Defunct AlpNames Had History As A Home For Phishing

The now defunct AlpNames, who had its Registrar Accreditation Agreement terminated by ICANN this week after the discounted registrar appears to have disappeared, has a history of being a home to spammers and scammers.

In a letter from the Independent Compliance Working Party to ICANN by a number of technology companies in February 2018 it was claimed there was a problem with ‘one particular party’: AlpNames. AlpNames it was claimed, among other problems, was responsible for over half the “new gTLD domains that have been blacklisted by Spamhaus.”

The members of the Independent Compliance Working Party, Adobe Systems, DomainTools, eBay, Facebook, Microsoft and Time Warner, asked ICANN to resolve problems they identified, with AlpNames the only registrar named.

“Troublingly”, the letter notes, “there also is a clear problem with one particular contracted party:

We find distinctive common patterns in domain name registration further suggesting malicious registrations. For example, we find 9,376 .link domains of which 9,256 were created in the first quarter of 2016 and 9,253 were registered with Alpnames Limited registrar.

  • …for 37.09% of the abused new gTLD domains reported by StopBadware, the sponsoring registrar is located in Gibraltar. Almost 195 abused new gTLD domains per 10,000 located in Gibraltar are abusive. (Note: Alpnames is located in Gibraltar.)
  • …we find that the abuse is driven by a single registrar: Alpnames Limited. For example, during the study period this registrar has acted as the sponsoring registrar for 53.97% (59,044) of the new gTLD domains that have been blacklisted by Spamhaus.
  • … one registrar, Alpnames Limited, having a high volume of abusive new gTLD domains reported by both Spamhaus and SURBL.”

The letter also notes there are problems with various generic top level domains, both legacy (in particular .com although it does have 137.3 million domain names, ten times the size of the next biggest gTLD, .net, with 13.7 million).

“Additionally, according to the [Statistical Analysis of DNS Abuse in gTLDs (SADAG)] report:

The number of abused phishing domains in legacy gTLDs is mainly driven by the .com gTLD and at the end of 2016 represents 82.5% (15,795 of 19,157) of all abused legacy gTLD domains considered in this study.

  • …the five new gTLDs suffering from the highest concentrations of domain names used in phishing attacks listed on the APWG domain blacklist in the last quarter of 2016 collectively owned 58.7% of all blacklisted domains in all new gTLDs.
  • …we observe as many as 182 and 111 abused .work and .xyz domains, respectively. The results indicate that the majority of .work domains were registered by the same person. 150 domains were registered on the same day using the same registrant information, the same registrar, and the domain names were composed of similar strings. Note that only 150 abused domains, blacklisted in the third quarter of 2015, influenced the security reputation of all new gTLDs.
  • …the overwhelming majority of malware domains, which were categorized as compromised, belong to one of four new gTLDs: .win, .loan, .top, and .link (77.1%, which represents 19,261 out of 24,987 domains).”

There are also “regrettably stark increases and serious concentrations of abuse across legacy and new gTLDs, registries and registrars, and in the proliferation of spam, malware, phishing and other harms. For example, according to the Domain Abuse Activity Reporting (DAAR) System report:

  • the 25 most exploited TLDs account for 95% of the abuse complaints submitted to DAAR.
  • Five TLDs alone are responsible for more than half of abuse complaints.

The letter says “You’ll agree these are troublesome statistics, and are antithetical to a secure and stable DNS administered by ICANN.”

“We are alarmed at the levels of DNS abuse among a few contracted parties, and would appreciate further information about how ICANN Compliance is using available data to proactively address the abusive activity amongst this subset of contracted parties in order to improve the situation before it further deteriorates.”

In his reply, Hedlund notes there are limitations as to what ICANN to do. He notes the current Registry Agreement “do not authorize ICANN org to require registries to suspend or delete potentially abusive domain names. Similarly, the RAA does not authorize ICANN org to require registrars to suspend or delete potentially abusive domain names. Instead, under RAA Section 3.18, registrars are required to take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse. Registrars are also required to review well-founded reports from law enforcement and other similarly designated authorities within 24 hours of receipt. There is no requirement in the RAA that requires registrars to suspend or delete reported domains.”

Hedlund writes that “to terminate registrars with high rates of abusive domains under management … a ‘court of competent jurisdiction’ must judge against the registrar prior to ICANN org taking action.”

The letter from the Independent Compliance Working Party is available to read in full at:
https://www.icann.org/en/system/files/correspondence/vayra-to-hedlund-27feb18-en.pdf

The letter from Jamie Hedlund, Senior Vice President, Contractual Compliance and Consumer Safeguard, in response is available to read in full at:
https://www.icann.org/en/system/files/correspondence/hedlund-to-vayra-04apr18-en.pdf

For more on AlpNames’ history, and what might happen next, check out the Domain Incite report here.

Farsight Security Debuts Investigative Reporter Grants Programme With Free DNS Database Access

Farsight Security announced a new grant programme last week that provides free access to their DNSDB, which they describe as the world’s largest passive DNS database, for investigative reporters.

Farsight explains that the Domain Name System (DNS), as the infrastructure of the Internet, records every action online and this leaves behind a digital trail of DNS assets. Starting with a suspicious IP address or domain name, leading news organisations use DNSDB to uncover and confirm previously hidden or known information for stories about disinformation campaigns, fraud, election security, and other breaking news.

“This DNS tool is astounding,” an anonymous investigative reporter, for a national broadcast network, said in a quote used by Farsight. “It’s a powerful tool that’ll help me keep people accountable.”

Internet pioneer and Farsight Security CEO Dr. Paul Vixie will conduct a hands-on training class entitled, “Finding the story: Using DNS Search for Investigative Journalism” at the 2019 Computer-Assisted Reporting Conference (CAR) Conference, an annual conference devoted to data journalism that will take place in Newport Beach, California, March 7th – 10th, 2019.

To honour its commitment to making the Internet safer for all users, Farsight Security has always offered grants for DNSDB® and other DNS Intelligence solutions to vetted researchers, law enforcement, and other non-profits. As part of its new Journalism Grants programme, Farsight will offer qualified investigative reporters free access to Farsight DNSDB. Among the grant requirements, reporters must:

  • Work for a major print, broadcast or online news organisation
  • Work as an investigative reporter, editor or data journalist
  • Attend a two-hour media workshop DNSDB training course

More details on the programme and to apply for a grant to use DNSDB, visit here. The program is available now and is free for qualified journalists.

Escrow.com Has Bumper 2018 With 57% Growth As They Continue To Build The World’s Best Escrow Service

Today we have another instalment in our Q&A series, this time with Escrow.com. Escrow.com had a bumper year in 2018, with a 57% increase in domain transactions, but this was slightly tempered by the scammers and fraudsters online, while the “the regulatory environment is growing more complicated and challenging every day.” Looking forward, Escrow.com is aiming to “build the best online escrow service in the world. One of the greatest opportunities Escrow.com has is to get better and more efficient at what it already does well.” They also see dot-com remaining “king” of the TLDs and “domain names are as relevant now as they have ever been.”

Escrow.com provides escrow services, including to the domain name industry, holding money until both parties agree it should be released such as when a domain name is transferred following a sale, avoiding banks and lawyers, while providing certainty that payment will be made.

Domain Pulse: What were the highlights, lowlights and challenges of 2018 in the domain name industry for you?

Escrow.com: While the Escrow.com team values each and every domain transaction that it facilitates, the million-dollar-plus domains do tend to grab our attention. In 2018, Escrow.com saw a 57 per cent increase over the previous year of domain transactions worth over $1 million that closed on the platform. This figure reflects the broader volumes of transactions that Escrow.com saw in 2018, which suggests a healthy and liquid domain market.

Lowlights involve the various scammers and fraudsters that invariably try to take advantage of others via the internet. Fortunately, Escrow.com has industry-leading security and quality assurance mechanisms in place to protect users against such individuals.

As for challenges, the regulatory environment is growing more complicated and challenging every day. However, Escrow.com is working very hard to meet and exceed these obligations, and to help our users navigate through the steps they need to take to stay safe, secure, and compliant.

DP: GDPR – good, bad and/or indifferent to you and the wider industry and why?

Escrow.com: Escrow.com is, of course, entirely GDPR compliant. However, it should be noted that, being a financial service provider, GDPR tends not too much of an effect on Escrow.com’s day-to-day operations.

More broadly, GDPR may sometimes make it more difficult to access information about domain name transactions on services such as WHOIS, as records of some domain owners will no longer be readily available under the GDPR rules. This could have the effect of making it harder to verify if someone owns a domain name or whether a transfer actually takes place.

DP: What are you looking forward to in 2019?

Escrow.com: Despite some gathering headwinds in the global economy, the Escrow.com team hopes that the domain industry maintains the momentum it saw in 2018. Nevertheless, the domain economy and the broader global economy operate independently of our business, so Escrow.com will continue striving to build the best product and service it can. To this end, Escrow.com looks forward to working with its customers and partners across the globe.

DP: What challenges and opportunities do you see for the year ahead?

Escrow.com: The global economy has the potential to present a challenge in the year to come. However, it is not expected that this will distract Escrow.com from its mission to build the best online escrow service in the world. One of the greatest opportunities Escrow.com has is to get better and more efficient at what it already does well. Having dealt with some significant technical legacy over the past couple of years, it is expected that the improvements to the Escrow.com system to be more customer focused will soon become evident to everyone who uses Escrow.com in some capacity.

DP: 2019 will mark 5 years since the first new gTLDs came online. How do you view them now?

Escrow.com: As Escrow.com is a supplier to the domains industry, it doesn’t particularly matter too much which extension a domain claims. That said, dot-com domains are still king and make up a vast majority of Escrow.com domain transactions.

DP: Are domain names as relevant now for consumers – business, government and individuals – as they have been in the past?

Escrow.com: Absolutely, domain names are as relevant now as they have ever been. The world population continues to grow year by year, the percentage of the population online continues to increase with it, and the usage of online services by those online continues to increase as well.

This all points to domains increasing their relevance over time. For both individuals and businesses, the value of being discoverable online shows no signs of abating.

Previous Q&As in this series were with:

  • EURid, manager of the .eu top level domain (available here)
  • Katrin Ohlmer, CEO and founder of DOTZON GmbH (here)
  • Afilias’ Roland LaPlante (here)
  • DotBERLIN’s Dirk Krischenowski (here)
  • DENIC (here)
  • Internet.bs’ Marc McCutcheon (here)
  • nic.at’s Richard Wein (here)
  • Neustar’s George Pongas (here)
  • CentralNic’s Ben Crawford (here)
  • CIRA’s David Fowler (here)
  • Jovenet Consulting’s Jean Guillon (here)
  • GGRG’s Giuseppe Graziano (here)
  • Blacknight Solutions’ Michele Neylon (here)
  • Public Interest Registry’s CEO and President Jon Nevett (here).

If you’d like to participate in this Domain Pulse series with industry figures, please contact David Goldstein at Domain Pulse by email to david[at]goldsteinreport.com.

Webinar: Enrich Your Investigations With DomainTools Iris for Maltego

Maltego is an open-source intelligence platform leveraged by practitioners for information gathering and data mining, providing a library of transforms for discovery of data from a variety of sources, and a visualization of the information to quickly bubble up relationships between pieces of information. In this webinar, learn how DomainTools and Maltego have simplified and expedited cyber investigations by extending crucial enrichment data (like DNS, Guided Pivots, historical Whois, and SSL certificates) to provide a seamless workflow for both Maltego and DomainTools Iris users.

February 6, 2019 at 10:00 US Pacific Time/13:00 US Eastern Time

Join Senior Sales Engineer, Taylor Wilkes-Pierce, to learn how to:

  • Map connected infrastructure, run correlations, look at attribution, highlight risky domains, etc. to surface meaningful insights
  • Increase the chance of intersection with existing graph data from other sources to open up new investigative pathways
  • Quickly identify which graph node to pivot on by consulting the Guided Pivot count present on nearly every entity these transforms act on
  • Conduct investigations with real world examples leveraging both DomainTools and Maltego

For free registration, go to:
https://www.domaintools.com/resources/videos/webinar-enrich-your-investigations-with-domaintools-iris-for-maltego

‘New gTLDS Are The Future’ Says Jovenet’s Jean Guillon in Today’s Q&A


Today we have another Q&A, this one with Jean Guillon who has his own consulting company specialising in domain names, Jovenet Consulting. He describes himself as a New gTLD consultant and evangelist with experience as a Registrant, a Registrar and as a Registry. So he’s seen the domain name industry from every angle. And Jean is excited about the opportunities new gTLDs offer, for one, allowing registrants to choose domains that “offer more precision and more descriptiveness”.

Jean looks at the highlights such as more good websites using new gTLD domain names, while the inordinate amount of time ICANN is taking to launch a second round of new gTLD applications is frustrating him. The EU’s GDPR is a “waste of time” but 2019 is set to offer him some great opportunities including the .BEST project and working in a team.

Domain Pulse: What were the highlights, lowlights and challenges of 2018 in the domain name industry for you?

Jean Guillon: In 2018, I noticed that new gTLD registration volumes (volumes of domains registered for new gTLDs) were lower for many extensions in December 2018 when compared to January. I guess that is a lowlight.

The highlight is that there are plenty more of very good websites using new gTLDs: for example, many generic second level domains now point to a live website and not a parked page. A lowlight is the time ICANN takes from the end of the first round to be able to announce a date for the next round. I sometimes read in the ICANN community’s correspondence and wonder: what do these people do to make it so slow? Why does it take so long, why is the process so complex? Can’t someone just “decide”. The .AMAZON case is a good example.

DP: GDPR – good, bad and/or indifferent to you and the wider industry and why?

JG: Totally indifferent about it. GDPR is a waste of time to me and just another “cookies crap pop-up” that pollutes my screen and make me less efficient when I need to navigate on Internet. Now, if it helps lawyers and other specialists to “sell more”, then it is fine with me, I know how it works. I have not met nor shared with one single person who told me something positive about the GDPR.

The front page of the European Commission’s official GDPR website says: “…people have more control over their personal data and businesses benefit from a level playing field”: is there someone naive enough in the whole wide world to think that the GDPR is going to make any difference? When one wants to use your data, they do so and don’t tell you. Once they have, do you think that the GDPR makes a difference? No because it is too late. When your data is stolen from your telco company, your registrar or your bank, do you think that the GDRP can help? No.

DP: What are you looking forward to in 2019?

JG: Two things: one is personal, the other is about our industry:

1) Work in a team, not alone anymore. I have been doing that for 7 years now and the second round is coming, I don’t want to face it alone because there is business to do with .BRANDs, more Generic and Geographic TLDs to create, and innovation to develop with new gTLDs.

2) The .BEST new gTLD has that little “something” that could bring innovation to the Net. It is adapting an entire domain name extension to a new kind of social network: in 2019, I want to see something that has never been invented in the history of Internet so I am keeping an eye on that project.

DP: What challenges and opportunities do you see for the year ahead?

JG: A challenge for me will be to find the right family to work for in the new TLD industry: a backend registry, a registrar, a law firm or an existing, (or “to be created”) registry. I am a little worried about this because innovation is my thing and some innovative (and lucrative) new gTLD projects require a little time to develop so they can be activated once the extension has been acquired. I am not fast enough on that approach of the next round so it is a challenge. I can’t get the attention of Qwant, Google, Duck Duck Go or Microsoft on project “John Wolley – not just another new gTLD” for example. This is an annual $50M ROI project that I would like to find a company to develop. Unfortunately, this comes too early in the history of Internet I believe. Try to Google “Project John Wolley“, you should find something connected to Jovenet Consulting 😉

Another Challenge will be to convince Trademarks that they can use their .BRAND as a tool to generate an annual or monthly income from a service based on their domain names, not generic ones: you don’t necessarily need to sell domain names to generate an income from a registry. You can rent an online access to a platform using your “.brand” domain names and when you control all domains. It makes a serious difference when the cost of your service pays for the annual domain name renewal. The .TEL new gTLD tried that, but that was in 2007 and things have changed.

DP: 2019 will mark 5 years since the first new gTLDs came online. How do you view them now?

JG: I read a lot of negative things about new gTLDs but one thing is for sure: new domains offer more precision and more descriptiveness in the name itself since the extension can be adapted to the subject of the website. “.com” does not offer that. I still view new gTLDs as the future because – and I think that is a good example to use – a shoe store, for example, will have one or two competitors in the same street of Paris right? On Internet and a similar geographical location, he could have hundreds and probably 10 on the first page of Google’s results. When you identify this website using the extension, you don’t get an SEO advantage but you get the branding one: the extension gives another information and allows to faster identify that the website is about and the subject you are looking for. It is the exact same with .BRAND new gTLDs: you identify the Trademark thanks to the extension. New gTLDs are developing. Let’s just say that they have the future in front of them to do so… and they will.

DP: Are domain names as relevant now for consumers – business, government and individuals – as they have been in the past?

JG: I’d say that it is a matter of generation: people grow up with domain names. I even start to see new domains advertised in the Paris’ tube. People learn about domains because they notice them not only online but offline too. Website users and bloggers now tend to use a domain name when in the past, they’d sticked to a long and ugly URL, this is changing (even in France). Domains are even more relevant now for individuals I would say.

Previous Q&As in this series were with EURid, manager of the .eu top level domain (available here), with Katrin Ohlmer, CEO and founder of DOTZON GmbH (here), Afilias’ Roland LaPlante (here), DotBERLIN’s Dirk Krischenowski (here), DENIC (here) Internet.bs’ Marc McCutcheon (here), nic.at’s Richard Wein (here), Neustar’s George Pongas (here), CentralNic’s Ben Crawford (here) and CIRA’s David Fowler (here).

If you’d like to participate in this Domain Pulse series with industry figures, please contact David Goldstein at Domain Pulse by email to david[at]goldsteinreport.com.

.CA Has Best Year Ever in 2018 as ccTLDs Offer Advantages of ‘Flexibility, Recognition and Trust’ For Many Over New gTLDs: CIRA

Canada’s ccTLD had its best year ever in 2018, outgrowing its peers around the world, says David Fowler, Vice-President, Marketing and Communications for the Canadian Internet Registration Authority in today’s Domain Pulse Q&A. Fowler also addresses the importance of privacy and how, in 2019, “one of [CIRA’s] main objectives is to get .CA domain names into the hands of more Canadians”. The challenge for the industry is how “to find ways to innovate and reach new customers in a mature market” while in 2019 CIRA is working towards “ensuring that all Canadians have a safe and secure online experience.”

Canada’s ccTLD had its best year ever in 2018, outgrowing its peers around the world, says David Fowler, Vice-President, Marketing and Communications for the Canadian Internet Registration Authority in today’s Domain Pulse Q&A. Fowler also addresses the importance of privacy and how, in 2019, “one of [CIRA’s] main objectives is to get .CA domain names into the hands of more Canadians”. The challenge for the industry is how “to find ways to innovate and reach new customers in a mature market” while in 2019 CIRA is working towards “ensuring that all Canadians have a safe and secure online experience.” New gTLDs add choice, Fowler notes, but they have a different business model to country code top level domains but feels “ccTLDs provide greater flexibility, stronger brand recognition, and a trust factor that makes them the best choice for their online identity.” Domain Pulse: What were the highlights, lowlights and challenges of 2018 in the domain name industry for you? David Fowler: The highlight of 2018 was having our best year ever for .CA domain names and outgrowing the market. We’re proud that .CA domain names grew by more than five per cent in a market that is experiencing flattening growth. The challenge for our entire industry is to find ways to innovate and reach new customers in a mature market. While we live and breathe the internet every day, there are still far too many Canadians being left behind in the digital transformation—it is our mission to reach them and bring them online. CIRA dotCA logo DP: GDPR – good, bad and/or indifferent to you and the wider industry and why? DF: Privacy is a major issue in our industry, and CIRA respects the privacy of our customers. Since 2008, CIRA has provided privacy to our individual registrants in the WHOIS. While we have not been impacted by GDPR as significantly as our European counterparts, ensuring that our customers feel comfortable and safe participating in the internet economy is essential to our industry’s growth. In Canada, we recently saw a strengthening of our privacy laws, and given the current cybersecurity landscape, CIRA supports strong privacy regulations for our customers. DP: What are you looking forward to in 2019? DF: The internet is always changing, that’s what makes it such an exciting industry to be a part of. In 2019, one of our main objectives is to get .CA domain names into the hands of more Canadians. We know that having a website is a critical element in the digital economy, and we are looking forward to reaching out to the next generation of domain name buyers, including small businesses and individuals, to help them get online. We also recognise the importance of ensuring that all Canadians have a safe and secure online experience. We want to make sure that all Canadians have cybersecurity protection—not just large enterprises with massive budgets. We will also continue to innovate on our industry leading Fury Registry Platform and will have some major milestones to announce in the coming months. As always, we are staying on top of the trends and changes that are influencing the internet in Canada and doing all we can to ensure Canadians can access, thrive and succeed online. DP: What challenges and opportunities do you see for the year ahead? DF: The challenge for CIRA is to continue to think about how to help Canadians succeed online. While in many ways our industry is mature, there is still plenty of opportunity to provide value to our customers. CIRA is the guardian of the .CA domain name registry, but we also work every day to improve Canada’s internet infrastructure through our work with Internet Exchange Points; to protect Canadians online with our D-Zone DNS Firewall; and to promote our national internet ecosystem through our Community Investment Program. DP: 2019 will mark 5 years since the first new gTLDs came online. How do you view them now? DF: Choice is always important, and a healthy industry is one where consumers have options, so in that respect gTLDs were a necessary element in the evolution of the domain name industry. However, gTLDs have a different business model, and while that may work for certain niche industries, we have seen their growth start to dwindle as consumers return to domain names with a longer track record. We believe this is why .CA domain names have largely bucked the trend and continued to grow, even among increased competition. It is clear that for many consumers, ccTLDs provide greater flexibility, stronger brand recognition, and a trust factor that makes them the best choice for their online identity. DP: Are domain names as relevant now for consumers – business, government and individuals – as they have been in the past? DF: Domain names are more relevant now than ever before. As every aspect of our lives goes online—from government services to banking to what to eat for dinner each night—ensuring that these services are easy and intuitive to find is essential to improving access. While social media platforms are powerful, organizations are beginning to realize the issues involved with not owning their own content, their audience or even having full control over their brand. The value of a having a website you own, content you control, and a domain name that is easy to remember, reflects your brand, and is safe and secure is essential to the success of a modern business. Previous Q&As in this series were with EURid, manager of the .eu top level domain (available here), with Katrin Ohlmer, CEO and founder of DOTZON GmbH (here), Afilias’ Roland LaPlante (here), DotBERLIN’s Dirk Krischenowski (here), DENIC (here) Internet.bs’ Marc McCutcheon (here), nic.at’s Richard Wein (here), Neustar’s George Pongas (here) and CentralNic's Ben Crawford (here). If you’d like to participate in this Domain Pulse series with industry figures, please contact David Goldstein at Domain Pulse by email to david[at]goldsteinreport.com.

‘ICANN’s Naïve and Unprofessional GDPR Approach’ A 2018 Lowlight Says nic.at’s CEO, But Celebrating Triple .AT Anniversaries A Highlight

“ICANN’s naïve and unprofessional approach to” the EU’s GDPR was one of 2018’s lowlights says Richard Wein, CEO of Austria’s ccTLD registry nic.at in today’s Domain Pulse Q&A with leading industry figures, looking at the year in review and year ahead. GDPR planning dominated many European ccTLDs in the first half of 2018 to the detriment of other work, but while Wein has come concerns about the GDPR, he wonders if it is a “sledgehammer to crack a nut”. Overall he thinks it’s a positive and now he’s happy about how the team at nic.at responded to the European Union’s consumer data protection regulation.

“ICANN's naïve and unprofessional approach to” the EU's GDPR was one of 2018's lowlights says Richard Wein, CEO of Austria's ccTLD registry nic.at in today's Domain Pulse Q&A with leading industry figures, looking at the year in review and year ahead. GDPR planning dominated many European ccTLDs in the first half of 2018 to the detriment of other work, but while Wein has come concerns about the GDPR, he wonders if it is a “sledgehammer to crack a nut”. Overall he thinks it's a positive and now he's happy about how the team at nic.at responded to the European Union's consumer data protection regulation. A positive highlight was nic.at celebrating 3 anniversaries: “30 years of .at, 20 years of nic.at and Stopline and 10 years of CERT.at.” Looking ahead, Wein believes 'it's still far too difficult to register your own domain, set up e-mail or create a new website'. Largely, Wein believes, new gTLDs haven't lived up to expectations, with a few exceptions, and currently doesn't believe a second round of applications is needed. Domain Pulse:What were the highlights, lowlights and challenges of 2018 in the domain name industry for you? Richard Wein: I think that the first half of 2018 was particularly shaped by the effects of the GDPR. Many registries (especially European ccTLDs) seemed paralysed and put all other plans and projects on hold. This was also the case for nic.at. ICANN’s naïve and unprofessional approach to this topic was a real disappointment, and the necessary measures were taken far too late. A “normal” company would have been punished by the markets for this kind of performance. But I am proud to say that we manged to finish the project in time with a new privacy policy and new internal processes for .at which were ready on May 25 – with a solution which was at the same time pragmatic, legally correct and end-user friendly. The whole nic.at team had put lots of effort in this project and we can see now, 6 months later, that we took the right decisions and found a good way to deal with it. The market changes were also exciting, especially among the gTLD registries – the sale of Donuts was a good example of this. It was also interesting to note the rather sobering registration numbers worldwide. Real (natural) growth is happening only in low single digits, so the whole industry will have to adjust to much tougher times and every market participant, whether registry or registrar, must take appropriate measures. Our nic.at company highlight was of course the anniversaries we celebrated in 2018: 30 years of .at, 20 years of nic.at and Stopline and 10 years of CERT.at. We had a big party for our partners and were able to show all the activities and initiatives we are undertaking for Austria’s internet community. DP: GDPR – good, bad and / or indifferent to you and the contrary to industry and why? RW: Essentially, protection of data is very positive to see and any initiative in this area is to be welcomed. The only question is whether the GDRP was a sledgehammer to crack a nut. Unfortunately the original goal of putting the big data monsters such as Facebook, Google etc “on a leash” was not achieved, and yet enormous bureaucratic hurdles have been created for many companies and government agencies. It is clearly positive that awareness of data protection and sensitive (personal) data in all areas has significantly increased. After around 8 months of “live” GDRP the onslaught expected by many (including us), e.g. requests for information because there is now no public WHOIS, completely failed to materialise.
In my opinion, the world can survive very well without a public WHOIS. DP: What challenges and opportunities do you see for the year ahead? RW: I think the whole industry will have to make an effort to bring their products to the market in a way that is more understandable, simpler, and accessible without much (technical) know-how. In my opinion it is still far too difficult to register your own domain, then set up your own e-mail or create a new website. The subject of “digitisation” is currently on everyone's lips, but it has negative connotations; so a lot of work must be done to convert this to a more positive, beneficial impression. This involves domains and all associated products. DP: 2019 will mark 5 years since the first new gTLDs came online. How do you view them now? RW: All in all (apart from a few exceptions), positive hopes and expectations have not been realised. Many of the gTLD registries are still struggling to survive, and I have not seen any evidence of the frequently described “dotbrand” hype, so the new gTLDs will probably remain a “niche” for another year. The consolidation process will continue, both with the registries and the backend providers, but also with the registrars. A few gTLD's will be established on the market (and among users), many of the others will disappear again. At the moment I do not see any need for a second round (at least from the demand side), but clearly some want to utilise their (technical and sales) scaling effects to offer new gTLDs as quickly as possible, and put them on the market. DP: Are domain names as relevant now for consumers – business, government and individuals – as they have been in the past? RW: A clear YES to this. If you look at the number of users of “social media”, such as FB or Instagram, there is a clear negative trend. It's not about either / or, but businesses in particular will develop a balanced “online strategy” and this includes their own website with one (or more) domains. Of course, there is some saturation, but there is still enough global potential to increase awareness of domains and to secure growth over the long term. Previous Q&As in this series were with EURid, manager of the .eu top level domain (available here), with Katrin Ohlmer, CEO and founder of DOTZON GmbH (here), Afilias’ Roland LaPlante (here), DotBERLIN’s Dirk Krischenowski (here), DENIC (here) and Internet.bs' Marc McCutcheon (here). If you’d like to participate in this Domain Pulse series with industry figures, please contact David Goldstein at Domain Pulse by email to david[at]goldsteinreport.com.

NamesCon Joins Black Friday Frenzy With 25% Discount on Passes

Americans in particular get a little excited about Black Friday sales to coincide with Thanksgiving and Christmas but a month away. And NamesCon is no different. They’re offering 25% off the current price for all passes bought between Friday 23 and Monday 26 November

Americans in particular get a little excited about Black Friday sales to coincide with Thanksgiving and Christmas but a month away. And NamesCon is no different. They’re offering 25% off the current price for all passes bought between Friday 23 and Monday 26 November.

The discount is only available by following this link:
eventbrite.com/e/namescon-global-2019-tickets-42541784623?discount=FridayMonday

Currently standard passes are available for $399, while VIP passes cost $599, and this ends on 30 November. So 25% makes for a handy discount – almost $100 on the standard pass and $150 on VIP passes.

Standard passes will cost $699 from 1 December to 26 January and $999 at the door, while VIP passes will cost $899 from 1 December to 26 January and then $1,349 at the door, all plus booking fees.

NamesCon is holding their flagship event at the Tropicana Hotel in Las Vegas from 27 to 30 January 2019, and it has, so NamesCon claims, grown to be the largest and most anticipated domain industry event of the year. There’s a focus on quality networking and compelling content.

It’s expected that well over 1,000 people will attend, and their 2017 conference drew nearly 1,300 delegates from around the world. Attendees at NamesCon come from all aspects of the domain industry, from registrars, registries, web hosting companies, attorneys, brand managers, domain name investors, start-ups, affiliate marketing companies, parking companies, financial service providers, individual end-users, and everyone else in between!

NamesCon was acquired by WorldHostingDays in 2016 so that both organisations could benefit from the synergies between the domain, hosting and cloud industries. Their teams now jointly produce more than 10 industry events internationally each year, from blockbuster global shows to highly focused regional events and invite-only CXO retreats.

And submissions for their live domain name auction are now open! Click here for more information.
rotd.com/auction-submission

DomainTools Webinar: The Beginner’s Guide to Mitigating Phishing Attacks

According to the FBI, U.S. businesses alone suffer from nearly $343k in damages every hour from phishing – and this number has been going up year over year for the last five years. Phishing by definition is a fraudulent attempt to gain access to sensitive data and leverage such data for malicious purposes. Most commonly this is done by disguising malicious links to distributed malware

According to the FBI, U.S. businesses alone suffer from nearly $343k in damages every hour from phishing – and this number has been going up year over year for the last five years. Phishing by definition is a fraudulent attempt to gain access to sensitive data and leverage such data for malicious purposes. Most commonly this is done by disguising malicious links to distributed malware.

In this webinar, Corin Imai, Senior Security Advisor at DomainTools will take a look at the steps to executing a phishing attack and the potential ways to help mitigate the risk.

November 14, 2018 at 10 AM PT/1 PM ET

In this webinar, you will learn:

  • Real world examples of attacks leveraging phishing vectors
  • 5 steps of executing a phishing attack – if I can do it, surely anyone can
  • 5 ways to mitigate your risk of a phishing attack

To register for this webinar, click here.

NamesCon 2019 Is Coming With A Halloween Flash Sale Next week

Anyone thinking of going to NamesCon 2019 in January at the New Tropicana Las Vegas and who hasn’t yet got a ticket might want to think about taking advantage of the autumn pricing available until the end of November, or even their Halloween Flash Sale next week from 29 October to 1 November

Anyone thinking of going to NamesCon 2019 in January at the New Tropicana Las Vegas and who hasn’t yet got a ticket might want to think about taking advantage of the autumn pricing available until the end of November, or even their Halloween Flash Sale next week from 29 October to 1 November.

Autumn (or fall) pricing sees standard tickets/passes available for $399 and VIP tickets for $599 until 30 November, but there’s a 20% discount available during the Halloween Flash Sale (only through the NamesCon link here). From 1 December prices go up again until the standard ticket price at the door jumps to $999.

In addition, NamesCon is in the middle of a testimonial campaign and they’re looking for quotes on how much you love NamesCon to share with the NamesCon community. As a reward, they’ll give you 25% off your tickets for the next 3 weeks, as well as the chance to win a ticket for someone who has never attended. Although whether you can combine discounts such as the testimonial and Halloween special will be something you’ll need to talk to NamesCon about.

The difference between standard and VIP tickets are that standard tickets unlock admission to all sessions and keynotes, evening networking events (except those that are RSVP-only), and the domain auction. While VIP tickets offering all the benefits of a standard attendee pass, plus a VIP status identified on badge, expedited event admission, VIP session seating, access to the NamesCon VIP Lounge, daily catered lunch and an exclusive swag. There are a limited number of VIP tickets.

NamesCon Global is billed as the largest annual domain-industry conference, attracting professionals from around the world. Attendees will experience compelling keynotes, informative panels, and hands-on workshops led by industry experts. Aside from the actionable content you’ll see on stage, NamesCon also facilitates valuable personal connections through engaging social events and structured business networking opportunities.

NamesCon will connect you to all aspects of the domain industry, from registrars, registries, web hosting companies, attorneys, brand managers, domain name investors, start-ups, affiliate marketing companies, parking companies, financial service providers, individual end-users, and everyone else in between! Surveyed attendees tell us every year that the networking at NamesCon is second to none. This is an energetic, 4-day event set against the backdrop of fabulous Las Vegas, so you’ll have no shortage of activities to fill your schedule!