot-brands in use include Barclays and Citi.
Phishing in new gTLDs up 1,000% but .com still the worst
The .com domain is still the runaway leader TLD for phishing, with new gTLDs still being used for a tiny minority of attacks, according to new research.
.com domains accounted for 51% of all phishing in 2016, despite only having 48% of the domains in the “general population”, according to the 2017 Phishing Trends & Intelligence Report
from security outfit PhishLabs.
But new gTLDs accounted for just 2% of attacks, despite separate research showing they have about 8% of the market.
New gTLDs saw a 1,000% increase in attacks on 2015, the report states.
The statistics are based on PhishLabs’ analysis of nearly one million phishing sites discovered over the course of the year and include domains that have been compromised, rather than registered, by attackers.
The company said:
Although the .COM top-level domain (TLD) was associated with more than half of all phishing sites in 2016, new generic TLDs are becoming a more popular option for phishing because they are low cost and can be used to create convincing phishing domains.
…
There are a few reasons new gTLDs are gaining traction in the phishing ecosystem. For one, some new gTLDs are incredibly cheap to register and may be an inexpensive option for phishers who want to have more control over their infrastructure than they would with a compromised website. Secondly, phishers can use some of the newly developed gTLDs to create websites that appear to be more legitimate to potential victims.
Indeed, the cheapest new gTLDs are among the worst for phishing — .top, .xyz, .online, .club, .website, .link, .space, .site, .win and .support — according to the report.
But the numbers show that new gTLDs are significantly under-represented in phishing attacks.
According to separate research from CENTR, there were 309.4 million domains in existence at the end of 2016, of which about 25 million (8%) were new gTLDs.
Yet PhishLabs reports that new gTLD domains were used for only about 2% of attacks.
CENTR statistics have .com with a 40% share of the global domain market, with PhishLabs saying that .com is used in 51% of attacks.
The difference in the market share statistics between the two sets of research is likely due to the fact that CENTR excludes .tk from its numbers.
Again, because PhishLabs counts hacked sites — in fact it says the “vast majority” were hacked — we should probably exercise caution before attributing blame to registries.
But PhishLabs said in its report:
When we see a TLD that is over-represented among phishing sites compared to the general population, it may be an indication that it is more apt to being used by phishers to maliciously register domains for the purposes of hosting phishing content. Some TLDs that met these criteria in 2016 included .COM, .BR, .CL, .TK, .CF, .ML, and .VE.
By far the worst ccTLD for phishing was Brazil’s .br, with 6% of the total, according to the report.
Also notable were .uk, .ru, .au, .pl, and .in, each with about 2% of the total, PhishLabs said.
Recent Comments