GoDaddy’s next .xxx contract may not be a done deal

ICANN has published what could be the next version of GoDaddy’s .xxx registry contract, and is framing it as very much open to challenge.

The proposed Registry Agreement would scrap the “sponsored” designation from .xxx, substantially reduce GoDaddy’s ICANN fees, and implement the strictest child-protection measures of any gTLD, as well as make ICANN Compliance’s job a lot easier by standardizing terms on the new gTLD program’s Base RA.

But, as eager as ICANN usually is to shift legacy, pre-2012 gTLDs to the Base RA, this time it’s published the contract for public comment as if it’s something GoDaddy is unilaterally proposing.

It’s “ICM’s proposal”, according to ICANN’s public comment announcement, referring to GoDaddy subsidiary ICM Registry, and “ICM has requested to use the Base Registry Agreement form, as well as to remove the sponsorship designation of the .XXX TLD”.

This is not the language ICANN usually uses when it publishes RA renewals for public comment. Normally, the proposed contracts are presented as the result of bilateral negotiations. In this case, ICANN and ICM have been in renewal discussions for at least three years, but the contract is being presented as something GoDaddy alone has asked for.

The new RA would remove almost all references to sponsorship and to IFFOR, the pretty much toothless “sponsor” organization ICM created to get its .xxx application over the line under the rules of the Sponsored TLD application round that kicked off back in 2003.

Instead, it loads a bunch of Public Interest Commitments, aimed at replicating some of the safeguards IFFOR oversight was supposed to provide, into the Base RA.

GoDaddy would have to ban and proactively seek out and report child sexual abuse material. It would also prohibit practices that suggest the presence of CSAM, such as the inclusion of certain unspecified keywords in .xxx domains or in the corresponding web site’s content or meta-content.

(ICANN notes that these PICs may become unenforceable, depending on the outcome of current discussions about its ability to enforce content-related terms of its contracts).

GoDaddy and IFFOR have both submitted letters arguing that sponsorship is no longer required. The existence of sister gTLDs .adult, .sex, and .porn as unsponsored gTLDs, also in the GoDaddy Registry stable, proves the extra oversight is not needed, they say. Registrants polled do not object to the changes, they say.

GoDaddy’s cost structure would also change under the new deal. Not only would it save $100,000 a year by cutting off IFFOR, but it would also inherit the Base RA’s 50,000-domain threshold for paying ICANN transaction fees.

This likely means it won’t pay the $0.25 transaction fee for a while — .xxx was at about 47,500 domains under management and shrinking at the last count. It hasn’t reported DUM over 50,000 since January 2023.

While the renewal terms may seem pragmatic and not especially unreasonable, they’ve already received at least one public objection.

Consultant Michael Palage, who was on the ICANN board for the first three years of .xxx’s agonizing eight-year path to approval, took to the mic at the ICANN 79 Public Forum earlier this month to urge the board to reject GoDaddy’s request.

Palage said there have been “material violations of the Registry Agreement” that he planned to inform ICANN Compliance about. He added that approving the new deal would set a bad precedent for all the other “community” registries ICANN has contracts with.

The situation has some things in common with the controversy over the proposed acquisition of Public Internet Registry and .org a few years ago, in that the proposal entails ignoring promises made by a registry two decades ago.

Whether .xxx will attract the same level of outrage is debatable — this deal doesn’t involve nearly as many domains and does not talk to the price registrants pay — but it could attract noise from those who believe ICANN should not throw out its principles for the sake of a quieter life.

One place we might look for comment is the Governmental Advisory Committee, which was the biggest reason .xxx took so long to get approved in the first place.

But the timing of the comment period opening is interesting, coming a week after ICANN 79 closed. It will end April 29, about six weeks before the full GAC next meets en masse, at ICANN 80.

It’s not impossible that the new contract could be approved and signed before the governments get a chance to publicly haul ICANN’s board over the coals.

GoDaddy wants to cut the bullshit from .xxx

GoDaddy Registry wants to drop a big chunk of nonsense from the contract governing its .xxx domain, some 20 years after it was applied for as a “Sponsored” gTLD.

It’s asked ICANN if it can kill off its sponsor, the International Foundation For Online Responsibility, and sign up to something closer to the Base New gTLD Registry Agreement, the contract that all new gTLDs from the 2012 application round are on.

GoDaddy’s .porn, .adult and .sex gTLDs have been on a non-sponsored contract for a decade to no complaint, though they haven’t sold nearly as many domains as .xxx.

IFFOR’s board, the IFFOR Ombudsman, and .xxx registrants polled by GoDaddy all agree that the “sponsored” classification is no longer needed, GoDaddy VP Nicolai Bezsonoff told ICANN VP Russ Weinstein (pdf).

The registry wants ICANN to put out a non-sponsored version of the .xxx contract out for public comment.

It looks like a fait accompli. GoDaddy and ICANN have been negotiating the renewal of the .xxx contract, which was due to expire in 2021, for at least three years. It’s difficult to imagine a scenario in which the two parties have not already agreed terms.

Nobody who doesn’t get paid by IFFOR will miss IFFOR. For 20 years it’s been the domain industry’s least-convincing merkin, existing entirely to give original .xxx manager ICM Registry (and then MMX, then GoDaddy, following industry consolidation) the illusion that it had community support for selling porn domains.

ICM created IFFOR when it applied for .xxx in 2003 during ICANN’s well-intentioned but poorly considered and ill-fated “sponsored TLD” round, where applicants had to show they had support from a community related to their chosen string.

Because the porn industry, particularly in the US, hated the idea of a .xxx domain — erroneously believing governments would force all porn sites into it and then shut it down — ICM was forced to pull a community out of its backside. And thence IFFOR was born.

IFFOR was designed to be a mini-ICANN. It was to have a board, policy-making committees, an ombudsman, oversight, transparency, etc. Its foundational documents (pdf), list 14 obligations, most of which were never fulfilled to any meaningful extent.

Judging by its web site, it’s never made a single policy since it was formed in 2011. But we can’t be sure, because the web site has been poorly maintained (a breach of the first of its original 14 commitments), with no board minutes published for the last six years (despite employing a full-time staffer on a $60,000 salary who, tax forms say, works 40 hours a week).

It did come up with something called a “Policy Engine” for new gTLD registries around the time of the 2012 round, but discontinued it a year later when nobody wanted it.

IFFOR, a not-for-profit registered in California, was supposed to receive $10 from ICM for every registered, resolving .xxx domain and use a portion of that to issue grants to worthy causes related to its mission — child protection, free speech, and so on.

While IFFOR did announce two $5,000 awards in 2013, its tax filings have not reported a single penny spent on grants since 2011. Nada.

IFFOR’s charter seems to have been renegotiated behind the scenes at some point, when .xxx turned out to not be quite the internet cash machine its founders had hoped for. From 2011 to 2014 it was rolling in cash — getting over $1 million from ICM in 2013 — but from 2016 it’s been receiving a flat $100,000 a year, most of which is spent on director salaries.

At around the same time, instead of issuing cash grants, IFFOR started producing an “educational program” for UK schools called AtFirstSite. Aimed at 11 to 14-year-olds, it covers topics such as sexting, dick pics and online pornography, with a clear emphasis on keeping young teens safe online.

AtFirstSite carried a price tag of £150, but the revenue lines on tax forms since 2016 suggest none were ever sold. Instead, the program was given for free to schools that asked for it and this was called a “grant”, to satisfy IFFOR’s grant-giving mandate.

The program — which consists of a PDF and a PowerPoint presentation — is now free, and can be downloaded here , if you want to bemuse an 11-year-old with a reference to Rihanna and Chris Brown’s destructive relationship, which ended before they were born.

Closing IFFOR is not going to cause anyone to lose any sleep, but it will nevertheless be interesting to see whether anyone objects to .xxx losing its “sponsored TLD” status when ICANN opens the contract to public comment.

Verisign: 1.7 million domain industry growth in Q2

The DNS grew by 1.7 million domains in the second quarter, according to Verisign’s latest Domain Name Industry Brief.

The quarter ended with 356.6 million domains across “all” TLDs, the company said. That’s up 1.7 million on the quarter and 4.3 million on the year.

I put “all” in quotes because it turns out Verisign hasn’t been including over a dozen TLDs in its calculations in previous reports.

Inexplicably, it hasn’t been counting 10 pre-2012 gTLDs — .aero, .asia, .cat, .coop, .gov, .museum, .pro, .tel, .travel and .xxx — for which zone files have been readily available for years. It’s also added six small ccTLDs to its calculations.

The upshot of this is that while a comparison with the Q1 DNIB would suggest growth of 2.6 million domains, it’s not, it’s just 1.7 million.

The report shows that both .com and .net shrunk in the quarter — 161.3 million versus 161.6 million and 13.1 million versus 13.2 million.

New gTLDs and ccTLDs were left to pick up the slack. Total ccTLD names was up 1.1 million to 137 million and total new gTLD domains was up 0.8 million to 28.1 million.

McCarthy wins Nominet director election

Kieren McCarthy, the former reporter who has spent much of his career bashing .uk registry Nominet in the pages of The Register, has been elected to its board of directors following a sometimes fractious campaign.

He won despite placing second to lawyer Jim Davies in the first round of voting, which saw CentralNic lawyer Volker Greimann eliminated. The vast majority of Greimann’s votes transferred to McCarthy in the second round. The results can be found here (pdf).

Turnout was a miserable 15.1%, almost 10 percentage points lower than it was in last year’s non-executive director election.

McCarthy is executive director of the International Foundation For Online Responsibility, the non-profit set up by .xxx registry ICM to hack around ICANN’s rules and give the illusion of legitimacy in the 2003 “sponsored” gTLD application round.

As such, he’s paid indirectly by GoDaddy, ICM’s current owner, which can’t have hurt his prospects in the election but GoDaddy says it did not vote in the election. Under Nominet’s controversial voting system, larger registrars get more votes, capped at 3% of the total.

With McCarthy standing on a platform of increased transparency, some Nominet members had pointed out the irony that IFFOR hadn’t published any board minutes in several years. He also faced criticism for using Nominet’s logo, apparently without permission, in his election mailshots.

McCarthy replaces Anne Taylor, whose three-year term is up.

GoDaddy shutters Twitter accounts after MMX deal

GoDaddy is closing down a bunch of Twitter accounts it acquired when it bought MMX last year.

The company this morning notified followers of 13 TLD-specific feeds that it will no longer post updates and that they should subscribe to @GoDaddyRegistry instead.

We will no longer be posting to this account. To all our followers, we hope you’ve found this channel helpful.

To stay informed about alternate domain extensions we will be posting related content @GoDaddyRegistry.

We can’t wait to see you there. pic.twitter.com/EBn9Nxwcjg

— .vodka (@DotVodka) August 18, 2022

Accounts such as @GetDotFishing, @JoinDotYoga and @DotWorkDomains were affected. They hadn’t posted much in a couple of years.

GoDaddy last year acquired MMX’s portfolio of .law, .abogado (“lawyer” in Spanish), .beer, .casa (“home” in Spanish), .cooking, .dds (“dentists” in American), .fashion, .fishing, .fit, .garden, .horse, .luxe, .rodeo, .surf, .vip, .vodka, .wedding, .work, .yoga, .xxx, .porn, .adult and .sex gTLDs.

Not ever gTLD had its own Twitter account.

The deal was worth about $120 million and led to MMX winding down earlier this year.

GoDaddy now making over $1 billion a quarter

It doesn’t seem like five minutes ago that GoDaddy became the first domain registrar to top $1 billion in annual revenue. It was actually 2013. Now, it’s doing that in a quarter.

The company last night reported fourth-quarter revenue of $1.02 billion, almost half of which was from domains, up from $873.9 million a year earlier.

Domains revenue was up a whopping 23.6% at $497.3 million, but this was mainly due to aftermarket sales and the registry business.

The company does not report its domains under management, growth or renewal rates in its quarterly earnings announcements.

CFO Mark McCaffrey told analysts that up to two thirds of the growth could be attributed to the aftermarket, where domains sell at premium prices, and GoDaddy “saw an uptick in both volume and average deal size”.

He also highlighted GoDaddy Registry as a key growth contributor, due to the launch in Q4 of a “reputation protection solution” that I can only assume refers to the AdultBlock service that blocks trademarks in the company’s four porn gTLDs.

GoDaddy sent out renewal notices for AdultBlock, valued at as much as $30 million, in December.

It’s not currently possible to measure the success of AdultBlock from public data sources. GoDaddy expunged the roughly 80,000 blocked .xxx domains from its zone file on December 1. Whereas they previously resolved to a registry placeholder, now they do not resolve at all.

Domains revenue for the full year was $1.81 billion, up 19.5%. Including non-domains businesses, annual revenue was $3.81 billion, up 15%.

The company had 2021 net income of $242.8 million, reversing a loss of $494.1 million in 2020.

.xxx shows up in botnet top-five TLDs for the first time

It is a truth universally acknowledged that the cheaper a TLD, the more likely it is to be abused by bad actors, and that may be what happened to .xxx in the fourth quarter.

SpamHaus listed .xxx as its fourth most-abused TLD for botnet command and control domains in its newly published Q4 statistics, a new entry on the top 20 table that raised researchers’ eyebrows.

From zero, .xxx went up to 223 C&C domains in the period, sandwiched between .ga’s 143 and .xyz’s 396, SpamHaus said. It worked out to 2.4% of .xxx’s active domains, the compamny said.

.com was of course still the runaway leader, with 3,719 C&C domains. .top came in second, with 715 domains.

SpamHaus said:

We don’t often see new TLD entries within the top five of this Botnet C&C Top 20; however, .xxx, an adult TLD, run by registry ICM, has entered at #4. With less than 10,000 active domains but a total of 223 domains associated with botnet C&C activity in Q4 we can only assume that there are problems.

It’s noteworthy because .xxx is not a cheap TLD. With wholesale prices around $60, they usually sell for around $100 a year. Botnet operators, like other types of malefactor, usually choose cheap domains for their activities.

But in 2021 .xxx was celebrating its 10th anniversary, and at least one company was offering names at a .com-equivalent $10 a year, starting in the middle of the year and extending into Q4.

While .xxx registry ICM is now owned by GoDaddy, it was still part of MMX at the time the pricing promotion began.

GoDaddy gets another year to negotiate .xxx contract

ICANN and GoDaddy seem to have missed their deadline for long-term renewal of their .xxx registry agreement for a second time.

The contract was extended earlier this week until December 15, 2022, giving the parties another full year to bash out whatever amendments are needed.

The initial deal, signed in 2011, was due to expire March 31, but was extended until today to give more time for renegotiation.

.xxx was the last gTLD approved prior to the 2012 application round, and as such it has a few differences to the standard gTLD contract.

The fee structure is particularly complicated; originally, the registry had to pay ICANN $2 per domain, to stuff ICANN’s war chest for anticipated litigation, but that has been reduced through amendments over the years.

ICANN is always keen to bring older contracts into line with the standard Registry Agreement.

The .xxx contract, like legacy gTLDs before it, will be subject to public comment before approval.

GoDaddy is currently pushing renewals for its AdultBlock trademark-protection services.

Virgin territory as GoDaddy pushes $30 million porn domain renewals

Brand owners big and small are in for a potential surprise December 1, as their 10-year-old .xxx domain blocks expire and registrars bill their customers to convert them into a new annually-renewing GoDaddy service.

GoDaddy confirmed to DI today that it will “auto-convert” the old Sunrise B blocks, first sold by ICM Registry in 2011, to its new AdultBlock service, which provides essentially the same functionality but across four TLDs rather than one.

Tony Kirsch, head of professional services at GoDaddy Registry, said:

Registrars have been contacting all the Sunrise B owners and advising them that as of December 1 they will be grandfathered and automatically converted into an AdultBlock service, but they have a choice to expire that or stop that happening prior to December 1.

And if it is that they don’t do that before December 1, we’ll still give them a grace period of at least 45 days. If that happens they can then, as you’d normally do, just turn around to the registrar and say “We don’t want that” and we will of course refund the money.

This means that GoDaddy, which acquired .xxx and ICM from MMX earlier this year, is billing its .xxx registrar partners to convert and renew what could be as many as 81,000 Sunrise B blocks.

While the registry fee for AdultBlock has not been published, retail registrars I checked have priced the service at $370 to $400 per year, which we can probably assume is low-end pricing. Most .xxx domains are sold via the specialist brand-protection registrars like CSC and Markmonitor, which sometimes have more complex pricing.

So that’s something in the ballpark of $30 million worth of renewal invoices being sent out in the coming weeks, for something in many cases brand owners may have institutionally forgot about.

Kirsch said that AdultBlock was introduced by MMX about 18 months ago and that registrars have been preparing their customers for the Sunrise B expiration for some time.

Sunrise B was a program, unprecedented in the industry at the time, whereby trademark owners could pay a one-off fee — ICM charged its registrars about $160 wholesale — to have their brands removed from the available pool.

The domains exist in the .xxx zone file and resolve to a black page bearing the words “This domain has been reserved from registration”, but they’re not registered and usable like normal defensive or sunrise registrations would be.

Companies got to avoid not only the potential embarrassment of being porn-squatted, but also the hassle of having to explain to a tabloid reporter why they “owned” the .xxx domain in question.

The term of the Sunrise B block was 10 years. ICM told me at the time that this was because the company’s initial registry contract with ICANN only lasted for 10 years, so it was legally unable to sell longer-term blocks, but I’ve never been sure how much I buy that explanation.

Regardless, that 10 year period comes to an end in two weeks.

Because Sunrise B was unprecedented, this first renewal phase is also unprecedented. We’re in virgin territory (pun, of course, very much intended) here.

Will we see the industry’s first public “block junk drop”?

There are a number of reasons to believe trademark owners, assuming they don’t just blindly pay their registrar’s invoices, would choose to allow their blocks to expire or to ask for a refund after the fact.

First, the price has gone up — a lot.

While ICM charged $160 for a 10-year Sunrise B block (maybe marked up by registrars to a few hundred bucks) brand owners can expect to pay something like $3,000 retail for a single string blocked for 10 years.

But buyers do get a bit more bang for their buck. Unlike Sunrise B, AdultBlock also blocks the trademark in three additional GoDaddy-owned TLDs — .porn, .sex and .adult — as standard.

Kirsch said he expects buyers to see a 40% to 50% saving compared to the cost of defensively registering each domain individually.

Second, the appetite for defensive registrations has waned over the past 10 years, with trademark owners employing more nuanced approaches to brand protection, largely due to the flood of new gTLDs since 2013.

When .adult, .sex and .porn launched, without the possibility of Sunrise B blocks, they got about 2,000 regular sunrise registrations each. And that’s extraordinarily high — for most new gTLDs a couple hundred was a good turnout.

Third, the .xxx launch attracted a whole lot of controversy and overreaction, and the .xxx zone file today contains a lot of Sunrise B crap.

When I scrolled a little through the zone, cherry-picking silly-looking blocks in 2019, I found these examples:

100percentwholewheatthatkidslovetoeat.xxx, 101waystoleaveagameshow.xxx, 1firstnationalmergersandacquisitions.xxx, 1stchoiceliquorsuperstore.xxx, 2bupushingalltherightbuttons.xxx, 247claimsservicethesupportyouneed30minutesguaranteed.xxx, 3pathpowerdeliverysystembypioneermagneticsinc.xxx

Is it worth $400 a year to block the trademark “100 Percent Whole Wheat That Kids Love To Eat”? Is there any real danger of a cybersquatter going after that particular brand (apart from the fact that I’ve now written about it twice)?

Kirsch said a “small percentage” of Sunrise B owners have already said they don’t want to convert, but given that the rest will auto-convert, and that the registrars are doing all the customer-facing stuff, the company has limited visibility into likely uptake.

Brian King, director of policy at MarkMonitor, told us: “We generally encourage our clients to consider blocks. They can be cost effective and a lot of times clients would rather have their brand be unavailable without having to register in TLDs where they don’t want to own domain registrations for any number of reasons.”

One reason brand owners may want to consider converting to AdultBlock — it’s rumored that GoDaddy will be relaxing its eligibility criteria for .xxx next year, removing the requirement for registrants to have a nexus to the porn industry.

It’s always been kind of a bullshit rule, basically a hack to allow ICM to run a “sponsored” TLD under ICANN’s rules from the 2003 application round, but doing away with it would potentially make it easier for cybersquatters to get their hands on .xxx domains.

CSC told customers in a recent webinar that the rules are likely to be changed next year, increasing the risk of cybersquatting.

There’s some circumstantial evidence to suggest that CSC might be on to something — pretty much every “sponsored” gTLD from the same 2003 application round as .xxx has relaxed their reg rules to some extent, sometimes when their contracts come up for renewal and ICANN tries to normalize them with the text of the standard 2012-round agreement.

And GoDaddy’s .xxx contract with ICANN is being renegotiated right now. It was due to expire in March, but it was extended in February until December 15, a little under a month from now. We may soon see ICANN open up the new text for public comment.

Kirsch, who’s not part of the negotiations, could not confirm that the eligibility relaxation is going to happen or that it’s something GoDaddy is pushing for.

If it were to happen, it wouldn’t be for some time, and it wouldn’t necessarily impact on the December 1 deadline for Sunrise B conversions, which is going to be interesting to watch in its own right.

“There are registrations that are protecting people’s trademarks that are expiring and our primary objective here is to ensure that that protection continues, and that’s what we’ll do,” GoDaddy’s Kirsch said.

“If we just let them expire, it would create a lot of opportunity for brand infringement. Faced with that choice, our primary objective is to protect trademark owners,” he said.

10 Years Ago… new gTLDs, ICANN pay, DNS abuse and ethics

The more things change, the more they stay the same.

I’ve been in a reflective mood recently, and it’s a slow news day, so I thought now might be a good time to launch a new, irregular feature — a trawl back through the DI archives to see what we were all talking about a decade ago this month.

In many respects, the conversations haven’t changed all that much in the last 10 years. Some are being repeated almost verbatim today. Others seem almost laughably naive with hindsight.

New TLDs

We were just a few months away from the opening of the first big new gTLD application window, but in October 2011 many of the rules of the program were, remarkably, still up in the air.

ICANN still hadn’t decided how much an application would cost. It had yet to decide how it would subsidize poorer applicants.

No Trademark Clearinghouse supplier had yet been found, and there was still some confusion about how the application process would work, and how it would be communicated to potential applicants.

The industry was awash with speculation, as it had been for the whole year, about who might apply for a gTLD. In October, there were stories about potential applications from New South Wales, Orange, Corsica, and BITS.

Afilias was offering $5,000 for new gTLD ideas.

But perhaps the strangest idea was a pitch from CentralNic to the super-rich. For $500,000, it would apply for your family name as a new gTLD. This came to nothing in the 2012 round, but CentralNic’s site is still live.

While new gTLDs were still in the future, October 2011 saw the ongoing sunrise period for the previous round’s .xxx, auctions following the recent launch of .co, and the creation of two new ccTLDs.

Abuse

October 2011 was marked by the registrar community reluctantly agreeing to enter talks with ICANN to renegotiate their standard Registrar Accreditation Agreement, which would ultimately lead to the current 2013 RAA.

The move came as the Governmental Advisory Committee was on the warpath on behalf of its law enforcement allies, demanding more action from the industry on DNS abuse and threatening legislation if it didn’t happen.

Imagine that.

Meanwhile, Verisign asked ICANN for more powers to take down abusive domains, which faced immediate pushback from registrars and others, before the request was retracted mere days later.

The Revolving Door

There was a lot of talk during and around ICANN 42 about conflicts of interest, particular with regards the emergence of a so-called “revolving door” between ICANN’s top brass and the domain industry.

It had been just a few months since chair Peter Dengate Thrush had, on the eve of his retirement from the board, pushed through final approval of the new gTLD program and promptly took a top job at portfolio applicant Minds + Machines.

It looked rotten, and ICANN CEO Rod Beckstrom, who had himself announced he was quitting just months earlier, had made its his personal mission to reduce at least the perception of conflicts of interest at the Org.

He ruled out being replaced by a fellow director, threw money at consultants, and said the next CEO should be an industry outsider.

It was probably all pointless.

As it turned out, the guy who replaced Beckstrom, Fadi Chehade, put in a few years in the corner office before prematurely quitting for private equity, where he now runs the company that owns Donuts, itself run by Chehade’s ICANN number two, Akram Atallah.

The amount of revolving door action at less-senior levels has been so frequent since 2011 that I don’t even keep track of it any more.

ICANN Pay

ICANN gave its top execs big pay raises. Along with death and taxes, this is a universal constant.