Latest news of the domain name industry

Recent Posts

Neustar to keep .us for another decade

Neustar has secured a renewal of its contract to run the United States’ ccTLD until up to 2029.
The company and the National Telecommunications and Information Administration announced the new contract last week.
The initial term of the deal runs until August 2021, but there are four two-year renewal options after that.
Neustar has been running .us since 2001. It doesn’t pay NTIA for the privilege, nor does the NTIA pay Neustar.
There are currently around two million registered .us domain names. The TLD appears to be still growing, but not especially fast.

The DNS’s former overseer now has its own domain name

Kevin Murphy, March 19, 2019, Domain Policy

The National Telecommunications and Information Administration, which for many years was the instrument of the US government’s oversight of the DNS root zone, has got its first proper domain name.
It’s been operating at ntia.doc.gov forever, but today announced that it’s upgrading to the second-level ntia.gov.
The agency said the switch “will make NTIA’s site consistent with most other Department of Commerce websites”.
Staff there will also get new ntia.gov email addresses, starting from today. Their old addresses will continue to forward.
NTIA was part of the DNS root management triumvirate, along with ICANN/IANA and Verisign, until the IANA transition in 2016.
The agency still has a contractual relationship with Verisign concerning the operation of .com.

ICANN urged to reject .com price increases

Kevin Murphy, November 21, 2018, Domain Registries

The Internet Commerce Association has asked ICANN to refuse to allow Verisign to raise its wholesale prices for .com domain names.
The domainer trade group wrote to ICANN last week to point out that just because the Trump administration has dropped the US government objection to controlled price increases, that doesn’t necessarily mean ICANN has to agree.
Verisign’s deal with the National Telecommunications and Information Administration “does not of course, compel ICANN to agree to any such increases. Any such decision regarding .com pricing
remains with ICANN” ICA general counsel Zak Muscovitch wrote.
The deal allows Verisign to increase the price of .com registrations, renewals and transfers by 7% per year in four of the next six years, leading to a compound 30% increase by the time it concludes.
The arguments put forth Muscovitch’s letter are pretty much the same as the arguments ICA made when it was lobbying NTIA to maintain the price freeze.
Namely: Verisign already makes a tonne of money from .com, it has a captive audience, it cannot claim credit for .com’s success, and .com is not constrained by competition.
“As NTIA makes clear, it is up to Verisign to request a fee increase and ICANN that may agree or disagree. ICANN should not agree. Indeed, it would be a dereliction of ICANN’s responsibilities to the ICANN community if Verisign were permitted to raise its fees when it is already very well paid for the services which it provides,” Muscovitch’s letter (pdf) concludes.
For many years ICANN has been reluctant to get involved in price regulation. It remains to be seen whether it will make an exception for .com.

Will ICANN take a bigger slice of the .com pie, or will .domainers get URS?

Kevin Murphy, November 5, 2018, Domain Registries

Will ICANN try to get its paws on some of Verisign’s .com windfall? Or might domainers get a second slap in the face by seeing URS imposed in .com?
With Verisign set to receive hundreds of millions of extra dollars due to the imminent lifting of .com price caps, it’s been suggested that ICANN may also financially benefit from the arrangement.
In a couple of blog posts Friday, filthy domain scalper Andrew Allemann said that ICANN will likely demand higher fees from Verisign in the new .com registry agreement.
Will it though? I guess it’s not impossible, but I wouldn’t say it’s a certainty by any means.
Verisign currently pays ICANN $0.25 per transaction, the same as almost all other gTLDs. Technically, there’s no reason this could not be renegotiated.
Putting aside some of the legacy gTLD contracts, I can only think of two significant cases of ICANN imposing higher fees on a registry.
The first was .xxx, which was signed in 2011. That called for ICM Registry, now part of MMX, to pay $2 per transaction, eight times the norm.
The rationale for this was that ICANN thought (or at least said it thought) that .xxx was going to be a legal and compliance minefield. It said it envisaged higher costs for overseeing the then-controversial TLD.
There was a school of thought that ICANN was just interested in opportunistically boosting its own coffers, given that ICM was due to charge over $60 per domain per year — at the time a ludicrously high amount.
But risk largely failed to materialize, and the two parties last year renegotiated the fees down to $0.25.
The second instance was .sucks, another controversial TLD. In that case, ICANN charged registry Vox Populi a $100,000 upfront fee and per-transaction fees of $1 per domain for the first 900,000 transactions, four times more than the norm.
While some saw this as a repeat of the .xxx legal arse-covering tactic, ICANN said it was actually in place to recoup a bunch of money that Vox Pop owner Momentous still owed when it let a bunch of its drop-catch registrars go out of business a couple years earlier.
While the .sucks example clearly doesn’t apply to Verisign, one could make the case that the .xxx example might.
It’s possible, I guess, that ICANN could make the case that Verisign’s newly regained ability to raise prices opens it up to litigation risk — something I reckon is certainly true — and that it needs to increase its fees to cover that risk.
It might be tempting. ICANN has a bit of a budget crunch at the moment, and a bottomless cash pit like Verisign would be an easy source of funds. A transaction fee increase of four cents would have been enough to cover the $5 million budget shortfall it had to deal with earlier this year.
On the other hand, it could be argued that ICANN demanding more money from Verisign would unlevel the playing field, inviting endless litigation from Verisign itself.
ICANN’s track record with legacy gTLDs has been to reduce, rather than increase, their transaction fees.
Pre-2012 gTLDs such as .mobi, .jobs, .cat and .travel have all seen their fees reduced to the $0.25 baseline in recent years, sometimes from as high as $2.
In each of these cases, the registries concerned had to adopt many provisions of the standard 2012 new gTLD registry agreement including, controversially, the Uniform Rapid Suspension service.
Domainers hate the URS, which gives trademark owners greater powers to take away their domains, and the Internet Commerce Association (under the previous stewardship of general counsel Phil Corwin, since hired by Verisign) unsuccessfully fought against URS being added to .mobi et al over the last several years, on the basis that eventually it could worm its way into .com.
I’m not suggesting for a moment that ICANN might reduce Verisign’s fees, but what if URS is the price the registry has to pay for its massive .com windfall?
It’s not as if Verisign has any love for domainers, despite the substantial contribution they make to its top line.
Since the NTIA deal was announced, it’s already calling them “scalpers” and driving them crazy.
ICA lost the .com price freeze fight last week, could it also be about to lose the URS fight?

Trump gives Verisign almost $1 billion in free money

Kevin Murphy, November 5, 2018, Domain Registries

The Trump administration may have just handed Verisign close to $1 billion in free money.
That’s according to the back of the envelope I’m looking at right now, following the announcement that the National Telecommunications and Information Administration is reinstating Verisign’s right to increase .com registry fees.
As you may have read elsewhere already (I was off sick last week, sorry about that) a new amendment to the Verisign-NTIA Cooperative Agreement restores Verisign’s ability to raise prices by 7% per year in four of the six years of the deal.
The removal of the Obama-era price freeze still needs to be incorporated into Verisign’s ICANN contract, but it’s hard to imagine ICANN, which is generally loathe to get into pricing regulation, declining to take its lead from NTIA.
Verisign would also have to choose to exercise its option to increase prices in each of the four years. I think the probability of this happening is 1 in 1.
Layering this and a bunch of other assumptions into a spreadsheet, I’m coming up with a figure of roughly an extra $920 million that Verisign will get to add to its top line over the next six years.
Again, this isn’t an in-depth study. Just back-of-the-envelope stuff. I’ll talk you through my thinking.
Not counting its occasional promotions, Verisign currently makes $7.85 for every year that a .com domain is added or renewed, and for every inter-registrar transfer.
In 2017, .com saw 40.89 million add-years, 84.64 million renew-years and 3.79 million transfers, according to official registry reports.
This all adds up to 129,334,643 revenue events for Verisign, or just a tad over $1 billion at $7.85 a pop.
Over the four-year period of the price increases transaction fees will go up to $8.40, then $8.99, then $9.62, then $10.29. I’m rounding up to the nearest penny here, it’s possible Verisign may round down.
If we assume zero transaction growth, that’s already an extra $762.2 million into Verisign’s coffers over the period of the contract.
But the number of transactions inevitably grows each year — more new domains are added, and some percentage of them renew.
Between 2016 and 2017, transaction growth was 3.16%.
If we assume the same growth each year for the next six years, the difference between Verisign’s total revenue at $7.85 and at the new pricing comes to $920 million.
Verisign doesn’t have to do anything for this extra cash, it just gets it.
Indeed, the new NTIA deal is actually less restrictive on the company. It allows Verisign to acquire or start up an ICANN-accredited gTLD registrar, something it is currently banned from doing, just as long as that registrar does not sell .com domains.
Verisign’s .net contract also currently bans the company from owning more than 15% of a registrar, so presumably that agreement would also need to be amended in order for Verisign to get into the registrar business.
I say again that my math here is speculative; I’m a blogger, not a financial analyst. There may be some incorrect assumptions — I’ve not accounted for promotions at all, for example, and the 3.16% growth assumption might not be fair — and there are of course many variables that could move the needle.
But the financial markets know a sweetheart deal when they see one, and Verisign’s share price went up 17.2% following the news, reportedly reaching heights not seen since since the dwindling days of the dot-com bubble 18 years ago.
The reason given for the lifting of the price freeze was, for want of a better word, bullshit. From the NTIA’s amendment:

In recognition that ccTLDs, new gTLDs, and the use of social media have created a more dynamic DNS marketplace, the parties agree that the yearly price for the registration and renewal of domain names in the .com registry may be changed

Huh?
This seems to imply that Verisign has somehow been disproportionately harmed by the rise of social media, the appearance of new gTLDs and some unspecified change in the ccTLD marketplace.
While it’s almost certainly true that .net has taken a whack due to competition from new gTLDs, and that the domain marketplace overall may have been diminished by many small businesses spurning domains by choosing to set up shop on, say, Facebook, .com is still a growing money-printing machine with some of the fattest margins seen anywhere in the business world and about a 40% global market share.
If the Trump administration’s goal here is to make some kind of ideological statement about free markets, then why not just lift the price caps altogether? Give Verisign the right to price .com however it pleases?
Or maybe Trump just wants to flip the bird to Obama once more by reversing yet another of his policies?
Who knows? It doesn’t make a lot of sense to me.

US not happy with Donuts hiring Atallah

Kevin Murphy, October 22, 2018, Domain Policy

The US government appears to have reservations about Donuts’ recent hiring of ICANN bigwig Akram Atallah as its new CEO.
Speaking at a session of ICANN 63 here in Barcelona today, National Telecommunications and Information Administration head David Redl alluded to the recent hire.
Atallah was president of the Global Domains Division and twice interim CEO.
While most of Redl’s brief remarks today concerned internet security and Whois, he concluded by saying:

While the community has greatly improved ICANN’s accountability through the IANA stewardship transition process, there are still improvements to be made.
As one example, we need safeguards to ensure that ICANN staff and leadership are not only grounded ethically in their professional actions at ICANN, but also in their actions when they seek career opportunities outside of ICANN.
One potential fix could be “cooling off periods” for ICANN employees that accept employment with companies involved in ICANN activities and programs. This is an ethical way to ensure that conflicts of interest or appearances of unethical behavior are minimized.

ICANN faced similar scrutiny back in the 2011, when ICANN chair Peter Dengate Thrush pushed through the new gTLD program and almost immediately began working for a new gTLD applicant.
That was the same year Redl moved from being head of regulatory affairs at CTIA — lobbying for wireless industry legislation — to counsel to the House of Representatives Energy and Commerce Committee — helping to craft wireless industry legislation.
Here are his remarks. Redl starts speaking at around the 38-minute mark.

US scraps fucking stupid “seven dirty words” ban

Kevin Murphy, September 13, 2018, Domain Registries

Neustar and the US government have agreed to dump their longstanding ban on profanity in .us domains.
A contract change quietly published in July has now made it possible to register .us domains containing the strings “fuck”, “cunt”, “shit”, “piss”, “cocksucker”, “motherfucker” and “tits”.
These are the so-called “seven dirty words” popularized by a George Carlin comedy routine and incorporated into US censorship law via the Supreme Court decision Federal Communications Commission v Pacifica Foundation in 1978.
Neustar banned the strings from .us when it originally won the registry contract from the National Telecommunications and Information Administration in 2002, and kept it upon renewal.
Until recently, it was conducting post-registration reviews of new .us domains and suspending names that used the strings in sweary contexts.
However, a July contract amendment (pdf) has released Neustar from this duty, allowing registrants to register whatever the fuck they want.
According to the Electronic Frontier Foundation, the change came about after itself and the Cyberlaw Clinic at Harvard Law School complained to the government about the suspension of the domain fucknazis.us, which registrant Jeremy Rubin had been using to raise money to fight the extreme right in the US.
That domain was registered in late 2017, but Neustar appears to have been discussing whether to repeal the idiotic ban in various policy groups for at least three years.
When Network Solutions was the sole registrar for .com, .org and .net it too banned the seven dirty words but this practice fizzled out after ICANN introduced competition into the registrar space almost two decades ago.

Could a new US law make GDPR irrelevant?

Kevin Murphy, August 29, 2018, Domain Policy

Opponents of Whois privacy are pushing for legislation that would basically reverse the impact of GDPR for the vast majority of domain names.
Privacy advocate Milton Mueller of the Internet Governance Project today scooped the news that draft legislation to this effect is being circulated by “special interests” in Washington DC.
He’s even .
Mueller does not call out the authors of the bill by name — though he does heavily hint that DomainTools may be involved — saying instead that they are “the same folks who are always trying to regulate and control the Internet. Copyright maximalists, big pharma, and the like.”
I’d hazard a guess these guys may be involved.
The bill is currently called the Transparent, Open and Secure Internet Act of 2018, or TOSI for short. In my ongoing quest to coin a phrase and have it stick, I’m tempted to refer to its supporters as “tossers”.
TOSI would force registries and registrars to publish Whois records in full, as they were before May this year when ICANN’s “Temp Spec” Whois policy — a GDPR Band-aid — came into effect.
It would capture all domain companies based in US jurisdiction, as well as non-US companies that sell domains to US citizens or sell domains that are used to market goods or services to US citizens.
Essentially every company in the industry, in other words.
Even if only US-based companies fell under TOSI, that still includes Verisign and GoDaddy and therefore the majority of all extant domains.
The bill would also ban privacy services for registrants who collect data on their visitors or monetize the domains in any way (not just transactionally with a storefront — serving up an ad would count too).
Privacy services would have to terminate such services when informed that a registrant is monetizing their domains.
But the bill doesn’t stop there.
Failing to publish Whois records in full would be an “unfair or deceptive act or practice” and the Federal Trade Commission would be allowed to pursue damages against registries and registrars that break the law.
In short, it’s a wish-list for those who oppose the new regime of privacy brought in by ICANN’s response to the General Data Protection Regulation.
While it’s well-documented that the US executive branch, in the form of the National Telecommunications and Information Administration, is no fan of GDPR, whether there’s any interest in the US Congress to adopt such legislation is another matter.
Is this an IP lawyer’s pipe-dream, or the start of a trans-Atlantic war over privacy? Stay tuned!

ICANN closes GoDaddy Whois probe

Kevin Murphy, August 9, 2018, Domain Registrars

ICANN has closed its investigation into GoDaddy’s Whois practices with no action taken.
Senior VP of compliance Jamie Hedlund yesterday wrote to David Redl, head of the US National Telecommunications and Information Administration, to provide an update on the probe, news of which first emerged in April.
The NTIA and members of the intellectual property community had complained that GoDaddy was throttling Whois access over port 43 and that it was masking certain fields in the output.
That was when GoDaddy and the rest of the ICANN-regulated industry was working under the old rules, before the new temporary Whois policy had been introduced to comply with the EU General Data Protection Regulation.
Hedlund told Redl in a letter (pdf):

Based on our review and testing (including outside of ICANN’s network), GoDaddy is not currently masking WHOIS data or otherwise limiting access to its WHOIS services. Consequently, the complaints related to GoDaddy’s masking of certain WHOIS fields, rate limiting, and whitelisting of IP addresses have been addressed and closed.

GoDaddy had said earlier this year that it was throttling access over port 43 in an attempt to reduce the availability of Whois data to the spammers that have been increasingly plaguing its customers with offers of web site development and search engine optimization services.

US asks if it should take back control over ICANN

Kevin Murphy, June 6, 2018, Domain Policy

The US government has asked the public whether it should reverse its 2016 action to relinquish oversight of the domain name system root.
“Should the IANA Stewardship Transition be unwound? If yes, why and how? If not, why not?”
That’s the surprisingly direct question posed, among many others, in a notice of inquiry (pdf) issued yesterday by the National Telecommunications and Information Administration.
The inquiry “is seeking comments and recommendations from all interested stakeholders on its international internet policy priorities for 2018 and beyond”. The deadline for comments is July 2.
The IANA transition, which happened in September 2016, saw the NTIA remove itself from the minor part it played, alongside meatier roles for ICANN and Verisign, in the old triumvirate of DNS root overseers.
At the handover, ICANN baked many of its previous promises to the US government into its bylaws instead, and handed oversight of itself over to the so-called Empowered Community, made up of internet stakeholders of all stripes.
The fact that the question is being asked at all would have been surprising not too long ago, but new NTIA chief David Redl and Secretary of Commerce Wilbur Ross expressed their willingness to look into a reversal as recently as January.
Back then Redl told Congresspeople, in response to questions raised primarily by Senator Ted Cruz during his confirmation process:

I am not aware of any specific proposals to reverse the IANA transition, but I am interested in exploring ways to achieve this goal. To that end, if I am confirmed I will recommend to Secretary Ross that we begin the process by convening a panel of experts to investigate options for unwinding the transition.

Cruz had objected to the transition largely based on his stated (albeit mistaken or disingenuous) belief that it gave China, Iran and a plethora of bad guys control over Americans’ freedom of speech, something that has manifestly failed to materialize.
But in the meantime another big issue has arisen — GDPR, the EU’s General Data Protection Regulation — which is in the process of eroding access rights to Whois data, beloved of US law enforcement and intellectual property interests.
NTIA is known to be strongly in favor of retaining access to this data to the greatest extent possible.
The notice of inquiry does not mention Whois or GDPR directly but it does ask several arguably related questions:

A. What are the challenges to the free flow of information online?
B. Which foreign laws and policies restrict the free flow of information online? What is the impact on U.S. companies and users in general?
C. Have courts in other countries issued internet-related judgments that apply national laws to the global internet? What have been the practical effects on U.S. companies of such judgements? What have the effects been on users?

NTIA’s statement announcing the inquiry prominently says that the agency is “working on” items such as “protecting the availability of WHOIS information”.
It also says it “has been a strong advocate for the multistakeholder approach to Internet governance and policy development”.
While GPDR and Whois are plainly high-priority concerns for NTIA, it’s beyond my ken how reversing the IANA transition would help at all.
GDPR is not ICANN policy, after all. It’s a European Union law that applies to all companies doing business in Europe.
Even if the US were to fully nationalize ICANN tomorrow and rewrite Whois policy to mandate the death penalty for any contracted party that refused to openly publish full Whois records, that would not make GDPR go away, it would probably just kick off a privacy trade war or mean that all US contracted parties would have to stop doing business in Europe.
That sounds like an extreme scenario, but Trump.
The NTIA’s inquiry closes July 2, so if you think the transition was a terrible idea or a wonderful idea, this is where to comment.