Latest news of the domain name industry

Recent Posts

.ru domains fly off the shelf as Western sanctions bite

Kevin Murphy, January 25, 2024, Domain Registries

Russia’s ccTLD has posted very impressive growth in registrations for 2023, attributable largely to sanctions related to the country’s invasion of Ukraine.

ccTLD.ru, the registry for .ru and .рф, reported that it ended 2023 with 5,439,137 .ru domains, an increase of 506,024 or 10.3% over the year. It said 85% of the names were registered by Russians.

It said 1,709,718 new domains were registered in .ru, with over 200,000 being registered per month by December.

For comparison with fellow top-10 ccTLDs, Germany’s .de grew by 201,000 names last year, and Brazil’s .br grew by 220,000. The UK’s .uk shrank and the Netherlands’ .nl was basically flat.

In the smaller Cyrllic .рф, the growth rate was even greater — 13.7%, with 768,883 domains in total at the end of the year, up 92,769 names, the registry said.

Despite the rapid growth, .ru is still a bit off its 2017 peak of around 5.53 million domains, according to my database.

In a press release, ccTLD.ru director Andrey Vorobyev admitted that one of the “main drivers” of the growth were Russians transferring their sites to Russia “under the pressure of sanctions”.

After Russia launched its full-scale invasion of Ukraine in 2022, many domain registries and registrars in the West unilaterally decided to stop doing business with Russian citizens and organizations, despite US government sanctions specifically not applying to domains.

GoDaddy cut off Russians and .ru while Namecheap, which has many support staff in Ukraine, cut off Russian customers and continues to prominently fund-raise for Ukraine on its storefront. Other companies announcing boycotts included 101domain, IONOS and Nominet.

Ukraine’s ccTLD, .ua, has fared less well during the crisis. Its total domain count shrank by about 77,000 to 514,000 in 2023, according to my database. The local registry, Hostmaster, had frozen deletions for a period to give people who had been displaced or mobilized more time to renew, but started releasing those domains last year.

Hostmaster has reported adoption of certain third-level geographic .ua domains that use Latin transliterations of Ukrainian place names, rather than Russian — .kyiv.ua versus .kiev.ua for example — as citizens seek to “de-Russify” their holdings.

ICANN to “stand up” to Russia at the ITU

Kevin Murphy, September 20, 2022, Domain Policy

ICANN is a non-political organization, but it cannot tolerate the platform of the Russian standing to be the secretary-general of the International Telecommunications Union.

CEO Göran Marby took a fairly bellicose tone in denouncing the platform at two sessions of ICANN 75 in Kuala Lumpur yesterday, warning that the election of Russian nominee Rashid Ismailov could not only destroy ICANN’s multistakeholder model but also internet interoperability in general.

Russia is pushing a position under which the powers of organizations such as ICANN, the Regional Internet Registries and standards-setting groups would be consumed by the ITU and managed in an multilateral, rather than multistakeholder, fashion.

Marby was asked a question about the election, due to take place at the ITU Plenipotentiary Conference in Bucharest starting next week, during an open-mic Q&A with the community yesterday.

“We are not campaigning against, but we are reflecting on the fact that one of the candidates does not like what you do here, your ability to walk up to the microphone and ask that question. You can’t do that in the UN setting,” he said.

“There’s a really really big risk that we will lose that ability for you,” he said, adding that he is concerned “that people around the world might not be able to connect to one single interoperable internet”.

“We are strictly neutral when it comes to who becomes the Secretary General,” he said. “We vividly oppose one of the platforms, that the Russian potential Secretary General stands for.”

“We are not a political organization, but we stand up one time… when we see proposals that would disconnect people from the internet or actually make it impossible for you to be here and make policies, that is when we go out and react. That’s the only time,” he said.

During remarks earlier in the day at the ICANN 75 opening ceremony, Marby addressed the same topic in slightly more evocative terms.

“What we do is like fighting for peace. You don’t fight for peace when war has broken out, you fight for peace before. We have to continue to work for the multistakeholder model now before it’s challenged too much,” he said.

Was this a deliberate allusion to the Russian invasion of Ukraine? Marby and/or his speechwriter can’t have been blind to the connotations.

Ismailov’s opponent in the election is Doreen Bogdan-Martin, an American with a much more acceptable policy platform.

ICANN earlier in the year published a paper (pdf) analyzing Russia’s stance on global internet policy. Marby’s remarks this week echo a warning he gave a year ago at ICANN 72.

In an explicit response to the opening ceremony remarks, on Tuesday Russia’s representative on the Governmental Advisory Committee offered a passionate defense of the Russian candidate, telling the GAC and ICANN’s board that his platform is about the “harmonization of ICT”.

He said that the role of the ITU secretary general is a neutral one, and not representative of any particular state.

During the same session Ukraine pleaded for more support, specifically in the form of satellite internet terminals, following ICANN’s donation of $1 million to support infrastructure projects in the war zone.

A million people are without internet access, he said, and rebuilding fiber networks destroyed by Russian missiles will take months because the fields are often mined.

ICANN reports shocking increase in pandemic scams

Kevin Murphy, May 6, 2022, Domain Tech

The number of gTLD domains being used for malware and phishing related to the Covid-19 pandemic has increased markedly in the last eight months, according to data released by ICANN this week.

The Org revealed that since it started tracking this kind of thing in May 2020 it has flagged 23,452 domains as “potentially active and malicious”.

The data is collected by checking zone files against a list of 579 keywords and running the results through third-party abuse blocklists. Blocked domains are referred to the corresponding registrars for action.

I’m not sure you could technically call these “takedown requests”, but there’s a pretty strong implication that registrars should do the right thing when they receive such a report.

The 23,452 notices is a sharp rise from both the 12,860 potentially abusive flagged names and 3,791 “high confidence” reports ICANN has previously said it found from the start of the project until August 2021.

It’s not clear whether the rise is primarily due to an increase in abusive practices or ICANN’s improved ability to detect scams as it adds additional keywords to its watch-list.

ICANN said in March that it is now also tracking keywords related to the Russian invasion of Ukraine.

It’s also asking organizations in frequently targeted sectors to supply keyword suggestions for languages or scripts that might be under-represented.

The data was processed by ICANN’s Domain Name Security Threat Information Collection and Reporting (DNSTICR or “DNS Ticker”), which Org management previously discussed at ICANN 73.

Ukraine won’t delete domains until war is over

Kevin Murphy, April 25, 2022, Domain Registries

Hostmaster, the Ukrainian ccTLD registry, has indefinitely paused domain deletions due to the ongoing war with Russian.

The company said its domain redemption period, which usually lasts 30 days after a registration expires, will now run until the end of martial law, which was brought in by the government shortly after the invasion.

The registry had previously, and perhaps optimistically, extended the window to 60 days. But the war continues, and many registrants are still unable to renew their names.

Since the first extension, registrars have already recovered over 300 names that were not renewed in time, Hostmaster said.

The price to restore an expired .ua name is the same as a renewal, the registry said.

ICANN picks recipient of $1 million Ukraine aid

Kevin Murphy, April 21, 2022, Domain Policy

ICANN has decided to donate $1 million to the Emergency Telecommunications Cluster, an international organization that helps people stay connected during times of crisis.

The donation was announced at ICANN 73 in early March, not long after Russia’s invasion of Ukraine, and ICANN has spent the last six weeks picking a recipient and doing its due diligence. For ICANN, that’s basically warp speed.

The ETC is one of 11 “clusters”, overseen by the UN’s Inter-Agency Standing Committee, which provide relief during humanitarian crises. Other clusters help with food, medicine, and so on.

Its partners include UN agencies, other governmental bodies, charities, and private companies such as Cisco and Iridium.

The ETC has been on the ground in Ukraine since March 3, preparing to provide emergency communications and strengthen infrastructure against cyber-attacks, though its latest report notes that Ukraine’s infrastructure is holding up pretty well so far.

ICANN CEO Göran Marby said in a statement:

This is an initiative for which we have no precedent; it is a first for ICANN. I am proud of the org for the drive and commitment to quickly identify the best path and organization to efficiently deliver meaningful support. The ETC’s vision of “a world where safe and local access to reliable communications is always available” is well aligned with our mission to ensure the stable and secure operation of the Internet’s unique identifier systems.

ICANN’s board has approved an ongoing program of similar donations, not just for Ukraine.

Domain sales exempt from US sanctions on Russia

Kevin Murphy, April 11, 2022, Domain Policy

A variety of internet technologies, including domain name registration services, have been declared exempt from US sanctions on Russia.

The Department of the Treasury’s Office of Foreign Assets Control has issued a notice (pdf) specifically authorizing the export to Russia for the following:

services, software, hardware, or technology incident to the exchange of communications over the internet, such as instant messaging, videoconferencing, chat and email, social networking, sharing of photos, movies, and documents, web browsing, blogging, web hosting, and domain name registration services

The move is reportedly meant to support independent media’s and activists’ fight against Russian government propaganda during the Ukrainian invasion.

Some US registrars, including Namecheap and GoDaddy, have chosen to restrict their Russian customer base on ethical grounds since the first week of the war in Ukraine.

Namecheap, which has many staff in Ukraine, has banned all Russian custom other than those actively opposing the Putin government.

Microsoft seizes domains Russia was using to attack Ukraine

Kevin Murphy, April 11, 2022, Domain Policy

Microsoft says it has taken control of some domain names that we being using by hackers connected to the Russian security services to launch cyber attacks against Ukrainian, US and EU targets.

Company VP Tom Burt wrote that seven domains used by a group called Strontium were seized via a US court order and redirected to a Microsoft sinkhole, disrupting these attacks.

Burt wrote that the targets were Ukrainian media organizations and US and EU foreign policy think tanks, adding:

We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information.

One wonders why Russia would use domains under US jurisdiction to conduct such attacks.

Ukraine registry hit by 57 attacks in a week

Kevin Murphy, March 24, 2022, Domain Registries

Ukrainian ccTLD registry Hostmaster today said its infrastructure was hit by 57 distributed denial of service attacks last week.

On its web site, which has continued to function during the now month-long Russian invasion, the company said it recorded the attacks between March 14 and 20, which a top strength of 10Gbps.

“All attacks were extinguished. The infrastructure of the .UA domain worked normally,” the company, usually based in Kyiv, said.

Hostmaster took the initiative in the first days of the war to move much of its infrastructure out-of-country, to protect .ua from physical damage, and to sign up to DDoS protection services.

101domain throttles its business in Russia

Kevin Murphy, March 11, 2022, Domain Registrars

101domain has become the latest registrar to say it is limiting its business in Russia in response to the invasion of Ukraine.

The company, owned by Altanovo Domains, said today it is suspending all new accounts, orders and inbound domain transfers for customers located in Russia.

It will also no longer sell or accept transfers for domains in Russian-linked TLDs .ru (including third-level names), .рф (.xn--p1ai), .МОСКВА (.xn--80adxhks), .рус (.xn--p1acf), .дети (.xn--d1acj3b), .su, and .tatar.

“We will continue to process renewals of existing services for the time being, however this may change at any time and without notice,” the company said.

101domain follows fellow registrars Namecheap, IONOS, and GoDaddy in announcing what effectively amount to commercial sanctions against Russia.

Industry bodies CENTR and ICANN, along with ccTLD registry Nominet, have also committed to concrete actions to sanction Russia and/or support Ukraine.

ICANN bigwigs support sanctions on Russian domains

Kevin Murphy, March 11, 2022, Domain Policy

Current and former ICANN directors are among 36 high-profile tech policy veterans to support the creation of a new domain block-list that could be deployed in humanitarian crises such as the current war in Ukraine.

An open letter (pdf), published last night, calls to effectively create a list of sanctioned domain names and IP addresses that could be blocked in much the same way as current lists help network operators block spam and malware.

The letter says:

We call upon our colleagues to participate in a multistakeholder deliberation… to decide whether the IP addresses and domain names of the Russian military and its propaganda organs should be sanctioned, and to lay the groundwork for timely decisions of similar gravity and urgency in the future.

Signatories include current ICANN director Ihab Osman, former chair Steve Crocker, founding CEO Mike Roberts, former CSO Jeff Moss and former director Alejandro Pisanty.

Other signatories include three members of the European Parliament, various academics and security researchers, the bosses of networking coordination groups, and the CEOs of several ccTLD registries.

Dmitry Kohmanyuk, founder of Ukrainian ccTLD registry Hostmaster, also signed the letter.

The letter deconstructs Ukraine’s recent requests for internet sanctions against Russian, including its request for ICANN to turn off Russia’s .ru domain, and concludes “the revocation, whether temporary or permanent, of a ccTLD is not an effective sanction because it disproportionately harms civilians”.

Such a sanction would be trivially circumvented and would lead to the proliferation of alt-roots, harming international interoperability, they say.

Having ruled out sledgehammers, the letter goes on to suggest a nutcracker approach, whereby the domain names and IP addresses of sanctioned entities are blocked by consensus of network operators like they’re no more than filthy spammers. The letter reads:

Blocklisting of domain names allows full precision and specificity, which is the problem that precludes action by ICANN. The system is opt-in, voluntary, consensual, and bottom-up, all values the Internet governance community holds dear. Yet, at the same time, it has achieved broad adoption.

We conclude that the well-established methods of blocklisting provide the best mechanism for sanctioning both IP routes and traffic and domain names, and that this mechanism, if implemented normally by subscribing entities, has no significant costs or risks.

The billion-dollar question is of course: Who would decide what goes on the list?

The letter, which says it’s designed to be a conversation-starter, is a bit vague on the policy-making aspect of the proposal.

It calls for the formation of “a new, minimal, multistakeholder mechanism” that would publish a block-list data feed after “due process and consensus”, adding:

This process should use clearly documented procedures to assess violations of international norms in an open, multistakeholder, and consensus-driven process, taking into account the principles of non-overreach and effectiveness in making its determinations. This system mirrors existing systems used by network operators to block spam, malware, and DDoS attacks, so it requires no new technology and minimal work to implement.

While such a system might well help protect gullible (to pick a nationality at random) Americans from the Kremlin’s misinformation campaigns, it’s not immediately clear to me how such a system would help shield blameless everyday Russians from their own government’s propaganda.

If rt.com, for example, were on the block-list, and Russia wanted RT available to its citizens, presumably Russian ISPs would just be told, at the barrel of a metaphorical gun, to stop using the block-list.

It will be interesting to see where this conversation leads.