Verisign growth slows with post-Covid blues

Verisign sold fewer .com and .net domains than it did a year ago in the third quarter and has once again slashed its outlook for the year.

It had 174.2 million names across the two TLDs at the end of September, an increase of 1.2% over the year but down by around 100,000 names (rounded) on the quarter.

There were 9.9 million new domains sold. That compares to 10.1 million in the second quarter and 10.7 million in Q3 last year.

It now expects its total domains under management to increase by between 0.25% and 1% for the full year. That compares to the between 0.5% and 1.5% it predicted at the end of Q2, the 1.75% and 3.5% predicted in April, and the between 2.5% and 4.5% it predicted in February.

That equates to 2022 revenue of $1.418 billion to $1.426 billion, CFO George Kilguss told analysts. Verisign’s always jaw-dropping operating margin is expected to be between 65.75% and 66.25%.

CEO Jim Bidzos told analysts the slower growth can the attributed to the general macroeconomic malaise, Verisign coming off the lockdown bump experienced in 2020 and 2021, and the perennial issue of Chinese lumpiness.

Renewal rates for Q3 are expected to be 73.8%, the same as Q2 but down from 75% a year-ago.

But the company continues to make money hand over fist. Revenue was up 6.8% compared to Q3 last year at $357 million and net income was up to $169 million compared to $157 million a year ago.

Taliban seizing domains to silence journalists

The Taliban is attempting to close down independent media outlets in Afghanistan by deleting their .af domain names.

The Ministry of Communications and Information Technology tweeted that the sites of Hasht-e Subh Daily and Zawia News were “taken down” for publishing “unbalanced reports and fake news”.

د هشت صبح او زاویه نیوز خبري شبکو وېبسايټونه د مخابراتو او معلوماتي ټکنالوجۍ وزارت له لوري وټړل شول.
هشت صبح او زاویه نیوز خبري شبکې چې د افغانستان اسلامي امارت مشرانو پورې یې دروغجن تورونه تړل، بې توازنه راپورونه او کاذب خبرونه یې خپرول د یوې فیصلې پر بنسټ یې وبسایټونه ؤتړل شول pic.twitter.com/cexPduvMjT

— Anayatullah Alokozay (@Anayatalokozay) October 3, 2022

.af’s registry is government-run.

According to the Committee to Protect Journalists, the two sites have been reporting by Afghans in exile since the Taliban retook the country over a year ago.

Both outlets have now switched domains to TLDs based in the US — Verisign and Identity Digital, where presumably they’re pretty safe from the Taliban’s reach. They’re now using zawiamedia.com and 8am.media instead of the original .af names.

.com and .net are the drag factor on domain industry growth

Verisign’s own gTLDs .com and .net slowed overall domain industry volume growth in the second quarter, according to its latest Domain Name Industry Brief.

June ended with 351.5 million registrations across all TLDs, up 1 million sequentially and 10.4 million year-over-year.

Growth would have been slightly better without the drag factor of .com and .net, which were down 200,000 domains each sequentially, as Verisign previously reported in its Q2 financial results. There were 161.1 million names in .com and 13.2 million in .net.

The ccTLD world grew by 700,000 names sequentially and 2.6 million compared to a year earlier, the DNIB states.

New gTLD names were up by the same amount sequentially and 4.1 million year over year, ending the quarter at 27 million.

Did a sexy Russian spy nerf the o.com auction?

It’s been over three years since Verisign won the right to auction off the domain name o.com for charity, and so far there’s no sign of a sale. Could a pro-Trump conspiracy theorist’s affair with a Russian spy be the reason?

The .com registry operator received permission from ICANN for a one-off auction — a unique exception to the decades-old convention that single-character .com domains are reserved — in March 2019, and that was the last we heard of it.

There’s been no announcement of an auction date, and neither ICANN nor Verisign have mentioned it since.

I asked Verisign a couple of weeks ago what the company’s plans were and at the weekend received the reply: “Thanks for reaching out and your interest is noted. Once there is an update, we will reach back out to you.”

I don’t think I’m getting into conspiracy theory territory to suggest that the reason for the lack of movement is that the domain’s most likely buyer, the man most likely behind Verisign asking ICANN’s permission in the first place, lost his job a few months after the auction was approved.

When in 2017 Verisign filed its request with ICANN it was widely believed to be primarily the result of a pressure campaign by Patrick Byrne, then-CEO of online retailer Overstock.com, that had gone on for over a decade.

Byrne had been nagging Verisign and ICANN to let him register the domain since at least 2004, as this published correspondence (pdf) illustrates.

Former senior ICANN staffer Kurt Pritz later recounted how Byrne “slid a check for $1,000,000 payable to ICANN across my desk” to persuade a then-broke ICANN to release the name, around the same time. The offer was rebuffed.

Byrne’s obsession with o.com continued, but in 2010 he seemed to throw in the towel briefly when Overstock paid relaunching Colombian ccTLD operator .CO Internet a whopping $350,000 for the domain o.co, which Overstock promptly rebranded around.

Overstock even purchased the naming rights to the Oakland Coliseum baseball stadium, which was known as the O.co Coliseum from 2011 to 2016.

But rebranding is always a risk, not least when it’s to an unfamiliar TLD, and Byrne admitted in 2012 that the move had been a huge mistake.

“O.co was my bad call,” Byrne said at the time, adding that “about eight out of 13 people who were trying to visit us through O.co, eight were typing O.com”.

So when Verisign got the nod to sell o.com, you might have expected Byrne to be champing at the bit.

But in August 2019, Byrne quit Overstock after it emerged he had been in a sexual relationship — according to him encouraged by shadowy FBI agents — with a Russian woman half his age convicted in the US of being a spy in 2018.

Byrne admitted the reportedly three-year relationship with Maria Butina, who after her release from US prison became a member of Russia’s parliament with Putin’s United Russia party, in August 2019. It’s a pretty wild story.

He quit his job at Overstock, the company he had founded, at the same time and a month later sold all his stock in the company.

Byrne has since gone on to be a full-time conspiracy theorist, including reportedly being one of several people who, in December 2020, had a bizarre White House meeting in which they attempted to explain to then-President Trump how the 2020 election had been stolen — the birth of the “Big Lie”.

That was reportedly the first time he had met Trump. There’s no evidence I’m aware of that he had the president’s ear while Verisign was asking his administration to lift the price freeze on .com domains, which it did in 2018.

Conspiracies aside, it’s undoubtedly true that Byrne’s resignation means Verisign has lost its most motivated bidder for o.com, so an auction would likely prove disappointing, unless Oprah Winfrey is feeling particularly frivolous.

Verisign to crack down on Chinese domains

Verisign has asked for permission to implement a more stringent regime for denying or suspending .com and .net domain names registered in China, to comply with the country’s strict licensing rules.

The changes appear to mean that customers of Chinese registrars who have not verified their identities, which Verisign says is a “very small percentage”, will be prevented from registering new domains and may lose their existing domains.

The company has filed a Registry Services Evaluation Process request with ICANN, proposing to tweak the registrant verification system it has had in place for the last five years in a few significant ways.

China has a system called Real Name Verification, whereby Chinese citizens have to provide government-issued ID when they register domains. Local, third-party Verification Service Providers such as ZDNS typically carry out the verification function for Verisign and other foreign registries.

The big change is that Verisign will no longer allow names to be registered without a valid code.

The RSEP says that attempts by China-based registrars to register domains without the required government verification code will result in the EPP create command failing, meaning the domain will not be registered.

Under the current system, outlined in a 2016 RSEP (pdf), the name is registered and Verisign presumably takes the money, but the domain is placed on serverHold status, meaning it is not published in the zone and will not resolve.

The new system will also allow Verisign to retroactively demand codes for already-registered names, when they come up for renewal or transfer, with the option to suspend or delete the names if the codes are not provided. The RSEP (pdf) states:

With regard existing domain names without the required verification codes, which currently comprise a very small percentage of domain name registrations from registrars licensed to operate in the People’s Republic of China, Verisign intends to address compliance issues with these domain names directly with registrars. Verisign reserves the right to deny, cancel, redirect or transfer any domain name registration or transaction, or place any domain name(s) on registry lock, hold or similar status

It’s not clear what a “very small percentage” means in hard numbers. A small slice of a big pie is still a mouthful.

Verisign has substantial exposure to the Chinese market. On the odd occasion when .com shrinks, it’s largely due to speculative registrations from China not being renewed, such as in the second quarter this year.

The RSEP names the service the Domain Name Registration Validation Per Applicable Law service. While it’s in theory applicable to any jurisdiction’s laws, in practice it’s all about addressing the demands of the Chinese government.

Verisign announces ANOTHER price increase as regs slide

Verisign posted a rare decrease in its .com/.net registered name base in the second quarter, but said it is going to raise its .net prices next year anyway.

The company also massively slashed its growth outlook for domain sales this year.

The annual cost of a .net name will go up 10%, the maximum permissible under its contract with ICANN, to $9.92 from February 1 next year, the registry said

Registrants will as usual be able to lock-in the current renewal fee of $9.02 for up to 10 years if they renew before the hike kicks in.

It’s the first .net price increase since 2018. The TLD has been stagnating in volume terms for several years, due no doubt in part to behavioral changes following the introduction of new gTLDs starting in late 2013.

The news came as Verisign reported that its domain base shrunk during Q2.

The company ended June with 174.3 million names under management, up 2.2% over a year earlier but down 350,000 domains compared to the end of Q1.

The split was 161.1 million for .com and 13.2 million for .net — that’s a sequential decrease of 200,000 for .com and a decrease of 200,000 for .net. Both rounded, of course.

CEO Jim Bidzos told analysts tonight that renewals were affected by a great many first-time registrations from China not renewing. General post-pandemic and macro-economic factors also played a role, he said.

The preliminary renewal rate was 75.9% compared to 76.0% a year earlier, but the number of new regs was down to 10.1 million from 11.7 million over the same period.

Verisign reported Q2 revenue up 6.8% on a year ago at $352 million, with net income of $167 million compared to $148 million. Its operating margin swelled to 67.1% percent from 64.7%.

Bidzos told analysts that the company is cutting its registered name growth prediction for the year to between 0.5% and 1.5%, a huge decrease from the already-downgraded estimate of 1.75% and 3.5% it made after the first quarter.

He said that he expects Q3 and Q4 to go much the same way as Q2.

Bidzos said he thinks the current factors affecting regs are a bump in the road and he expects things to stabilize over time.

UPDATE 2148 UTC — The article was updated to correct the comparison of the decrease in .com/.net regs.

Verisign to mandate 2FA for .com registrars

Over 2,000 registrars are likely to be affected by a new Verisign policy making two-factor authentication mandatory when logging into the company’s registrar portal.

ICANN has given the preliminary nod to a Verisign proposal to make 2FA, which has been available on an optional basis for over a decade, mandatory.

Voluntary adoption of the security feature has been light since it was first introduced in 2009. According to Verisign’s Registry Services Evaluation Process request (pdf) only around 200 registrars currently use it.

There were 2,446 active .com registrars at the last count. The RSEP also applies to .net and .name.

The 2FA system requires registrars to enter a one-time password, in addition to their usual credentials, whenever they log in to their accounts.

The change only applies to registrars logging into Verisign’s web site to manage their accounts, not to registrants who have .com domains. It does not apply to under-the-hood EPP transactions.

The company is hoping to implement the change pretty damn quick — its June 30 RSEP states that it will start to give registrars a 30-day noticed period the following day, before ICANN had even formally approved the change.

ICANN approval (pdf) came yesterday, so presumably 2FA will become mandatory in a matter of days.

.xyz kicks France out of the top 10 TLDs — Verisign

Verisign is reporting that the total number of registered domains worldwide topped 350 million in the first quarter, under its new reporting methodology.

The company’s latest Domain Name Industry Brief states that there were 350.5 million names across (almost) all TLDs, up by 8.8 million or 2.6% compared to the end of 2021 or 13.2 million (3.9%).

It’s sequential growth well beyond the 3.3 million increase reported in Q4, but the first quarter of any year is usually seasonally strong.

It’s the second DNIB that excludes Freenom’s collection of free TLDs, notably .tk, making comparisons beyond what Verisign itself calculates challenging.

Verisign’s own .com was up from 160 million to 161.3 million domains over the period, while .net was flat at 13.4 million.

Total ccTLD names were up 6 million or 4.7% sequentially to 133.4 million and up 3.1 million or 2.4% year over year.

The top 10 TLDs saw a new entry, with XYZ.com’s .xyz taking the tenth position with 4 million names, kicking out French ccTLD .fr, which has 3.9 million.

After 10 months, ICANN board “promptly” publishes its own minutes

ICANN’s board of directors has approved a huge batch of its own meeting minutes, covering the period from July 15 last year to March 10 this year, raising questions about its commitment to timely transparency.

The board approved the minutes of its last 14 full-board meetings in one huge batch of 14 separate resolutions at its May 12 meeting, and they’ve all now been published on the ICANN web site, along with redacted briefing papers for said meetings.

The period includes decisions on planning for the next new gTLD round and Whois reform, the legal fight with Afilias over the contested .web gTLD, and apparently divisive discussions about the timing of a post-pandemic return to face-to-face meetings.

No explanation has been given for why it’s taken so long for these documents to appear, the timing of which appears to go against ICANN’s bylaws, which state that minutes are supposed to be approved and published “promptly”:

All minutes of meetings of the Board, the Advisory Committees and Supporting Organizations (and any councils thereof) shall be approved promptly by the originating body and provided to the ICANN Secretary (“Secretary”) for posting on the Website.

ICANN almost always published its board’s resolutions within a few days of approval, and a preliminary report — which also includes the number of votes yay or nay, without naming the directors — within a couple of weeks.

The minutes, which are published only after the board rubber-stamps them, typically include a further vote breakdown and a little bit of color on how the discussion went down.

In the newly published batch, some of the documents are somewhat illuminating, while others barely nudge the dimmer switch.

For example, the preliminary report for the July 15, 2021 meeting, published 11 days later, notes that three of the 16 voting directors rebelled on a resolution about making the October annual general meeting in Seattle a virtual-only event, but the just-published minutes name those directors and flesh out some of their reasons for dissenting.

It turns out the directors had a “robust discussion”, with some arguing that it would be safe to go ahead with a “hybrid” meeting comprising both face-to-face and remote participation options.

The dissenting directors were Ron da Silva, Avri Doria, and Ihab Osman, it turns out. Osman and da Silva had voted a similar way a year earlier.

Directors could not reasonably have been expected to know about the impact the Delta variant of Covid-19 would have on world health in the latter half of the year. It had been identified and named by scientists but had yet to spread to the extent it was making headlines.

But they were aware of concerns from the Asia-Pacific members of the community, worried that a hybrid meeting in Seattle would disadvantage those unable to attend due to pandemic travel restrictions. This appears to have been raised during the discussion:

Some Board members expressed desire to see more work done to have ICANN72 as a hybrid meeting. They noted that Seattle has protocols in place to ensure the health and safety of ICANN staff and the community, and ICANN should use this opportunity to begin to return to its normal meeting standards as much as possible. Others noted that the concerns about travel inequities or restrictions for certain parts of the world should not prevent moving forward with an in-person component for ICANN72 because such inequities and restrictions exist with or without the pandemic.

The return to in-person meetings was discussed again in November, when the board decided to junk plans, secured by the dissenting directors in July, for a hybrid meeting in San Juan, Puerto Rico.

Ron da Silva had left the board by this point, but the new minutes show that Doria and Osman were joined by León Sánchez in advocating for a hybrid meeting with an in-person component.

While the July minutes contains a few paragraphs summarizing discussions, the November minutes simply notes that the board “reviewed the proposed resolution and rationale to confirm that it reflects the Board’s discussion and edits”.

And that’s pretty typical for most of the documents published this week — time and again the substantive discussion appears to have either happened off-camera, during non-minuted sessions of the board at unspecified times, or was simply not minuted.

Interested in the talks leading to the approval of the new gTLDs Operational Design Phase? The minutes shed no light.

Interested in how the board reacted to ICANN losing its Independent Review Process case with Afilias about .web? The minutes merely note that the resolution was approved “after discussion”.

There’s also a glaring hole in one set of minutes, raising questions about whether these documents are a reliable record of what happened at all.

We know for a fact that on September 12 the ICANN board approved a resolution naming the new chair and vice chair of its influential Nominating Committee, only to reconvene two weeks later to scrap that decision and name a different chair instead.

But if you read the September 12 minutes, you’ll find no record of NomCom even being discussed, let alone a resolution being passed appointing a chair.

The newly published batch of documents cover several resolutions related to executive pay, but none of the minutes contain the same level of transparency as ICANN displayed in February 2021, when it revealed that three directors voted against CEO Göran Marby’s pay rise.

In terms of transparency, that now appears to fully confirmed as an isolated incident.

A sign of things to come? Verisign slashes outlook in post-pandemic slowdown

Verisign is warning that its business is going to grow slower than expected in 2022, due to the after-effects of the pandemic and general economic conditions.

The registry tonight reported first-quarter revenue of $347 million, up 7% on the comparable period a year ago, after raising its .com prices 7% last year.

But the company has slashed its sales estimates for the year.

CEO Jim Bidzos told analysts this evening that the company and its registrars have started to see a post-pandemic slowdown in sales, exacerbated by other unspecified “macro-economic factors”.

“Incremental demand for new registrations that grew during the pandemic is subsiding,” Bidzos said.

Many domain companies, including Verisign, saw growth spikes during the pre-vaccine pandemic, when many small businesses moved to online sales to stay afloat during recurring lockdown restrictions.

But that’s all over now, and the economic fallout most of us are feeling seems to also be affecting domain sales.

The company said its net income for the first quarter was $158 million, up from $150 a year ago. Its operating margin slipped a little, however, from an enormous 65% to an enormous 64.8%.

Verisign ended the quarter with 161.3 million .com domains and 13.4 million .net domains under management, up 4% combined at 174.7 million.

The renewal rate for .com and .net domains was estimated at 74.8%, up from 73.5% a year ago.

The company expects its domain base to grow between 1.75% and 3.5% this year. That’s down quite significantly from its February estimate of growth between 2.5% and 4.5%.

It added 10.1 million new names in the quarter, compared to 10.6 million in Q4 and 11.1 million in Q1 last year.

While Bidzos did not drill very deep into the other factors contributing to his pessimistic outlook, he did say that the war in Ukraine was not a factor. Sales in Ukraine, Russia and Belarus are “not material”, he said.

I suspect what we’re looking at here is probably related to what the media here in the UK is calling the “cost of living crisis”, which is seeing the price of staples such as food and energy skyrocket and many people cut back on luxuries as a result.

UPDATE: This article was updated July 28, 2022 to correct the number of .net registrations from 13.1 million to 13.4 million.