News and Updates

Verisign Outreach Program Remediates Billions of Name Collision Queries

Domain industry news - Fri, 2021-01-15 22:29

A name collision occurs when a user attempts to resolve a domain in one namespace, but it unexpectedly resolves in a different namespace. Name collision issues in the public global Domain Name System (DNS) cause billions of unnecessary and potentially unsafe DNS queries every day. A targeted outreach program that Verisign started in March 2020 has remediated one billion queries per day to the A and J root name servers, via 46 collision strings. After contacting several national internet service providers (ISPs), the outreach effort grew to include large search engines, social media companies, networking equipment manufacturers, national CERTs, security trust groups, commercial DNS providers, and financial institutions.

While this unilateral outreach effort resulted in significant and successful name collision remediation, it is broader DNS community engagement, education, and participation that offers the potential to address many of the remaining name collision problems. Verisign hopes its successes will encourage participation by other organizations in similar positions in the DNS community.

Verisign is proud to be the operator for two of the world's 13 authoritative root servers. Being a root server operator carries with it many operational responsibilities. Ensuring the security, stability and resiliency of the DNS requires proactive efforts so that attacks against the root name servers do not disrupt DNS resolution, as well as the monitoring of DNS resolution patterns for misconfigurations, signaling telemetry, and unexpected or unintended uses that, without closer collaboration, could have unforeseen consequences (e.g. Chromium's impact on root DNS traffic).

Monitoring may require various forms of responsible disclosure or notification to the underlying parties. Further, monitoring the root server system poses logistical challenges because any outreach and remediation programs must work at internet scale, and because root operators have no direct relationship with many of the involved entities.

Despite these challenges, Verisign has conducted several successful internet-scale outreach efforts to address various issues we have observed in the DNS.

In response to the Internet Corporation for Assigned Names and Number (ICANN) proposal to mitigate name collision risks in 2013, Verisign conducted a focused study on the collision string .CBA. Our measurement study revealed evidence of a substantial internet-connected infrastructure in Japan that relied on the non-resolution of names that end in .CBA. Verisign informed the network operator, who subsequently reconfigured some of its internal systems, resulting in an immediate decline of queries for .CBA observed at A and J root servers.

Prior to the 2018 KSK rollover, several operators of DNSSEC-validating name servers appeared to be sending out-of-date RFC 8145 signals to root name servers. To ensure the KSK rollover did not disrupt internet name resolution functions for billions of end users, Verisign augmented ICANN's outreach effort and conducted a multi-faceted technical outreach program by contacting and working with The United States Computer Emergency Readiness Team (US-CERT) and other national CERTs, industry partners, various DNS operator groups and performing direct outreach to out-of-date signalers. The ultimate success of the KSK rollover was due in large part to outreach efforts by ICANN and Verisign.

In response to the ICANN Board's request in resolutions 2017.11.02.29 — 2017.11.02.31, the ICANN Security and Stability Advisory Committee (SSAC) was asked to conduct studies, and to present data and points of view on collision strings, including specific advice on three higher risk strings: .CORP, .HOME and .MAIL. While Verisign is actively engaged in this Name Collision Analysis Project (NCAP) developed by SSAC, we are also reviving and expanding our 2012 name collision outreach efforts.

Verisign's name collision outreach program is based on the guidance we provided in several recent peer-reviewed name collision publications, which highlighted various name collision vulnerabilities and examined the root causes of leaked queries and made remediation recommendations. Verisign's program uses A and J root name server traffic data to identify high-affinity strings related to particular networks, as well as high query volume strings that are contextually associated with device manufacturers, software, or platforms. We then attempt to contact the underlying parties and assist with remediation as appropriate.

While we partially rely on direct communication channel contact information, the key enabler of our outreach efforts has been Verisign's relationships with the broader collective DNS community. Verisign's active participation in various industry organizations within the ICANN and DNS communities, such as M3AAWG, FIRST, DNS-OARC, APWG, NANOG, RIPE NCC, APNIC, and IETF1, enables us to identify and communicate with a broad and diverse set of constituents. In many cases, participants operate infrastructure involved in name collisions. In others, they are able to put us in direct contact with the appropriate parties.

Through a combination of DNS traffic analysis and publicly accessible data, as well as the rolodexes of various industry partnerships, across 2020 we were able to achieve effective outreach to the anonymized entities listed in Table 1.

Table 1. Sample of outreach efforts performed by Verisign.OrganizationQueries per Day to A & JStatusNumber of Collision Strings (TLDs)Notes / Root Cause AnalysisSearch Engine650MFixed1 stringApplication not using FQDNsTelecommunications Provider250MFixedN/APrefetching bugeCommerce Provider150MFixed25 stringsApplication not using FQDNsNetworking Manufacturer70MPending3 stringsSuffix search listCloud Provider64MFixed15 stringsSuffix search listTelecommunications Provider60MFixed2 stringsRemediated through device vendorNetworking Manufacturer45MPending2 stringsSuffix search list problem in router/modem deviceFinancial Corporation35MFixed2 stringsTypo / misconfigurationSocial Media Company30MPending9 stringsApplication not using FQDNsISP20MFixed1 stringSuffix search list problem in router/modem deviceSoftware Provider20MPending50+ stringsAcknowledged but still investigatingISP5MPending1 stringAt time of writing, still investigating but confirmed it is a router/modem device

Many of the name collision problems encountered are the result of misconfigurations and not using fully qualified domain names. After operators deploy patches to their environments, as shown in Figure 1 below, Verisign often observes an immediate and dramatic traffic decrease at A and J root name servers. Although several networking equipment vendors and ISPs acknowledge their name collision problems, the development and deployment of firmware to a large userbase will take time.

Figure 1. Daily queries for two collision strings to A and J root servers during a nine month period of time.

Cumulatively, the operators who have deployed patches constitute a reduction of one billion queries per day to A and J root servers (roughly 3% of total traffic). Although root traffic is not evenly distributed among the 13 authoritative servers, we expect a similar impact at the other 11, resulting in a system-wide reduction of approximately 6.5 billion queries per day.

As the ICANN community prepares for Subsequent Procedures (the introduction of additional new TLDs) and the SSAC NCAP continues to work to answer the ICANN Board's questions, we encourage the community to participate in our efforts to address name collisions through active outreach efforts. We believe our efforts show how outreach can have significant impact to both parties and the broader community. Verisign is committed to addressing name collision problems and will continue executing the outreach program to help minimize the attack surface exposed by name collisions and to be a responsible and hygienic root operator.

For additional information about name collisions and how to properly manage private-use TLDs, please see visit ICANN's Name Collision Resource & Information website.

  1. The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), Forum of Incident Response and Security Teams (FIRST), DNS Operations, Analysis, and Research Center (DNS-OARC), Anti-Phishing Working Group (APWG), North American Network Operators' Group (NANOG), Réseaux IP Européens Network Coordination Centre (RIPE NCC), Asia Pacific Network Information Centre (APNIC), Internet Engineering Task Force (IETF) 

Written by Matt Thomas, Distinguished Engineer at Verisign

Follow CircleID on Twitter

More under: Cybersecurity, DNS, Domain Names, ICANN, Registry Services, New TLDs

Categories: News and Updates

GoDaddy to change closeout auction pricing

Domain Name Wire - Fri, 2021-01-15 20:29

Dutch auction will start at higher prices to deter closeout sniping.

GoDaddy is changing its closeout auction pricing structure in a move that will upset some domain investors and make others happy.

When a domain name on GoDaddy’s expired auction platform doesn’t sell by the end date, it moves to closeouts. Closeouts follow a Dutch auction format in which the domain is $11 (plus renewal) on the first day and decreases by one dollar per day to $5. The domain proceeds to deletion if no one buys it by the final day.

As expired domain auctions have become more popular, bidders have refrained from bidding on domains with no other bids at GoDaddy Auctions and hoped to snap them up the moment they went into closeout. This resulted in a sort of closeout drop catching process similar to when drop catching services ping the registry when domains delete.

People with access to GoDaddy’s legacy API have been able to take advantage of this opportunity, but bidders without API access and computing power/development resources have been left out. Smaller domain investors, in particular, have felt disadvantaged.

The new pricing structure should give domain investors without special access a better opportunity to get domains in closeouts. The new pricing (effective February 1) will be:

Day 1: $50

Day 2: $40

Day 3: $30

Day 4: $11

Day 5: $5

It may seem counterintuitive that the closeouts start at more than the starting bid price of regular auctions, but the reality is that if you place an $11 bid on GoDaddy Auctions, you’re likely to see the price quickly soar above $50.

It will be interesting to see how this changes behavior.

Post link: GoDaddy to change closeout auction pricing

© 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. A simple way to make GoDaddy Closeout auctions more fair
  2. Last week’s Expired Domain Name Sales
  3. A four character domain for $16,500? Here’s why
Categories: News and Updates

This for sale lander boosted leads 47%. But how do you measure success?

Domain Name Wire - Fri, 2021-01-15 17:50

I’m curious how improved sales landers lead to more sales.

GoDaddy says the form on the right gets 47% more leads than the one on the left. Image courtesy GoDaddy.

GoDaddy introduced a new “for sale” lander a couple of months ago. After running an A/B test, it says that the new lander increased conversions 47%. It’s measuring conversion by how many people feel out the inquiry form.

This is a shocking number but got me thinking: how should we measure the success of domain landers?

Leads are great. In theory, the more leads at the top of the funnel, the greater your chance for sales.

But I’ve also heard domainers say that, if someone really wants to buy your domain, tweaks in messaging don’t matter that much. They type it in to see if it’s available, and even if your sales pitch is weak, they’ll fill out a contact form regardless.

As domain investors, all we care about is how changes impact sales, not leads.

There are some landing page features that I think could lead to more sales. An example is Squadhelp’s live chat feature. Chatting with someone immediately probably helps sales.

And Afternic has frequently stated that getting someone on the phone is the key to closing sales, which is why its landers are all about collecting information or giving people the option to call a phone number immediately.

Like many other domainers, I’d love to see GoDaddy test “buy now” landers for lower-priced domains. This would be easy to do using the new lander.

I’m open to any data that for sale landing page platforms can share about this. Email me.

Post link: This for sale lander boosted leads 47%. But how do you measure success?

© 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

No related posts.

Categories: News and Updates

Last month’s top domain name stories

Domain Name Wire - Fri, 2021-01-15 17:31

What happened in the domain industry last month.

I’m a bit tardy posting the top stories from December. Let’s just say that it’s been an eventful start to the year and I’ve gotten a bit behind.

Here are the top stories on Domain Name Wire from last month, as well as links to the DNW podcasts.

1. NameSilo finds buyer as debt payments loom – A Dutch company plans to buy NameSilo with plans to combine it with a Nigerian domain business. The company disputed my characterization that the debt payments were an issue and said it was a good financial exit.

2. How Google became a strong competitor for domain names – Great search rankings on its own search engine have helped Google Domains grab market share.

3. The scariest thing about that GoDaddy phishing test story – GoDaddy got some flack for a fake bonus email. But we should also be concerned about how many employees fell for it.

4. GoDaddy to pay up to $365 million for payments company Poynt – GoDaddy is adding payments to its puzzle in a huge acquisition. It will also put the company in stores “physically” with point of sale systems.

5. Is Chehadé why ICANN’s board is reviewing Afilias deal? ICANN’s board was probably made aware of the Afilias change of control because of its former CEO’s involvement. The deal proceeded as planned.


#318 2021 Predictions Episode – Listen

#317 2020 in Review – Listen

#316 A Sparkly conversation with Jen Sale – Listen

#315 Acquiring a killer domain – Listen

Post link: Last month’s top domain name stories

© 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

No related posts.

Categories: News and Updates

ICANN 2021 NomCom Will Fill 9 Positions

Domain industry news - Fri, 2021-01-15 17:29

As every year, at the end of ICANN's Annual General Meeting (AGM), the new Nominating Committee (NomCom) comes together to start its work. Due to the Corona pandemic, the circumstances were slightly different; however, the 2021 NomCom kicked-off end of 2020.

ICANN's Nominating Committee is charged with identifying, recruiting, and selecting nominees of the highest possible quality for key leadership positions at ICANN. The 2021 NomCom is seeking candidates for the following positions:

  • Three members of the ICANN Board of Directors
  • Three regional representatives to the At-Large Advisory Committee (ALAC) — (one each from Africa, Asia/Australia/Pacific Islands, and Latin America/Caribbean regions)
  • Two members of the Generic Names Supporting Organization (GNSO) Council
  • One member of the Country Code Names Supporting Organization (ccNSO) Council

The NomCom is an independent committee of 21 delegates, 15 of whom have voting privileges. The NomCom is designed to function independently from the Board, the Supporting Organizations, and Advisory Committees. The full cycle lasts one year and includes five main phases: preparation, recruitment of candidates, assessments of candidates, candidate selection, and NomCom reporting to the community.

The Corona pandemic will not make the job any easier, as it is inevitable that some, if not all, meetings will only be held virtually. That will make it challenging to raise awareness, get applications, and reach out to possible candidates.

The application phase will start by the end of January, and the call will be published on NomCom's website. From then on, applications can be submitted for an expected two months.

Written by Tobias Sattler, CTO / Board Member at united-domains

Follow CircleID on Twitter

More under: ICANN, Internet Governance, Policy & Regulation

Categories: News and Updates

Facebook wins dispute

Domain Name Wire - Fri, 2021-01-15 16:36

Company that used the domain tried to get through a cybersquatting dispute.

A company went after Facebook’s domain name, which it forwards to a page for Facebook Gameroom.

Facebook has successfully defended a cybersquatting dispute against its domain name

The social media company acquired the domain name in 2016 when it launched Facebook Gameroom.

My Gameroom LLC filed the dispute. It uses the domain name for its online games business. The company argued that Facebook was cybersquatting with its use of the superior domain name.

The Complainant relied on a registered trademark for My Gameroom that it filed for in 2018, and claimed common law rights dating to 2016. However, it provided scant evidence of its use in 2016.

Facebook’s lawyers said they did extensive research around the brand prior to adopting it to ensure it had no trademark issues. It also pointed out that the term “game room” is clearly descriptive.

National Arbitration Forum panelist Darryl Wilson agreed with Facebook and denied My Gameroom’s claim. He declined to find that the case was brought in abuse of the administrative proceeding, i.e. reverse domain name hijacking.

Tamara S. Pester, LLC represented My Gameroom LLC. David Taylor/Jane Seager of Hogan Lovells LLP represented Facebook.

Post link: Facebook wins dispute

© 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Pickleball cybersquatting dispute ends in kitchen violation
  2. Facebook sues domain name registrar OnlineNic
  3. HBO wins domain name in cybersquatting fight
Categories: News and Updates

Newer Cryptographic Advances for the Domain Name System: NSEC5 and Tokenized Queries

Domain industry news - Thu, 2021-01-14 23:40

This is the third in a multi-part blog series on cryptography and the Domain Name System (DNS).

In my last post, I looked at what happens when a DNS query renders a "negative" response — i.e., when a domain name doesn't exist. I then examined two cryptographic approaches to handling negative responses: NSEC and NSEC3. In this post, I will examine a third approach, NSEC5, and a related concept that protects client information, tokenized queries.

The concepts I discuss below are topics we've studied in our long-term research program as we evaluate new technologies. They do not necessarily represent Verisign's plans or position on a new product or service. Concepts developed in our research program may be subject to U.S. and international patents and patent applications.


NSEC5 is a result of research by cryptographers at Boston University and the Weizmann Institute. In this approach, which is still in an experimental stage, the endpoints are the outputs of a verifiable random function (VRF), a cryptographic primitive that has been gaining interest in recent years. NSEC5 is documented in an Internet Draft (currently expired) and in several research papers.

A VRF is like a hash function but with two important differences:

  1. In addition to a message input, a VRF has a second input, a private key. (As in public-key cryptography, there's also a corresponding public key.) No one can compute the outputs without the private key, hence the "random."
  2. A VRF has two outputs: a token and a proof. (I've adopted the term "token" for alignment with the research that I describe next. NSEC5 itself simply uses "hash.") Anyone can check that the token is correct given the proof and the public key, hence the "verifiable."

So, it's not only hard for an adversary to reverse the VRF — which is also a property the hash function has — but it's also hard for the adversary to compute the VRF in the forward direction, thus preventing dictionary attacks. And yet a relying party can still confirm that the VRF output for a given input is correct, because of the proof.

How does this work in practice? As in NSEC and NSEC3, range statements are prepared in advance and signed with the zone signing key (ZSK). With NSEC5, however, the range endpoints are two consecutive tokens.

When a domain name doesn't exist, the name server applies the VRF to the domain name to obtain a token and a proof. The name sever then returns a range statement where the token falls within the range, as well as the proof, as shown in the figure below. Note that the token values are for illustration only.

Figure 1. An example of a NSEC5 proof of non-existence based on a verifiable random function.

Because the range statement reveals only tokenized versions of other domain names in a zone, an adversary who doesn't know the private key doesn't learn any new existing domain names from the response. Indeed, to find out which domain name corresponds to one of the tokenized endpoints, the adversary would need access to the VRF itself to see if a candidate domain name has a matching hash value, which would involve an online dictionary attack. This significantly reduces disclosure risk.

The name server needs a copy of the zone's NSEC5 private key so that it can generate proofs for non-existent domain names. The ZSK itself can stay in the provisioning system. As the designers of NSEC5 have pointed out, if the NSEC5 private key does happen to be compromised, this only makes it possible to do a dictionary attack offline — not to generate signatures on new range statements, or on new positive responses.

NSEC5 is interesting from a cryptographer's perspective because it uses a less common cryptographic technique, a VRF, to achieve a design goal that was at best partially met by previous approaches. As with other new technologies, DNS operators will need to consider whether NSEC5's benefits are sufficient to justify its cost and complexity. Verisign doesn't have any plans to implement NSEC5, as we consider NSEC and NSEC3 adequate for the name servers we currently operate. However, we will continue to track NSEC5 and related developments as part of our long-term research program.

Tokenized Queries

A few years before NSEC5 was published, Verisign Labs had started some research on an opposite application of tokenization to the DNS, to protect a client's information from disclosure.

In our approach, instead of asking the resolver "What is <name>'s IP address," the client would ask "What is token 3141...'s IP address," where 3141… is the tokenization of <name>.

(More precisely, the client would specify both the token and the parent zone that the token relates to, e.g., the TLD of the domain name. Only the portion of the domain name below the parent would be obscured, just as in NSEC5. I've omitted the zone information for simplicity in this discussion.)

Suppose now that the domain name corresponding to token 3141… does exist. Then the resolver would respond with the domain name's IP address as usual, as shown in the next figure.

Figure 2. Tokenized queries.

In this case, the resolver would know that the domain name associated with the token does exist, because it would have a mapping between the token and the DNS record, i.e., the IP address. Thus, the resolver would effectively "know" the domain name as well for practical purposes. (We've developed another approach that can protect both the domain name and the DNS record from disclosure to the resolver in this case, but that's perhaps a topic for another post.)

Now, consider a domain name that doesn't exist and suppose that its token is 2718… .

In this case, the resolver would respond that the domain name doesn't exist, as usual, as shown below.

Figure 3. Non-existence with tokenized queries.

But because the domain name is tokenized and no other information about the domain name is returned, the resolver would only learn the token 2718… (and the parent zone), not the actual domain name that the client is interested in.

The resolver could potentially know that the name doesn't exist via a range statement from the parent zone, as in NSEC5.

How does the client tokenize the domain name, if it doesn't have the private key for the VRF? The name server would offer a public interface to the tokenization function. This can be done in what cryptographers call an "oblivious" VRF protocol, where the name server doesn't see the actual domain name during the protocol, yet the client still gets the token.

To keep the resolver itself from using this interface to do an online dictionary attack that matches candidate domain names with tokens, the name server could rate-limit access, or restrict it only to authorized requesters.

Additional details on this technology may be found in U.S. Patent 9,202,079B2, entitled "Privacy preserving data querying," and related patents.

It's interesting from a cryptographer's perspective that there's a way for a client to find out whether a DNS record exists, without necessarily revealing the domain name of interest. However, as before, the benefits of this new technology will be weighed against its operational cost and complexity and compared to other approaches. Because this technique focuses on client-to-resolver interactions, it's already one step removed from the name servers that Verisign currently operates, so it is not as relevant to our business today in a way it might have been when we started the research. This one will stay under our long-term tracking as well.


The examples I've shared in these last two blog posts make it clear that cryptography has the potential to bring interesting new capabilities to the DNS. While the particular examples I've shared here do not meet the criteria for our product roadmap, researching advances in cryptography and other techniques remains important because new events can sometimes change the calculus. That point will become even more evident in my next post, where I'll consider the kinds of cryptography that may be needed in the event that one or more of today's algorithms is compromised, possibly through the introduction of a quantum computer.

Read the previous posts in this six-part blog series:

  1. The Domain Name System: A Cryptographer's Perspective
  2. Cryptographic Tools for Non-Existence in the Domain Name System: NSEC and NSEC3

Written by Dr. Burt Kaliski Jr., Senior VP and Chief Technology Officer at Verisign

Follow CircleID on Twitter

More under: Cybersecurity, DNS, DNS Security, Domain Names

Categories: News and Updates

Brand Protection Beyond the "Whack-a-Mole" Approach

Domain industry news - Thu, 2021-01-14 21:36

I recently shared at a conference how a seasoned brand and fraud expert from one of the world's largest global financial institutions lamented a major attack where multiple fraudulent websites would pop up every single day. All attacks were launched from the same registrar and web hosting company, and no matter how much they reached out to these providers, they received the same reply: "we will pass on your request to the registrant or site owner," and then nothing happened. The brand and fraud specialist felt like he was playing whack-a-mole — IT WAS NEVER ENDING — and he wondered why the registrar and web host were not getting in trouble for harboring the criminal, and why there was nothing he could do.

The answer could lie in the approach taken for online brand protection and whether a company is contributing to stopping the whack-a-mole game. Traditionally, most companies employ ongoing online brand monitoring, then enforce on it. But it doesn't change the fact that this will never fundamentally change the game — the endless cycle of detection and enforcement.

In recent years, some brand owners have started doing things a little bit differently. They have started to cooperate directly with platforms, and some also conduct online-offline joint operations. While these are extremely good measures — we also encourage our clients to establish direct communication with the platforms — this may still be inadequate because the world is changing.

1. Proliferation of eCommerce during COVID-19

  • Lockdowns and social distancing guidelines have forced people to buy online in most countries. According to recent statistics, U.S. eCommerce revenue has grown by 110%, EU 69%, APAC 45%, and the rest of the world 200% YoY.
  • As the number of eCommerce platforms grow, it will be harder for brand owners to create and nurture meaningful cooperation with every platform in direct enforcement operations or programs.
  • Smaller emerging boutique eCommerce sites may not have the resources or experience to implement effective programs to protect brand owners.
  • Aside from counterfeiting issues where products are concerned, brands hold a lot of customer data. Phishing and cybersecurity breaches impact a brand's revenue and reputation and should be a concern for brands as well.

2. Deglobalisation and shifts in supply chains

  • During the pandemic, we've noticed more nations drawing boundaries and imposing internet and data privacy laws. More countries are safeguarding their national interests, protecting local supply and exports, supporting local industries, etc. This deglobalization of the world will fragment the internet. It's also reshaping the global supply chain and localizing brand infringement.
  • A lot of brand protection resources are currently focused on Mainland China, but if supply chains shift to Latin America and Southeast Asia, brand protection managers may need to rethink their strategy.

3. Growing ideology conflict

  • The EU's General Data Protection Regulation (GDPR) has caused most domain WHOIS records to be redacted, significantly reducing the ability to conduct online enforcement. The WHOIS redaction debate doesn't happen in the European parliament, but at the Internet Corporation of Assigned Names and Numbers (ICANN) — the organization responsible for coordinating the Internet ecosystem — through a process called Expedited Policy Development Process (EPDP).
  • On the one hand, human rights activists who are typically very vocal, and some governments, want to redact everything. On the other hand, law enforcement and some other government bodies wanting some disclosure. But the pro-redaction camp is winning because in the ICANN world, you also have registries, registrars, and the hosting providers — none of whom want any disclosure. A registrar has even stopped collecting any information at all.
  • But what is the sentiment of the business and IP communities, and is their voice heard where policies are made? Brand owners often ask:
    • Who is the infringer?
    • Can I get the information to prosecute?
    • How can I get the registrar to take action?
    If companies need to find out who the infringer is, get information, or even find a better way to get a registrar to take action, then they need to start paying attention to the internet policies that impact their brand protection strategies.

There are numerous internet policies that are critical in determining the success of a brand protection manager.

Take the Digital Millennium Copyright Act (DMCA), for example. It established that "online service providers" are not accountable for infringements using its service (if certain conditions are met, i.e., safe harbor). As a result, while many registrars claim that they have no access or control over the content, therefore, they're not obliged to take action, many ISPs will simply reply that they have passed on the complaint message, as they are not held liable. However, some newer copyright regulations, such as the EU Digital Single Market copyright directive, and some new laws in China, may mitigate the issue of platforms not being held accountable.

Some internet policies have a global reach, such as the Rights Protection Mechanisms currently in revision at ICANN. Some policies are local in nature, such as the UK IP Protection Pilot Program that allows providers such as CSC to use a different method for infringement takedowns.

Some internet policies are not intended to be internet policies but can impact and change the landscape of how the online world works. For example, China's Anti-Monopoly Rule may allow boutique eCommerce platforms to thrive in China, which in turn will change how you should conduct online brand protection.

It's important the business community acts together to influence the development of these policies at various levels.

In conclusion, I have three recommendations for brand owners:

  1. Continue to do the basics — monitoring, enforcement, and developing platform relationships involving three-way partnerships among brand stakeholders), brand protection provider (as the workload is going to be heavier with more emerging platforms), and platforms.
  2. Start paying attention and play an active role in internet policy development; there are numerous forums for enterprise engagement.
  3. Think security and think of brand protection beyond just anti-counterfeit. Data is king; brand protection also means anti-fraud, anti-phishing, protecting the brand on social media, app store, and stand-alone websites.

Written by Alban Kwan, East Asia Regional Director at CSC

Follow CircleID on Twitter

More under: Cybersecurity, Domain Management, Domain Names, ICANN, Brand Protection, Whois

Categories: News and Updates has strong month for aftermarket domain sales

Domain Name Wire - Thu, 2021-01-14 16:24

The company’s auction services had a great end to the year. Here’s what sold.’s aftermarket platforms NameJet and SnapNames combined to deliver 128 sales of $2,000 or more last month. That totaled over $700,000, making it a strong month for higher-dollar sales on the platforms. The platforms sold 33% more $2k+ domains in December than in November and the average selling price was 32% higher.

Here are some of the sales that popped out to me: $35,001 – This term means activity, or to exercise. $25,388 – The domain is now in the hands of the e-commerce logistics company that uses $25,000 – It’s a common word, and we can all spell it. But I’m curious what readers think about the spelling test. If you were to tell someone your business was at, do you think they’d understand what you just said? The buyer has it listed for $85,000. $23,000 – I wasn’t sure if this was a typo at first. Fiancee is the feminine version of Fiance in French. $6,538 – Such a great domain for anything theater-related. There are some companies in the space that already use “curtain call” in their names and domains. $4,999 – The 1990s called and it wants its domain back. $3,500 – I like this as a financial name. $2,638 – A nice common two-word phrase. $2,600 – How much more valuable would the singular version be?

Here’s a full list of sales $2,000 or more:

DOMAINNAMESITETYPESALES AMOUNT huodong.comNamejetDeleting35001 wonderment.comNamejetExpiring25388 goldcurrency.comNamejetExpiring25166 width.comNamejetExpiry25000 fiancee.comNamejetExpiring23000 covcare.comNamejetExpiring16756 derms.comNamejetExpiring16621 firstmark.comNamejetExpiring16602 learnnc.orgSnapNamesExpiring16505 guhantai.comSnapNamesDeleting14523 esourceresearch.orgNamejetExpiring14000 henryjames.comNamejetExpiring12500 megawin.comNamejetExpiring11611 i-cias.comNamejetExpiring11027 luminescence.comNamejetExpiry9138 snuggles.comNamejetExpiry8888 propertyvaluation.comSnapNamesExpiring8820 bendover.comNamejetExpiring8500 lietaer.comNamejetExpiring7750 eventa.comSnapNamesExpiring7502 ezio.comNamejetExpiry7350 homeparty.comSnapNamesDeleting7306 fundsnetservices.comNamejetExpiring7251 customshirt.comNamejetExpiring6808 buildingbrands.comNamejetExpiring6722 ayoub.comNamejetExpiring6666 dicai.comSnapNamesDeleting6579 curtaincall.comNamejetDeleting6538 nivia.comNamejetExpiring6099 climatiseurs.comNamejetExpiring6088 toolbox.ioNamejetDeleting5808 onlineeducation.orgNamejetExpiring5800 wovo.orgNamejetExpiring5750 allusa.comNamejetExpiring5549 chinadream.comNamejetDeleting5506 adoptioninstitute.orgSnapNamesExpiring5472 quill.ioNamejetDeleting5349 bandwidthcontroller.comSnapNamesExpiring5251 vermonthomes.comNamejetExpiring5105 carecompare.comNamejetExpiring5099 yourworkforcecenter.comSnapNamesExpiring5056 beepers.comNamejetDirect Lister4999 thearchive.comSnapNamesExpiring4810 june29.comNamejetExpiring4600 usafishing.comNamejetExpiring4600 autofinancial.comNamejetDeleting4544 mediashare.comNamejetDeleting4500 personale.comNamejetDeleting4499 sparkchange.comNamejetDeleting4477 liquidsky.comNamejetExpiring4400 vitam.comNamejetDeleting4231 superlatives.comNamejetExpiring4222 seabuckthorn.comNamejetDeleting4202 betslip.comSnapNamesDeleting4166 commentators.comNamejetDeleting4089 braza.comNamejetExpiring4062 umbrella.ioSnapNamesDeleting3933 madis.comNamejetExpiring3915 unident.comNamejetExpiring3906 hcad.comSnapNamesExpiring3829 liveball.comNamejetExpiring3821 everydaypet.comSnapNamesExpiring3595 uniquetouch.comNamejetExpiring3523 outofpocket.comNamejetExpiring3500 smyl.comSnapNamesExpiring3500 insightful.ioSnapNamesDeleting3434 inav.comNamejetExpiring3433 corestrength.comNamejetDeleting3412 floorlamps.comNamejetExpiring3336 inmet.comNamejetExpiring3310 teamdata.comNamejetDeleting3306 cafedeluxe.comNamejetExpiring3300 refresheverything.comSnapNamesDeleting3260 heron.ioSnapNamesDeleting3208 binarytrade.comNamejetDeleting3188 meec.comNamejetExpiring3125 facemodel.comNamejetDeleting3120 valais.comSnapNamesDeleting3000 vx.ioNamejetDeleting2988 wannatalk.comSnapNamesDeleting2956 bestcontractors.comNamejetExpiring2902 naturalsupplement.comNamejetExpiring2892 rapport.ioNamejetDeleting2888 alazhar.comNamejetExpiring2723 sail.ioSnapNamesDeleting2656 thewatchstore.comNamejetExpiring2655 mydiem.comSnapNamesDeleting2655 magicformula.comNamejetExpiry2638 compatability.comNamejetExpiring2606 proceed.ioNamejetDeleting2601 megaphones.comNamejetExpiry2600 stmarksbookshop.comNamejetExpiring2600 kinderstart.comSnapNamesExpiring2600 zenica.comNamejetExpiring2555 toysnjoys.comNamejetDirect Lister2550 polp.comNamejetDirect Lister2501 fisma.comNamejetExpiry2500 itzone.comSnapNamesExpiring2480 ucsf-ahp.orgNamejetExpiring2450 accessnewage.comSnapNamesExpiring2450 gummy.ioNamejetDeleting2449 powerful.netNamejetExpiring2383 structuredsettlements.orgSnapNamesExpiring2350 kevincostner.comSnapNamesExpiring2279 premise.ioSnapNamesDeleting2257 noche.orgSnapNamesExpiring2251 angle.netNamejetExpiring2220 marinesystems.comNamejetExpiring2206 abclife.comNamejetExpiring2201 kempersnowboards.comSnapNamesExpiring2195 partyamerica.comNamejetExpiring2138 detail.ioNamejetDeleting2100 wellcon.comNamejetDeleting2100 motherindia.comNamejetExpiring2070 berlin.ioSnapNamesDeleting2069 lexicorient.comNamejetExpiring2061 look3.orgNamejetExpiring2055 wardy.comNamejetDeleting2052 i-luv.comNamejetExpiring2051 modernsilver.comNamejetExpiring2050 educationarena.comSnapNamesDeleting2050 eselling.comNamejetExpiring2042 bingochips.comNamejetExpiry2000 paymentswallet.comNamejetExpiry2000 ellettbrothers.comNamejetExpiring2000 ibmag.comNamejetExpiring2000 actionmarketing.comSnapNamesExpiring2000 mcbridelaw.comSnapNamesExpiring2000

Post link: has strong month for aftermarket domain sales

© 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Expired Domain Report: Total Number Domination!
  2. Expired Domain Name Report (It’s a big one)
  3. Expired Domain Report – NamesCon edition
Categories: News and Updates

A dragon with a “cart” head and its implication for domain investment

Domain Name Wire - Thu, 2021-01-14 14:29

China may rule e-commerce.

I was reading news the other day and was intrigued by a picture posted on It reveals a dragon rearing its head, which is not of the usual kind but a shopping cart.

The article says that “it is in China, not the West, where the future of e-commerce is being staked out.” Certainly, Chinese internet retailers have brought out many innovations in recent years, such as live commerce, where celebrity-driven programs livestream content to sell products.

If Chinese e-commerce operators will have a great impact on both China and the rest of the world, I suppose their domain preference will also influence others in the business world too. So, I decided to dive deeper and found “2020 Hurun Top 10 Ecommerce Enterprises in China” (2020胡润中国10强电商) published by the well-acclaimed Hurun Research Institute.

Then, I used Baidu to find the corporate domains used by them. The result is shown below.

Rank Chinese English Domain 1 阿里巴巴 Alibaba 2 美团 Meituan 3 京东 Jing Dong 4 拼多多 Pinduoduo 5 滴滴出行 Didi 6 携程 Ctrip 7 唯品会 Vipshop 8 苏宁 Suning 9 车好多 CARS (Che Hao Duo) 19 每日优鲜 MissFresh

So, what is the implication for domain investment? Simply put, .com is the main stage and English-based domains are fine in China. Note that the top 9 companies on the list not only own .com domains but actually use them within China. China is like the USA in that .com domains are widely used within the country, rather than the country code domain.

Also, “short” is good. This is shown in the case of Jing Dong (owns but uses and Vipshop (owns but uses By the same token, we can guess that Pinduoduo may upgrade to the shorter (after all, the company is already referred to as “PDD” in some news).

Note that most of the listed domains are brand-matching. What does it mean? For example, Jack Ma’s company is called Alibaba Group Holding, but most people remember it as “Alibaba.” Therefore, its brand is “Alibaba,” and so the brand-matching domain is but not or Of course, the acronym version is also acceptable.

Didi is the ride-sharing giant that defeated Uber China and acquired it in 2016. However, its corporate domain is but not the brand-matching

CARS (Che Hao Duo) is using its group domain I speculate that the used car marketplace operator may, if they can, upgrade to (developed, so unlikely), (apparently undeveloped), or simply (not used yet).

MissFresh may want to talk to Canada-based Cook It at because the meal kit service provider owns, which is not used currently.

In short, there are many opportunities to sell domains to corporate China. If you own a domain that lies in the upgrade path of a well-funded Chinese company, then your domain is very valuable. End user research is key. It has already helped me discover the great potential of,,, and

Post link: A dragon with a “cart” head and its implication for domain investment

© 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. How to sell domains to China
  2. Reviewing 4-character domains sold in January
  3. Three steps to Chinese end user research
Categories: News and Updates

More Warning Shots for ICANN, or the End of the Road?

Domain industry news - Thu, 2021-01-14 13:57

Last fall, I wrote about ICANN's failed effort to achieve its goal of preserving the Whois domain name registration directory to the fullest extent possible. I predicted that if the policy effort failed, governments would take up the legislative pen in order to fulfill the long-ignored needs of those combating domain name system harms. That forecast has now come true through significant regulatory actions in the United States and the European Union in the form of a proposed directive from the European Commission (EC) and instruction from the US Congress to the National Telecommunications and Information Administration (NTIA).

ICANN Org now faces a stark choice: recoil and be a standby witness to what unfolds, or recognize that these further shots across its bow require it to boldly act. This means replacing the weak expedited policy development process (EPDP) team proposals and related implementation with robust requirements that track the EU's proposed 2.0 version of its Directive on Security of Network and Information Systems ("NIS2 Directive"), redirecting community efforts toward a centralized global access model for Whois that so many have been asking ICANN to develop, and revamping the accuracy requirements for Whois.

The alternative is that ICANN will find itself in the back seat in terms of who really gets to make Whois policy.

Regulatory Action in the European Union Requires ICANN to Revamp its Whois Policies

The developments have come quickly on both sides of the Atlantic.

Starting in Europe, the EC, following a re-examination of critical components of the General Data Protection Regulation (GDPR), now demands continued public access to Whois through a portion of the proposed NIS2 Directive. Specifically, the NIS2 Directive confirms the validity of the Whois database for legitimate purposes, ensures the ongoing collection of data, and mandates its accuracy.

The proposed directive further contains a very detailed set of instructions that deal almost exclusively with the areas of ICANN policymaking failure. In fact, it demands action in the areas all but ignored by the EPDP team output but flagged by the broader ICANN community as woefully inadequate. Specifically:

  • Ongoing collection of data by registries (such as .com and .net) and registrars;
  • Preventing inaccurate records;
  • Distinction between legal and natural persons; and
  • Efficient provision of data for legitimate requests (including service level agreements).

The directive prescribes, in particular, that registries and registrars publish non-personal registration data and provide expeditious access for legitimate purposes.

It's clear that these legislative proposals are intended to resolve the problems created by misapplication of the GDPR by the ICANN community.

US Authorities Recognize the Inadequacy of ICANN's WHOIS Proposals.

In the United States, end-of-year congressional action brought similar emphasis on Whois.

Specifically, as part of a governmental funding bill, US lawmakers set their sights on fixing the Whois issue, at least in their jurisdiction. Providing reasoning for their requests in a joint explanatory statement, members of Congress tell the NTIA (which sends the US representative to ICANN's Governmental Advisory Committee) how they expect them to act in exchange for departmental funding — namely, NTIA is directed to work with the GAC to expedite a Whois access model, and is encouraged to require US-based registries and registrars to collect and make public accurate registration data.

ICANN observer Greg Thomas, in a recent blog posting, reinforces the importance and possible impact of this congressional language, writing:

With this report language, Congress is clearly signaling that it is running out of patience with the lack of a mechanism for law enforcement, IP owners and others needing access to registrant identifier information for legitimate purposes such as criminal investigations and protecting rights online.

Even the author of ICANN's blog post, compliance chief Jamie Hedlund, acknowledges that Congress may look to more aggressive measures if the community can't produce more effectively than it has. Lack of a credible access model from ICANN means that NTIA will have a hard time defending the ICANN model before Congress when it's time to decide who ultimately makes domain name policy.

Thus far, ICANN Org has not yet taken this move from Congress as a positive and empowering call to action but has instead made an attempt to explain away at least part of this request, saying that the word encouraged is aspirational and not a mandate in terms of what might be required of registries and registrars. It's wishful thinking on ICANN's part. However, ICANN Org would be wise not to bank on semantics in the face of growing governmental frustration from both the US and Europe, which may lead to even stricter regulatory requirements should ICANN ignore these warnings.

A Course Correction Is Needed to Prevent Additional Regulatory Action

ICANN and its policymaking apparatus very much need a course correction on the issue of Whois. "Sooner or later" seems to be finally here, as the warning shots are beginning to look increasingly like governments taking up pen in very specific ways that will direct Whois policy.

This leaves the ICANN Board with no option other than to clearly reject the currently proposed access model — it's wholly insufficient, anyway — and direct ICANN Org to cease implementation on EPDP team recommendations while it better understands the potential impact of these EC and US Congressional developments. Doing otherwise is to blindly careen down paths that likely lead to conflict with US and EC directives on Whois, and further stretches an already stressed and exhausted ICANN community.

Written by Fabricio Vayra, Partner at Perkins Coie LLP

Follow CircleID on Twitter

More under: Domain Names, ICANN, Internet Governance, Policy & Regulation, Whois

Categories: News and Updates

Mike Mann Recaps His 30-Year Career as a Domain Industry Pioneer in New Video Interview

DN Journal - Wed, 2021-01-13 22:19
Here's the story of how a 15-year-old runaway became an internet entrepreneur who has made millions of dollars and raised millions more for charity.
Categories: News and Updates

Cryptographic Tools for Non-Existence in the Domain Name System: NSEC and NSEC3

Domain industry news - Wed, 2021-01-13 21:51

This is the second in a multi-part blog series on cryptography and the Domain Name System (DNS).

In my previous post, I described the first broad scale deployment of cryptography in the DNS, known as the Domain Name System Security Extensions (DNSSEC). I described how a name server can enable a requester to validate the correctness of a "positive" response to a query — when a queried domain name exists — by adding a digital signature to the DNS response returned.

The designers of DNSSEC, as well as academic researchers, have separately considered the answer of "negative" responses — when the domain name doesn't exist. In this case, as I'll explain, responding with a signed "does not exist" is not the best design. This makes the non-existence case interesting from a cryptographer's perspective as well.

Initial Attempts

Consider a domain name like that doesn't exist.

If it did exist, then as I described in my previous post, the second-level domain (SLD) server for would return a response signed by's zone signing key (ZSK).

So a first try for the case that the domain name doesn't exist is for the SLD server to return the response " doesn't exist," signed by's ZSK.

However, if doesn't exist, then won't have either an SLD server or a ZSK to sign with. So, this approach won't work.

A second try is for the parent name server — the .arpa top-level domain (TLD) server in the example — to return the response " doesn't exist," signed by the parent's ZSK.

This could work if the .arpa DNS server knows the ZSK for .arpa. However, for security and performance reasons, the design preference for DNSSEC has been to keep private keys offline, within the zone's provisioning system.

The provisioning system can precompute statements about domain names that do exist — but not about every possible individual domain name that doesn't exist. So, this won't work either, at least not for the servers that keep their private keys offline.

The third try is the design that DNSSEC settled on. The parent name server returns a "range statement," previously signed with the ZSK, that states that there are no domain names in an ordered sequence between two "endpoints" where the endpoints depend on domain names that do exist. The range statements can therefore be signed offline, and yet the name server can still choose an appropriate signed response to return, based on the (non-existent) domain name in the query.

The DNS community has considered several approaches to constructing range statements, and they have varying cryptographic properties. Below I've described two such approaches. For simplicity, I've focused just on the basics in the discussion that follows. The astute reader will recognize that there are many more details involved both in the specification and the implementation of these techniques.


The first approach, called NSEC, involved no additional cryptography beyond the DNSSEC signature on the range statement. In NSEC, the endpoints are actual domain names that exist. NSEC stands for "Next Secure," referring to the fact that the second endpoint in the range is the "next" existing domain name following the first endpoint.

The NSEC resource record is documented in one of the original DNSSEC specifications, RFC4033, which was co-authored by Verisign.

The .arpa zone implements NSEC. When the .arpa server receives the request "What is the IP address of," it returns the response "There are no names between and" This exchange is shown in the figure below and is analyzed in the associated DNSviz graph. (The response is accurate as of the writing of this post; it could be different in the future if names were added to or removed from the .arpa zone.)

NSEC has a side effect: responses immediately reveal unqueried domain names in the zone. Depending on the sensitivity of the zone, this may be undesirable from the perspective of the minimum disclosure principle.

Figure 1. An example of a NSEC proof of non-existence (as of the writing of this post).


A second approach, called NSEC3 reduces the disclosure risk somewhat by defining the endpoints as hashes of existing domain names. (NSEC3 is documented in RFC 5155, which was also co-authored by Verisign.)

An example of NSEC3 can be seen with, another domain that doesn't exist. Here, the .name TLD server returns a range statement that "There are no domain names with hashes between 5SU9… and 5T48...". Because the hash of is "5SVV..." the response implies that "" doesn't exist.

This statement is shown in the figure below and in another DNSviz graph. (As above, the actual response could change if the .name zone changes.)

Figure 2. An example of a NSEC3 proof of non-existence based on a hash function (as of the writing of this post).

To find out which domain name corresponds to one of the hashed endpoints, an adversary would have to do a trial-and-error or "dictionary" attack across multiple guesses of domain names, to see if any has a matching hash value. Such a search could be performed "offline," i.e., without further interaction with the name server, which is why the disclosure risk is only somewhat reduced.

NSEC and NSEC3 are mutually exclusive. Nearly all TLDs, including all TLDs operated by Verisign, implement NSEC3. In addition to .arpa, the root zone also implements NSEC.

In my next post, I'll describe NSEC5, an approach still in the experimental stage, that replaces the hash function in NSEC3 with a verifiable random function (VRF) to protect against offline dictionary attacks. I'll also share some research Verisign Labs has done on a complementary approach that helps protect a client's queries for non-existent domain names from disclosure.

Read the first post in this six-part blog series:
The Domain Name System: A Cryptographer’s Perspective

Written by Dr. Burt Kaliski Jr., Senior VP and Chief Technology Officer at Verisign

Follow CircleID on Twitter

More under: Cybersecurity, DNS, DNS Security, Domain Names, Internet Protocol

Categories: News and Updates

14 end user domain sales up to £55,000

Domain Name Wire - Wed, 2021-01-13 16:24

A musical instrument seller, a ladder manufacturer, and an organic garden supplies retailer bought domain names.

I admit that I had to look it up. But face yoga is an actual thing. Face yoga consists of exercises designed to make your facial skin look younger. A business launching an app to help people with face yoga plunked down £55,000 to acquire at Sedo this past week.

It was one of fourteen end user domain name sales I uncovered. Here are the end user sales (you can view previous lists like this here). £55,000 – The buyer has a “coming soon” sign posted along with information about a new face yoga app that will offer customized face yoga exercise programs. £23,550 – HostGrid is a web hosting and domain name provider. $8,000 – Front Systems is a Norwegian software company that produces iPad point of sale retail software. It currently uses for its website. $6,001 – Forwards to, an international e-commerce site for musical instruments and accessories. $5,000 – GN Audio A/S bought this domain. It’s an audio solutions technology firm based in Denmark. The publicly-traded company uses the domain name for its corporate site. $5,000 – Tricam Industries, manufacturer of garden wagons and carts, step stools and ladders, and other outdoor recreational products, bought this domain name. The company makes the Gorilla brand of ladders. $3,500 – Roam provides a location SDK for enabling location-aware apps. €3,497 – Forwards to, an online organic garden supplies retailer. It sells items such as organic fertilizer, soil and raised beds. $3,200 – Spanish liquor company Bodegas Williams & Humbert bought this domain name. It sells a rum under the name Dos Maderas. $2,500- This is a science fair project resource site with information and support provided by two career scientists. $2,499 – CPG Holdings owns the popular website and The VPN Detective. €2,300 – UST Global Inc., a technology consultancy firm with offices in India and California, bought this domain name. $2,000 – A new offering that gives people cloud service market insights. It enables businesses to plan cloud solutions and compare prices and provider options. It got a great deal on this domain. €2,000 – Prestige is a German wholesale retailer of windows, entrance doors, roller shutters, garage doors and accessories.

Post link: 14 end user domain sales up to £55,000

© 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Last week’s end user domain name sales
  2. What domain names Cox Media, Steinway and other end users bought last week
  3. End user domain name sales, including one by a $25 billion company
Categories: News and Updates

Guide to domain investing for the Chinese market

Domain Name Wire - Wed, 2021-01-13 14:04

Kassey Lee provides this great overview of how to invest for the Chinese market.

I often receive the same kind of questions from readers, such as how to sell to China and where to list domains. So, I have decided to write this guide with links to specific articles covering various aspects of the China domain market.

Big picture first. China is the largest digital economy driven by 900 million savvy digital consumers. Domains are the foundation of any digital economy and a large digital economy offers massive growth for domains. Read “New data explains the Chinese domain name market” to understand the big picture and also find out which extensions are popular in China.

Corporate China is truly different from the rest of the world. .Com used in China rivals that of the USA. In fact, .com is the first choice and some companies just own the .com without the matching .cn domain. So, if you want to sell to China, you need to look at .com domains. Read “China loves .com“.

What is the implication for domain acquisition if over 60% of digital consumers in China visit a website directly? This means Chinese companies are looking for easy-to-remember domains for their websites. Read “Direct visits driving demand for domains in China (update)“.

Internet companies are the new leader in the business world, so by studying the top internet companies in China, you can understand what types of domains corporate China wants to buy. The article “What domains do Chinese internet companies want to buy?” lists the top 100 internet companies and their corporate domains.

How do you sell domains to China? If you have domains in the 6 figures or higher price ranges, you can just hire a China-based domain broker. However, if you are like me, and the majority of domain investors holding domains of average quality, there is an easy way to avoid the language and payment issues: use an MLS (multiple listing service) provider. Read “How to sell domains to China“.

How do you find end users in China? Even if you don’t read Chinese, you can use the methods described in “Three steps to Chinese end user research” to find end users for your domain. You can then contact them using contact email addresses found in “7 ways to find contact email addresses for Chinese companies“.

Finally, remember that you can use Google Translate or similar translation services to help you communicate with Chinese buyers.

Post link: Guide to domain investing for the Chinese market

© 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Direct visits driving demand for domains in China
  2. Single letter domains in China
  3. China has 21 of top 50 global sites based on Alexa Rank
Categories: News and Updates

Latest .com ranking has some surprises

Domain Name Wire - Tue, 2021-01-12 20:07

Two registrars posted big gains in September.

ICANN has published the latest official data from Verisign (NASDAQ: VRSN) about the .com namespace. This registrar-by-registrar report covers September 2020.

There were a couple of surprises in the monthly numbers. Perhaps they are anomalies. First, Hosting Concepts/OpenProvider had a surge in one-year .com registrations, placing it in the top ten. Second, United Internet’s PSI brand posted a surge that doubled the overall company’s .com registrations compared to the prior month.

CentralNic’s brands continue to grow, and I’ll add them as a combined entity starting next month.

Here’s how registrars did in terms of new .com registrations in September:

1.* (NYSE: GDDY) 914,038 (970,570 in August)
2. Namecheap Inc. 284,154 (276,557)
3. Tucows** (NASDAQ:TCX) 231,791 (245,360)
4. Endurance+ (NASDAQ: EIGI) 178,499 (199,710)
5. Google Inc. (NASDAQ: GOOGL) 157,453 (168,619)
6. Alibaba (HiChina) 155,926 (221,686)
7. United Internet^ 142,553 (70,580)
8. Hosting Concepts B.V. d/b/a Openprovider 101,645
9. Wix (NASDAQ: WIX) 97,021 (108,029)
10. NameSilo (CSE:URL) 71,291 (68,308)

Here’s the leaderboard of the top registrars in terms of total .com registrations under management as of the end of September 2020.

1. GoDaddy* 54,450,745 (54,215,433 in August)
2. Tucows** 12,963,637 (12,930,920)
3. Endurance+ 7,232,301 (7,183,871)
4. 7,066,244 (7,041,224)
5. Namecheap 6,516,860 (6,338,718)
6. Alibaba 5,947,947 (5,962,510)
7. United Internet^ 5,639,402 (5,554,345)
8. Google 3,924,273 (3,846,200)
9. Xin Net Technology Corporation 2,244,819 (2,539,828)
10. GMO 2,191,732 (2,212,268)

Many domain companies have multiple accreditations and I’ve tried to capture the largest ones. See the notes below.

* Includes GoDaddy, Wild West Domains, Uniregistry and 123 Reg
** Includes Tucows, Enom, Ascio and EPAG
+ Includes PDR,, FastDomain and Bigrock. There are other Endurance registrars, but these are the biggest.
++ Includes Network Solutions,, and Crazy Domains/Dreamscape
^ Includes 1&1, PSI, Cronon, United-Domains, Arsys and world4you

Post link: Latest .com ranking has some surprises

© 2021. This is copyrighted content. Domain Name Wire full-text RSS feeds are made available for personal use only, and may not be published on any site without permission. If you see this message on a website, contact editor (at) Latest domain news at Domain Name Wire.

Related posts:
  1. Top .Com domain name registrars
  2. A strong month for .Com
  3. Top ten domain name registrars, ranked by .com
Categories: News and Updates

Can We Control the Digital Platforms?

Domain industry news - Tue, 2021-01-12 19:17

The digital market has matured over the last 20 years, and it is no longer an excuse for governments to do nothing with the aim to let new markets and innovations emerge without immediate regulatory oversight.

It has become clear this period is now well and truly over. The European Commission has already launched several lawsuits against the digital giants. Regulation, in general, is known as "ex-post" (after the deed has been done). This is set to change, as I will explain later.

My colleague Scott Marcus from the economic think tank Bruegel based in Brussel participated in a very interesting discussion on this topic. I will tap into their information in my article.

The digital platforms that have emerged are successful because they are very big, indeed. They make their business sector different from others as the digital sector can grow very big quickly without requiring massive investments. Compare this, for example, with other global sectors such as the car or airline industry. Furthermore, the digital giants operate across traditional industry sectors, and as gatekeepers, they have a massive impact on the overall economy.

Just splitting the digital giants up, the European Union argues, would take away the universal services that are available over these platforms. Consumers would be confused and no longer interested if there were dozens and dozens of such services with the need to achieve a similar service outcome. It is like telecoms, electricity, and water — the fact that these services are ubiquitous makes them so successful.

As governments now have a good idea about the pros and cons of these platforms, it becomes possible to look at how to best regulate them to avoid the range of illegal and harmful activities that are being conducted over these platforms.

It is rather useless if all 200+ governments around the globe start issuing their own regulations. Australia's attempt to just address one aspect of it, getting the platforms to compensate the local press, is clearly not the best way forward. Firstly, it only addresses one small issue, and secondly, they are doing this as one of the 200 governments.

It makes far more sense to start looking at these digital giants more strategically and, at the same time, see if this can be done in a more unified way across nations.

The EU is trying to do this. They already took the lead in the General Data Protection Regulation (GDPR), which has now been adopted widely across the globe. This time, they have introduced two Acts aimed at stopping illegal activities over these platforms, requiring the giants to come up with measures to stop harmful content and at the same time to open the platforms so competition will be made possible on top of them. The European Commission has now proposed two legislative initiatives: the Digital Services Act (DSA) and the Digital Markets Act (DMA).

The DSA and DMA have two main goals:

  • to create a safer digital space in which the fundamental rights of all users of digital services are protected; and
  • to establish a level playing field to foster innovation, growth and competitiveness, both in the European Single Market and globally.

This is aimed at the platform gatekeepers and only at the large ones, which are measured by several parameters, a key one being that they provide services to at least ten percent of the European Union citizens (an average of 45 million users monthly).

While it looks certain that these Acts will indeed be put into law, this could easily take one or two years and will include one of the most serious lobbying activities ever seen in Europe — the stakes are enormous, and the giants are very powerful.

Key elements in the Acts are that they are ex-ante; they will have to be implemented beforehand instead of action being judged afterward. The reason for this way of regulating the gatekeepers is that as they wield great powers, they also must accept great responsibility, which means that they have obligations.

Because of the complexity and the proprietary nature of these platforms, governments have very little insight into the illegal activities taking place on them. For that purpose, the Acts will force the gatekeepers to be more transparent. In relation to harmful content, the Acts opt for co-regulation. They will ask the gatekeepers how they will address these issues and will require them to provide half-yearly or yearly reports on their progress.

On the competition side, the Acts requires the gatekeepers to open their platforms. The issues have been divided into a blacklist and a whitelist.

The blacklist requires them to:

  • not use data from businesses who use the platform to compete with them;
  • not self-preference their own services; and
  • not use their strong market position over their competitors.

On the whitelist side, gatekeepers should allow third parties to integrate their systems with their own ones and allow businesses to export data related to their own services from the platform. As competing with the giants currently is close to impossible, interoperability would allow for more competition over the platform.

A key element now will be to start a dialogue with the new U.S. Administration to come up with an overall policy. The platforms are a great addition to our society and our economy, but at the same time, we need far more transparency, interoperability and the ability to compete on top of these platforms. Will this undermine the economic viability of these large platforms; are they moving into utility territory?

I am looking forward to the discussions that are going to take place. If we combine our brainpower, we can surely come up with better outcomes. So, interesting times ahead. It is great to see Europe taking the lead in the thinking process behind this as they have nothing to lose, unlike the USA and increasingly China, where these platforms reside. This is a delicate situation with different national interests. Can industry and government come up with mature and good solutions? Yes, they can, but are we willing to do it?

Written by Paul Budde, Managing Director of Paul Budde Communication

Follow CircleID on Twitter

More under: Internet Governance, Policy & Regulation, Web

Categories: News and Updates

Digital in 2021 – Five Predictions for Brand Protection

Domain industry news - Tue, 2021-01-12 18:51

While smartphones were an integral part of our lives before 2020, now, as a result of the changes associated with COVID, our mobile devices are virtually "super-glued" to our hands. The worldwide pandemic has heavily influenced our lives. Based on our past experiences with digital brand protection and the trends we're currently seeing, we've made five predictions regarding the future of internet usage in 2021.


1. 2021 will see faster adoption of digital communications and collaboration software at work and at home.

For almost everyone, text, video calls, and web conferences replaced in-person meetings, classes, and almost every formerly personal interaction.  Furthermore, the collaboration feature sets of Microsoft Office, Google Docs, Asana, and other productivity tools augmented by web meeting software, including Zoom, Google Meet, and Webex allow us to share creative processes and manage complex workflows. These feature sets are especially valuable in meeting the challenges posed by distributed workforces. As these technologies become even richer and more mobile accessible, we'll use them more because they'll be super-charged by high-speed connectivity enabled by 5G. 

2. Expect "late majority" adopters and laggards to accelerate their cloud investments in 2021.

The "work diaspora" is here to stay. With the largest tech companies allowing extended periods of WFH (work-from-home), and many other companies from all sectors offering or contemplating permanent opportunities for their workforce to work away from the office, the global workforce will continue to be distributed. Functional and technical elements of our computing infrastructure that have not yet moved to the cloud are quickly migrating there. Platforms ranging from data storage and artificial intelligence to security infrastructure have all taken root in the cloud, further propelling the growth of industry leaders Google, Amazon and other upstarts. And, with the speed, convenience and scalability of these platforms, companies can better manage growth, seasonality and other problems that were more difficult with self-managed dedicated hardware and software. 

3. Entertainment trends that started in 2020 will continue, including rapid mobile gaming growth, live events, including movie screenings and sports, will further rely on streaming revenue.

Whether you love or hate digital first-run blockbusters like the movie "Wonder Woman 84" or the videogame "Cyberpunk 2077", few of us can say that we haven't sought new entertainment options since the COVID pandemic shuttered theaters and other entertainment venues. With more powerful mobile phones, faster wireless and wired internet speeds, more digital and gaming content, most people are spending more time on their phones, on their laptops and in their living-rooms watching content and playing games. 

And while there are fewer and fewer live team sporting events, national and international sporting leagues and associations have found ways to keep their teams and fans safe while broadcasting their events online. For the gamers amongst us, Twitch and YouTube had already become popular places to watch pro's game and convene with other players. COVID has accelerated that adoption curve and we predict that we'll see even faster adoption in 2021 of mobile gaming and digital entertainment.

4. 2020 shopping innovations like curbside pickup and delivery options will be here to stay.

Before COVID, everyone dreaded a late-night visit to the market to pick up a quart of milk, or a visit to a crowded mall over the holidays to grab a last-minute gift.  And though in the past we've enjoyed the convenience of the brick-and-mortar outlets like Target, Best Buy, Walmart and our other favorite stores, we now have the option to capitalize on both the convenience of e-commerce and brick and mortar locations with options like curbside pickup and nearly instant home delivery from Postmates, Amazon and others. 

5. Cash apps and touchless payment have taken root; expect further financial app innovations like those that have been led by companies like Stripe, Square and Robinhood.

Rest assured, no one ever loved picking up an oft used pen to sign a credit card slip at a store or restaurant. The pandemic saw us adopting touchless checkout options like Apple and Google Pay, cash exchange apps like Venmo and Square Cash and other modes of payment. Now, with a press of a button, a wave of a phone, or a few sweeps on a screen, we can skip finding a credit card, writing checks, or digging up some dirty old bank notes. And with bank branch closures and limited visits to ATMs as a result of lockdowns, more and more people have adopted mobile banking apps and online banking, making it easier to manage money without human contact. 

Analysis and Implications

Everything Old Is New Again

With the accelerating adoption of wide-ranging mobile and digital technologies, there are now large communities of new and inexperienced users.  These new users, often elderly or very young, are not used to seeing and ignoring scams that target the naive. So, phishing scams, support scams, free offers and other scams all seem plausible to these users. In 2021 we will see the rehash of all the old scams — and more of them. 

"Idle hands are the Devil's workshop"

With millions out of work, and lumpy governmental support for people, small businesses and local governments, times will become more desperate, and there will be more bad actors targeting the new users mentioned above. As a result, losses due to fraud and deception will increase.

Organized Bad Actors Prevail

Organized bad actors, those that display a mastery of promoting fraud and deception in digital channels, will successfully fool new and old internet users. They'll grab attention using social, advertising and other means to drive traffic to web pages and websites where they can do the most harm. These organized perpetrators use multiple levels of obfuscation so brands without the appropriate level of technology-based intelligence will engage in one-off, whack-a-mole enforcement tactics. Meanwhile, these networks of bad actors will continue to bilk consumers out of money and personal information based on the trust earned by brands over years or decades. 

The business of working from home

With workers at home, sometimes distracted by their children, roommates, the news and other factors, bad actors will have a "field day." Combine a greater number of accessible systems and the vulnerabilities created by remote technologies with age-old and new techniques like spear phishing, business email compromise, malware, ransomware.  The result?  Bad actors will attack more companies through their remote workforce. 

Regulatory environment - a patchwork

With the global domain name system failing to abate abuse and, in fact, thwarting consumer protection, get ready for a patchwork of local laws targeting attribution and prosecution of bad actors. Add in expected new regulation on digital platforms that may reshape notice and takedown measures. Get ready for some confusion and turmoil in the world of notice and takedown related to local laws and regulations. 

What should brands do?

Aggressively monitor

Work cross-functionally with the product, commercial and marketing organizations at your company to understand the digital journey of your customers and aggressively monitor all digital channels for abuse targeting your customers' buying journey. 

Use advanced technologies to identify systemic abuse 

The latest technologies can help you find the bad actors who are most adept at using digital channels to attract your customers. Identifying systemic abuse will help you understand where you are most vulnerable and where you'll get the best "bang" for your brand protection "buck."

Prioritize organized actors

Focusing your brand protection efforts on organized networks of bad actors will yield the best return on investment. The trends listed earlier in this post mean that you are very likely to see increased abuse in 2021, but prioritizing the offenders who display mastery of digital channels will deliver meaningful results.

Use advanced attribution techniques

For the largest networks, disassemble how they work and who is behind them. Examining the source code for their web pages and apps, their privacy policies, underlying technologies and monetization methods will provide solid indicators of the identity of the perpetrators. 

Map networks of abuse, disassemble them and disable promotional and monetization modes

Map these abuse networks so you can identify the ones that are most complicated and use that intelligence to create a strategy to dismantle and disable them. Use the information about the network, its composition, who's behind it, the damage it causes your company and customers to take the network down from the root, no matter how deeply obscured or complex the network. 

Closing Thoughts

In 2021, we can be certain of two things:  The mobile and internet user attack surface has never been larger, showing no signs of shrinking, and bad actors are more agile and sophisticated in their methods than ever before. As a result, brands need to up their game.  Legacy brand protection methods will no longer suffice. New technology and cross-functional collaboration are crucial factors for abating these threats to business and our new lifestyle. 

Written by Frederick Felman, Chief Marketing Officer at AppDetex

Follow CircleID on Twitter

More under: Domain Names, Brand Protection, Web

Categories: News and Updates

Trump's Parting NTIA 5G Debacle

Domain industry news - Tue, 2021-01-12 17:54

As Trump's horrific Administration of non-stop debacles and self-serving gambits headed toward the exit over the past few weeks, one last regulatory grab after another has been pushed out the door while the toddler-in-chief rants. Sure enough, the last of the 5G debacles just appeared in the Federal Register courtesy of the President's policy instrument, the National Telecommunication and Information Administration (NTIA). It was titled the 5G Challenge Notice of Inquiry.

The NOI proposes that U.S. 5G private sector resources be re-vectored from participating in long-existing global 5G standards bodies to help advance self-serving schemes cooked up by some of Trump's supporters now resident in the DOD before they depart. The "challenge" would have DOD in effect replace 3GPP and other open global standards organizations as the U.S. body for developing 5G standards. The Biden Administration should shut down this proceeding immediately.

At the outset of Trump assuming power, he and his minions sought to destroy anything and everything global and build walls around the nation. This included 5G telecommunication and information systems and the global marketplace. Highly successful and fully open global 5G industry bodies were painted as closed and biased against American interests. Impediments were placed in the way of U.S. private sector participation, xenophobic equipment bans were instituted, and Friends of Trump marshalled for what has been described as raiding the Federal funding and spectrum piggy banks. It is the successor to the cockamamie scheme to federalize the national 5G services proposed earlier.

Historically, the playbook of the Harding Administration a century ago was resurrected. A gopher for one of Trump's only Tech supporters was brought into the White House and appallingly named as the "U.S. CTO" to write Trump's pronouncements and then moved over to DOD in a senior position to pry open the piggy banks. Never mind their pronouncements made plain an utter lack of understanding of 5G.

The reality is that substantial U.S. private sector 5G resources exist and being demonstrably deployed today for nominally effective participation in existing fully open global 5G specifications bodies. The new Biden Administration has an opportunity to significantly enhance that participation to the benefit of America and the world. Trump's minions cooking up a scheme to re-vector those resources to line their own pockets as they turn in their badges is nothing less than reprehensible. The NTIA 5G Challenge NOI should be terminated immediately.

Written by Anthony Rutkowski, Principal, Netmagic Associates LLC

Follow CircleID on Twitter

More under: Access Providers, Broadband, Internet Governance, Mobile Internet, Policy & Regulation, Telecom, Wireless

Categories: News and Updates

Are Big Tech CFOs (Inadvertently) Stealing From Shareholders?

Domain industry news - Tue, 2021-01-12 17:37

When valuing a stock, analysts and shareholders evaluate always revenue and profit. Big tech COFs are sitting on assets worth tens of millions of dollars of annual profit (not just revenue, but true profit) in the form of unallocated IPv4 addresses. By not selling or leasing these out, they are incurring expenses to hold them and missing out on tremendous profits. At a 20X multiple (for context, Cisco is trading at nearly 18X earnings, Google at just over 33X earnings, Shopify at well over 700X earnings), big tech CFOs are actively preventing over $250 billion in market capitalization for their shareholders.

While these CFOs sit on sleeping (unallocated) IPv4 inventory, there is tremendous demand for those address blocks. So much so, that the federal government may step in. In February 2011, the last legacy blocks of IPv4 addresses were split among and distributed by Regional Internet Registries (RIRs). Many addresses were still available after this date, this threshold simply meant that supply was "officially" limited. Over the past 12 months, each of the five international registries responsible for allocating IP addresses to businesses has reported their stock is almost entirely depleted.

RIPE NCC, the European RIR, used a court order to seize IPv4 addresses from a bankrupt enterprise a few months ago. The US Congress considered language to direct the Department of Defense to sell off its unallocated IPv4 blocks. Think of what this means: the US government is watching international precedent for using litigation, legislation, and regulation to take IPv4 addresses from businesses. Simultaneously, they are working to sell off their own. I don't have a crystal ball, but this certainly looks like we are moving toward forcible seizure of sleeping IPv4 inventory from big tech — who are already missing out on hundreds of billions of dollars in market capitalization for shareholders by sitting on these inventories.

So what can we do? "We" must demand that big tech CFOs realize the profit of their IPv4 assets by selling them or leasing them on a secure exchange. I fear that if they don't take this simple step, not only will stockholders miss out on years of profit and correlating earnings multiples, those enterprises will ultimately be forced to give up their IPv4 inventory at a loss in the next 3-5 years. This isn't theory: we're actively watching a perfect storm of a global IPv4 shortage, new precedent to forcibly reintroduce IPv4 blocks into the open market, and federal government awareness of the issue.

Are you a financial decision-maker at a big tech organization? Do the right thing for your shareholders and internet users. We are relying on you to reintroduce your IPv4 addresses into the marketplace to create more sustainability as the internet evolves. Plus, imagine how happy your shareholders will be when you help them realize your portion of the more than $250 billion available?

Need some direction? Websites like IPXO will help you lease your IPv4 addresses to realize recurring revenue. If you'd rather sell and realize profits once, services like, HILCO, Apnic, Prefixx, and others can help. It's not labor-intensive or time-consuming. You won't have to hire anyone or spend resources training staff. In fact, it's probably the easiest way your enterprise will make tens of millions of dollars this year. I don't know that it's ever been easier and more profitable to do the right thing!

Written by Vincentas Grinius, CEO and Co-Founder at IPXO

Follow CircleID on Twitter

More under: Data Center, Internet of Things, IP Addressing, IPv6, Telecom

Categories: News and Updates

Theme by Danetsoft and Danang Probo Sayekti inspired by Maksimer