Latest news of the domain name industry

Recent Posts

ICANN reports shocking increase in pandemic scams

Kevin Murphy, May 6, 2022, Domain Tech

The number of gTLD domains being used for malware and phishing related to the Covid-19 pandemic has increased markedly in the last eight months, according to data released by ICANN this week.

The Org revealed that since it started tracking this kind of thing in May 2020 it has flagged 23,452 domains as “potentially active and malicious”.

The data is collected by checking zone files against a list of 579 keywords and running the results through third-party abuse blocklists. Blocked domains are referred to the corresponding registrars for action.

I’m not sure you could technically call these “takedown requests”, but there’s a pretty strong implication that registrars should do the right thing when they receive such a report.

The 23,452 notices is a sharp rise from both the 12,860 potentially abusive flagged names and 3,791 “high confidence” reports ICANN has previously said it found from the start of the project until August 2021.

It’s not clear whether the rise is primarily due to an increase in abusive practices or ICANN’s improved ability to detect scams as it adds additional keywords to its watch-list.

ICANN said in March that it is now also tracking keywords related to the Russian invasion of Ukraine.

It’s also asking organizations in frequently targeted sectors to supply keyword suggestions for languages or scripts that might be under-represented.

The data was processed by ICANN’s Domain Name Security Threat Information Collection and Reporting (DNSTICR or “DNS Ticker”), which Org management previously discussed at ICANN 73.

A sign of things to come? Verisign slashes outlook in post-pandemic slowdown

Kevin Murphy, April 28, 2022, Domain Registries

Verisign is warning that its business is going to grow slower than expected in 2022, due to the after-effects of the pandemic and general economic conditions.

The registry tonight reported first-quarter revenue of $347 million, up 7% on the comparable period a year ago, after raising its .com prices 7% last year.

But the company has slashed its sales estimates for the year.

CEO Jim Bidzos told analysts this evening that the company and its registrars have started to see a post-pandemic slowdown in sales, exacerbated by other unspecified “macro-economic factors”.

“Incremental demand for new registrations that grew during the pandemic is subsiding,” Bidzos said.

Many domain companies, including Verisign, saw growth spikes during the pre-vaccine pandemic, when many small businesses moved to online sales to stay afloat during recurring lockdown restrictions.

But that’s all over now, and the economic fallout most of us are feeling seems to also be affecting domain sales.

The company said its net income for the first quarter was $158 million, up from $150 a year ago. Its operating margin slipped a little, however, from an enormous 65% to an enormous 64.8%.

Verisign ended the quarter with 161.3 million .com domains and 13.4 million .net domains under management, up 4% combined at 174.7 million.

The renewal rate for .com and .net domains was estimated at 74.8%, up from 73.5% a year ago.

The company expects its domain base to grow between 1.75% and 3.5% this year. That’s down quite significantly from its February estimate of growth between 2.5% and 4.5%.

It added 10.1 million new names in the quarter, compared to 10.6 million in Q4 and 11.1 million in Q1 last year.

While Bidzos did not drill very deep into the other factors contributing to his pessimistic outlook, he did say that the war in Ukraine was not a factor. Sales in Ukraine, Russia and Belarus are “not material”, he said.

I suspect what we’re looking at here is probably related to what the media here in the UK is calling the “cost of living crisis”, which is seeing the price of staples such as food and energy skyrocket and many people cut back on luxuries as a result.

UPDATE: This article was updated July 28, 2022 to correct the number of .net registrations from 13.1 million to 13.4 million.

Covid surge scuppers ICANN LA meetings

Kevin Murphy, April 25, 2022, Domain Policy

ICANN has lost out on a chance to test a return to in-person meetings ahead of ICANN 74, due to a surge in Covid-19 cases in its home town of Los Angeles.

The US Centers for Disease Control has increased its risk rating for LA to “High”, compelling ICANN to scrap plans for a face-to-face board meeting next week.

Chair Maarten Botterman wrote:

The Board discussed the rising cases, the change in the CDC risk level, the trajectory, and the collective responsibility we have to ensure the health and safety of all of the participants, including ICANN Org staff who would support the events – and we recognized the additional risk of bringing all of ICANN leadership together in one place, under these circumstances – only six weeks before ICANN74.

The meeting will instead be held virtually by Zoom.

It’s not yet clear whether this will have any impact on ICANN’s next public meeting, which is due to take place in The Hague, the Netherlands, this June.

Botterman wrote that the Org is monitoring the situation on the ground and will provide updates as necessary.

ICANN has already announced a stringent set of restrictions, including mask wearing and social distancing, for ICANN 74.

ICANN’s Covid-19 waiver formally appealed

Kevin Murphy, April 19, 2022, Domain Policy

Two reliably regular ICANN meeting attendees have formally asked the Org to change the legal waiver it’s asking everyone to sign if they want to show up in The Hague for ICANN 74 this June.

Michele Neylon of registrar Blacknight Solutions and Eberhard Lisse of .na ccTLD registry Namibian Network Information Center filed an emergency Request for Reconsideration with ICANN last week.

They call the waiver, which absolves ICANN from liability if participants catch Covid-19 even through ICANN’s own gross negligence “unduly broad” and “unreasonable” and “unduly wide and harsh”.

They can’t ask their staff to sign such an all-encompassing waiver, they say.

ICANN’s Board Accountability Mechanisms Committee has already rejected the RfR, saying it doesn’t meet the timing requirements for an emergency request. It will consider it as a regular request in due course, it said.

As expected, ICANN also seems to have fixed the bug I spotted last week that allowed hybrid attendees to register without signing the waiver.

ICANN suggests its Covid waiver may be worthless

Kevin Murphy, April 13, 2022, Domain Policy

The controversial legal waiver ICANN is insisting you agree to before attending its next public meeting may not be worth the pixels it’s written with, judging by the Org’s latest statement on the matter.

In an updated FAQ, posted in response to a complaint from Blacknight, ICANN now states:

Attending an ICANN meeting remains a risk-based analysis for each attendee, recognizing that sometimes things can and do go wrong. A liability waiver helps enshrine that ICANN’s funds should not be used to defend ICANN against items for which ICANN itself should not be held liable. Protecting ICANN in this way helps support ICANN’s continued ability to serve its mission.

But it denies that the waiver is as all-encompassing as some fear:

There will be times, of course, where ICANN might not perform to an expected best practice, and that might be the cause of injury or damage to an attendee. Those claims against ICANN are not waived.

This apparently contradicts the waiver itself, which continues to say:

I knowingly and freely assume all risks related to illness and infectious diseases, including but not limited to COVID-19, even if arising from the negligence or fault of ICANN.

It also continues to require you to sign away your rights to sue, and your kids’ rights to sue, even if you die of Covid-19 due to ICANN’s “gross negligence”.

There may be a way to avoid the waiver.

Based on my experience, it appears that the waiver is presented in the registration path if you click the box indicating that you will be attending in-person, but if you ALSO check the box saying you’ll be attending remotely then the waiver does not appear.

So if you’re planning on attending in a hybrid fashion, perhaps in-person for only a day or two and on Zoom for the balance, ICANN doesn’t need you to waive your rights.

I expect this is a glitch in how the web form is configured that will probably be fixed not too long after I publish this article.

ICANN 74 will take place in The Hague, and Zoom, in June.

Blacknight objects to ICANN 74 Covid waiver

Kevin Murphy, April 5, 2022, Domain Policy

Irish registrar Blacknight has objected to ICANN’s demand that attendees at its forthcoming 74th public meeting sign a legal waiver over the potential for Covid-19 infections.

CEO Michele Neylon has written (pdf) to his ICANN counterpart and chair Maarten Botterman to complain that the waiver is “excessive” and “unreasonable”.

Neylon said he’d consulted his lawyer and concluded: “I cannot sign this waiver and I obviously cannot ask any of my staff to do so either.”

“[The lawyers] agree that you would want to reduce your liability, but you cannot expect people to grant you a blanket exclusion of liability which includes actual fault,” he wrote.

As I reported earlier in the week, registering for ICANN 74 requires attendees to agree to a waiver which states:

I knowingly and freely assume all risks related to illness and infectious diseases, including but not limited to COVID-19, even if arising from the negligence or fault of ICANN.

The four-day June meeting is set to be the first to have an in-person component — in The Hague, the Netherlands — since the pandemic began two years ago. Zoom participation will also be a prominent feature.

Attendees are strictly expected to be double or triple-vaccinated, wear masks, and socially distance while at the venue. There will also be “health checks” whenever you enter the venue.

Blacknight has no complaint about these precautions, but wants ICANN to reconsider the legal waiver.

ICANN lists the reasons I probably won’t be going to ICANN 74

Kevin Murphy, April 4, 2022, Domain Policy

“Don’t blame us if you die!”

That’s one of the messages coming out of ICANN, which has confirmed that it’s returning to in-person meetings for ICANN 74 this June.

The “hybrid” four-day meeting in The Hague is going ahead, but under strict Covid-19 mitigation rules that seem a bit too annoying for this particular potential attendee.

If you want to get in the venue, you’ll need to show proof of a full course of WHO-approved vaccinations, wear a face mask, stay an appropriate distance away from your peers, and subject yourself to a temperature check and “health screening” every time you walk through the door.

You’ll be issued a wrist-band on first entry that you have to keep visible at all times. If you lose it, you’ll have to re-verify your vaccination status.

As somebody who got irritated by even the metal detectors as pre-Covid ICANN meetings, this all seems a bit too much of a hassle for me, despite The Hague being pretty much right on my doorstep. I probably won’t go, at least not for the full four days.

There will be no on-site registration, and you’ll have to register your attendance online five days in advance of the meeting, which begins June 13.

ICANN’s also asking attendees to sign away their rights, and their children’s rights, to sue if they get sick, even if they catch the virus from general counsel John Jeffrey walking up and sneezing a Covid payload directly into their eyes.

As spotted by Michele Neylon, the registration process for ICANN 74 contains an extensive, obligatory waiver that contains the following text:

Participation in the Event includes possible exposure to and illness from infectious diseases including but not limited to COVID-19. While particular rules and personal discipline may reduce this risk, the risk of serious illness and death exists. I knowingly and freely assume all risks related to illness and infectious diseases, including but not limited to COVID-19, even if arising from the negligence or fault of ICANN. I understand that, unless otherwise confirmed in writing by ICANN, if I am suggested or required to take diagnostic tests, seek medical treatment, extend my stay due to quarantine or illness, or otherwise change travel arrangements, I am responsible for making such arrangements and all costs incurred. I understand that ICANN recommends that I obtain appropriate insurance to cover these risks.

I hereby knowingly assume all risks, and covenant not to sue any employees, board members, agents, executives, contractors or volunteers of ICANN or its affiliate for any expense, loss, damage, personal injury, including loss of life, illness, including but not limited to COVID-19, disability, property damage, or property theft or actions of any kind that I may hereafter suffer or sustain before, during, or after the Event, unless said expense, loss, damage, personal injury, including loss of life, illness, disability, property damage or property theft or actions of any kind is caused by the sole, gross negligence of ICANN or its affiliate. This Liability Waiver and Release is specifically binding upon my heirs and assigns and is knowingly given.

I agree to indemnify and hold ICANN and its affiliate harmless from and against any claims, suits, causes of action, loss, liability, damage or costs, including court cost and attorneys’ fees, and fees to enforce this Agreement, that ICANN may incur arising from my involvement in the Event.

This kind of waiver is par for the course with ICANN. Just ask any new gTLD applicant. ICANN really, really doesn’t like being sued.

ICANN has outlined its health-and-safety measures, which may change, here. The waiver can be read during the registration process.

Satirists register Joe Rogan domain to promote Covid vaccines

Kevin Murphy, January 31, 2022, Gossip

An Australian comedy troupe has registered podcaster Joe Rogan’s name as a domain as part of an anti-anti-vaccine prank.

The Chaser, which has published satire across print, radio, TV and the web for the last 20 years, picked up joerogan.com.au a few days ago and redirected it to the Aussie government’s vaccine-booking web site.

The domain was publicized in the latest edition of The Chaser’s podcast, which was rebranded “The Joe Rogan Experience” and spent most of its 20-minute runtime skewering the US comedian and martial arts commentator.

Rogan has attracted negative attention in the last week or so for his skeptical comments about Covid-19 vaccines on his podcast, which is the most-listened podcast on Spotify, the platform with which he has an exclusive $100 million distribution deal.

Musicians Neil Young and Joni Mitchell have pulled their work from Spotify in protest at Rogan’s words, which they said were dangerous.

Rogan has since tried to clarify his comments and editorial policy, and Spotify has said it will start to provide links to reliable Covid-19 information alongside podcasts that address the topic.

Omicron domain sells for $5,000

Kevin Murphy, December 9, 2021, Domain Sales

The domain name omicronvariant.com, hand-registered less than six months ago, has sold for $5,000 via Sedo, raising all kinds of questions about the value and future of Covid-19 variant-related domains.

The domain, at time of writing, resolves to a Sedo parking page containing ads unrelated (for me) to the pandemic or healthcare.

It was registered in early June, just a day or two after the World Health Organization announced that it would start naming coronavirus variants after letters of the Greek alphabet.

At that time, and to this day, the delta variant is the dominant strain worldwide, and yet deltavariant.com is currently listed for sale for $2,000 at GoDaddy/Uniregistry.

It seems somebody out there is willing to bet that omicron will have the transmissibility speed and longevity to outstrip delta, become dominant, and make dropping $5,000 on the matching .com a wise investment.

Assuming non-nefarious use, I personally struggle to see the end-user value.

It appears that any .com combination of a Greek letter and the word “variant” that had not already been registered by June was quickly snapped up by speculators after WHO revealed its naming scheme.

Some domains, such as alphavariant.com and xivariant.com, were already in use by companies with web sites that predate the pandemic.

The company Nu Variant seems to have dodged a bullet — WHO skipped that letter because it’s a confusing homophone of “new” in some English dialects. It also skipped xi, as it’s a common name that happens to be shared by the premier of China, which was bad luck for the xivariant.com domainer.

All the other letters between delta and omicron have been assigned to variants that fizzled out or have failed to garner much media attention.

At this point, it seems quite possible that WHO will run out of Greek letters in a matter of months, but it reportedly has no current plan for its coronavirus nomenclature after that.

Hamburg to have second crack at hosting ICANN meeting

Kevin Murphy, December 8, 2021, Domain Policy

The City of Hamburg is to try again to bring in the ICANN crowd, after getting cancelled due to the pandemic last year.

German ccTLD registry DENIC, along with the city and local trade group eco, is taking a run at being selected as the host for ICANN 78, currently penciled in for October 2023, the company said this week.

It had been picked to host ICANN 69 in October 2020, but pandemic travel restrictions scuppered that opportunity.

The last six public ICANN meetings have been online-only, as will next March’s ICANN 73, which had been due to take place in Puerto Rico.

Hamburg’s chances would have to be said to be strong. Three other cancelled host cities — Kuala Lumpur, The Hague and Cancun — have already been confirmed for meetings in 2022 and 2023.

Of course, the ultimate decision-maker is a nucleic acid molecule wearing a spiky protein coat.