Latest news of the domain name industry

Recent Posts

ICANN reports shocking increase in pandemic scams

Kevin Murphy, May 6, 2022, Domain Tech

The number of gTLD domains being used for malware and phishing related to the Covid-19 pandemic has increased markedly in the last eight months, according to data released by ICANN this week.

The Org revealed that since it started tracking this kind of thing in May 2020 it has flagged 23,452 domains as “potentially active and malicious”.

The data is collected by checking zone files against a list of 579 keywords and running the results through third-party abuse blocklists. Blocked domains are referred to the corresponding registrars for action.

I’m not sure you could technically call these “takedown requests”, but there’s a pretty strong implication that registrars should do the right thing when they receive such a report.

The 23,452 notices is a sharp rise from both the 12,860 potentially abusive flagged names and 3,791 “high confidence” reports ICANN has previously said it found from the start of the project until August 2021.

It’s not clear whether the rise is primarily due to an increase in abusive practices or ICANN’s improved ability to detect scams as it adds additional keywords to its watch-list.

ICANN said in March that it is now also tracking keywords related to the Russian invasion of Ukraine.

It’s also asking organizations in frequently targeted sectors to supply keyword suggestions for languages or scripts that might be under-represented.

The data was processed by ICANN’s Domain Name Security Threat Information Collection and Reporting (DNSTICR or “DNS Ticker”), which Org management previously discussed at ICANN 73.

A sign of things to come? Verisign slashes outlook in post-pandemic slowdown

Kevin Murphy, April 28, 2022, Domain Registries

Verisign is warning that its business is going to grow slower than expected in 2022, due to the after-effects of the pandemic and general economic conditions.

The registry tonight reported first-quarter revenue of $347 million, up 7% on the comparable period a year ago, after raising its .com prices 7% last year.

But the company has slashed its sales estimates for the year.

CEO Jim Bidzos told analysts this evening that the company and its registrars have started to see a post-pandemic slowdown in sales, exacerbated by other unspecified “macro-economic factors”.

“Incremental demand for new registrations that grew during the pandemic is subsiding,” Bidzos said.

Many domain companies, including Verisign, saw growth spikes during the pre-vaccine pandemic, when many small businesses moved to online sales to stay afloat during recurring lockdown restrictions.

But that’s all over now, and the economic fallout most of us are feeling seems to also be affecting domain sales.

The company said its net income for the first quarter was $158 million, up from $150 a year ago. Its operating margin slipped a little, however, from an enormous 65% to an enormous 64.8%.

Verisign ended the quarter with 161.3 million .com domains and 13.1 million .net domains under management, up 4% combined at 174.7 million.

The renewal rate for .com and .net domains was estimated at 74.8%, up from 73.5% a year ago.

The company expects its domain base to grow between 1.75% and 3.5% this year. That’s down quite significantly from its February estimate of growth between 2.5% and 4.5%.

It added 10.1 million new names in the quarter, compared to 10.6 million in Q4 and 11.1 million in Q1 last year.

While Bidzos did not drill very deep into the other factors contributing to his pessimistic outlook, he did say that the war in Ukraine was not a factor. Sales in Ukraine, Russia and Belarus are “not material”, he said.

I suspect what we’re looking at here is probably related to what the media here in the UK is calling the “cost of living crisis”, which is seeing the price of staples such as food and energy skyrocket and many people cut back on luxuries as a result.

Ukraine won’t delete domains until war is over

Kevin Murphy, April 25, 2022, Domain Registries

Hostmaster, the Ukrainian ccTLD registry, has indefinitely paused domain deletions due to the ongoing war with Russian.

The company said its domain redemption period, which usually lasts 30 days after a registration expires, will now run until the end of martial law, which was brought in by the government shortly after the invasion.

The registry had previously, and perhaps optimistically, extended the window to 60 days. But the war continues, and many registrants are still unable to renew their names.

Since the first extension, registrars have already recovered over 300 names that were not renewed in time, Hostmaster said.

The price to restore an expired .ua name is the same as a renewal, the registry said.

ICANN picks recipient of $1 million Ukraine aid

Kevin Murphy, April 21, 2022, Domain Policy

ICANN has decided to donate $1 million to the Emergency Telecommunications Cluster, an international organization that helps people stay connected during times of crisis.

The donation was announced at ICANN 73 in early March, not long after Russia’s invasion of Ukraine, and ICANN has spent the last six weeks picking a recipient and doing its due diligence. For ICANN, that’s basically warp speed.

The ETC is one of 11 “clusters”, overseen by the UN’s Inter-Agency Standing Committee, which provide relief during humanitarian crises. Other clusters help with food, medicine, and so on.

Its partners include UN agencies, other governmental bodies, charities, and private companies such as Cisco and Iridium.

The ETC has been on the ground in Ukraine since March 3, preparing to provide emergency communications and strengthen infrastructure against cyber-attacks, though its latest report notes that Ukraine’s infrastructure is holding up pretty well so far.

ICANN CEO Göran Marby said in a statement:

This is an initiative for which we have no precedent; it is a first for ICANN. I am proud of the org for the drive and commitment to quickly identify the best path and organization to efficiently deliver meaningful support. The ETC’s vision of “a world where safe and local access to reliable communications is always available” is well aligned with our mission to ensure the stable and secure operation of the Internet’s unique identifier systems.

ICANN’s board has approved an ongoing program of similar donations, not just for Ukraine.

Domain sales exempt from US sanctions on Russia

Kevin Murphy, April 11, 2022, Domain Policy

A variety of internet technologies, including domain name registration services, have been declared exempt from US sanctions on Russia.

The Department of the Treasury’s Office of Foreign Assets Control has issued a notice (pdf) specifically authorizing the export to Russia for the following:

services, software, hardware, or technology incident to the exchange of communications over the internet, such as instant messaging, videoconferencing, chat and email, social networking, sharing of photos, movies, and documents, web browsing, blogging, web hosting, and domain name registration services

The move is reportedly meant to support independent media’s and activists’ fight against Russian government propaganda during the Ukrainian invasion.

Some US registrars, including Namecheap and GoDaddy, have chosen to restrict their Russian customer base on ethical grounds since the first week of the war in Ukraine.

Namecheap, which has many staff in Ukraine, has banned all Russian custom other than those actively opposing the Putin government.

Microsoft seizes domains Russia was using to attack Ukraine

Kevin Murphy, April 11, 2022, Domain Policy

Microsoft says it has taken control of some domain names that we being using by hackers connected to the Russian security services to launch cyber attacks against Ukrainian, US and EU targets.

Company VP Tom Burt wrote that seven domains used by a group called Strontium were seized via a US court order and redirected to a Microsoft sinkhole, disrupting these attacks.

Burt wrote that the targets were Ukrainian media organizations and US and EU foreign policy think tanks, adding:

We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information.

One wonders why Russia would use domains under US jurisdiction to conduct such attacks.

War fails to stop .ua domains selling

Kevin Murphy, March 29, 2022, Domain Registries

Ukraine’s ccTLD has maintained what appears to be a healthy level of new registrations, despite the Russian invasion.

The company today reported that between February 24 and March 25, it saw over 3,000 new .ua domain regs, over 2,000 of which were in .com.ua. The ccTLD offers names in a few dozen third-level spaces.

February 24 was the day Russia invaded, and the day Ukraine went into martial law.

“The com.ua domain is mostly used by commercial organizations. Therefore, the presence of registrations shows that Ukrainian business continues to operate under martial law,” Hostmaster wrote (via Google Translate).

.ua had a total of 534,162 domains under all 2LDs today, according to the registry’s web site.

While Hostmaster has not yet published its end-of-month stats for March, it appears that the new adds suggest an improvement on typical monthly performance, or at least business as usual.

The registry has come under denial-of-service attack dozens of times since the war started, but says it has so far continued to operate without interruption.

Marby pledges low red tape in $1 million Ukraine donation

Kevin Murphy, March 28, 2022, Domain Policy

It’s been three weeks since ICANN promised $1 million to support internet access in Ukraine and CEO Göran Marby says he’s trying to get the money put in to action as efficiently as possible.

Thankfully, the Org doesn’t seem to be resorting to its regular fallback position of creating a time-consuming committee or esoteric process, but there are still some hoops that need to be jumped through.

Marby wrote today:

We made the decision to partner with an organization that is already on the ground in Ukraine providing support that is in alignment with our mission. I believe that contributing to an existing organization is a better option than creating our own tailor-made solution, especially when we do not have expertise in disaster recovery and crisis response work.

ICANN is doing due diligence on “several” organizations to make sure the Org meets “applicable laws, regulations, and ICANN’s fiduciary obligations”, he wrote.

While the money has been committed to help internet access — in line with ICANN’s mission — nothing has been publicly disclosed about what specifically it will be spent on.

One idea floated during ICANN 73 earlier this month was to provide satellite terminals that could be used to work around any infrastructure damage caused by the Russian invasion on the ground.

Marby wrote:

We are working diligently to implement this initiative in a timely manner, doing everything we can to speed the process, while at the same time proceeding in a cautious and responsible way.

He promised an update when the money has been allocated.

Ukraine registry hit by 57 attacks in a week

Kevin Murphy, March 24, 2022, Domain Registries

Ukrainian ccTLD registry Hostmaster today said its infrastructure was hit by 57 distributed denial of service attacks last week.

On its web site, which has continued to function during the now month-long Russian invasion, the company said it recorded the attacks between March 14 and 20, which a top strength of 10Gbps.

“All attacks were extinguished. The infrastructure of the .UA domain worked normally,” the company, usually based in Kyiv, said.

Hostmaster took the initiative in the first days of the war to move much of its infrastructure out-of-country, to protect .ua from physical damage, and to sign up to DDoS protection services.

101domain throttles its business in Russia

Kevin Murphy, March 11, 2022, Domain Registrars

101domain has become the latest registrar to say it is limiting its business in Russia in response to the invasion of Ukraine.

The company, owned by Altanovo Domains, said today it is suspending all new accounts, orders and inbound domain transfers for customers located in Russia.

It will also no longer sell or accept transfers for domains in Russian-linked TLDs .ru (including third-level names), .рф (.xn--p1ai), .МОСКВА (.xn--80adxhks), .рус (.xn--p1acf), .дети (.xn--d1acj3b), .su, and .tatar.

“We will continue to process renewals of existing services for the time being, however this may change at any time and without notice,” the company said.

101domain follows fellow registrars Namecheap, IONOS, and GoDaddy in announcing what effectively amount to commercial sanctions against Russia.

Industry bodies CENTR and ICANN, along with ccTLD registry Nominet, have also committed to concrete actions to sanction Russia and/or support Ukraine.