[Comments-cct-recs-27nov17] HosterStats comments on CCT draft report RFC (Parking)
jmcc at hosterstats.com
Mon Jan 15 21:20:22 UTC 2018
Comments on Section: 1.1 Parking
The CCT review team did not understand the complexities of measuring web
usage in TLDs. While well intentioned, it relied data generated by a
highly simplistic methodology that, among other mistakes, considered
redirects to be "parking". This negatively impacted the report's
conclusions on "parking".
1.1 Parking, Page 3: "Given the high percentage of “parked”
registrations in new gTLDs, even relative to the high percentage of
parking in legacy gTLDs, the Review Team sought to understand whether
this phenomenon would affect its conclusions regarding the competitive
impact of the New gTLD Program."
This links directly to the approach used to measure "parking" in the new
and legacy gTLDs. The reality is that different TLDs have different
rates of "parking" and this is often a function of the dominant market
for the TLD and the age of the TLD. It is like, in terms of development,
comparing a rock with an iPhone and wondering why one cannot receive
phone calls on the rock as it has silicon in it too.
Grouping all new gTLDs as a single TLD is not a good way to measure this
the competitive impact of new gTLDs. The new gTLDs form a set of TLDs
that were launched on different dates and target different markets. Many
of the legacy gTLDs have been in operation for over a decade and some
longer. Their web usage patterns are quite different to newly launched
gTLDs. It can, as acknowledged by the review team, take up to five years
for the web usage trends in new gTLDs to stabilise.
The review team did not establish what new gTLDs are competing with
other specific gTLDs or ccTLDs. Even if a new gTLD registration has no
website, it may still be used for e-mail or other services. It might
also be a brand protection registration. Brand protection registrations
are good indications of the popularity of a new TLD. Defining markets
and competition, especially with generic TLDs, is difficult and it all
seems to come back to the review team, through no fault of its own, not
having sufficient data to analyse its hypotheses.
1.1 Parking, Page 3: "While several hypotheses as to potential impact of
parking on competition were advanced, no conclusive evidence was
available to support them in the near term."
The important aspect with any new gTLD, or any new TLD, is web usage.
Usage drives awareness which drives development and increases renewals.
How are the domain names being used? Is there active content on these
websites? How do these TLDs link to existing TLDs in their target
markets? These are the important questions. The review team was unable
to even come close to answering any of these questions. It just didn't
have the necessary data, the analysis and the metrics.
1.1, Parking, Page 3: "While the Review Team did not find definitive
evidence of parking’s effect on competition, we found some
differentiation between regions when it comes to parking. In particular,
there appears to be more parked domains in Chinese language domains
where more speculation seems to be occurring."
The review team had to rely on surveys that were not sufficiently
comprehensive in terms of metrics and analytical depth. This was
glaringly clear when it came to trying to understand what was happening
in the Chinese market.
The Chinese market is a very complex one in that it has speculative
dynamics, ordinary web development, discounting driven registration
volume and different web usage trends compared to some of the legacy
gTLDs. While it has elements of Pay Per Click (PPC) advertising and
parking, it also has, as befits speculation, significant numbers of
domain names that are for sale on domain name auction websites.
The review team's grouping of Chinese language gTLDs (XIN, WANG, TOP,
XN--SES554G, REN) to illustrate how "parking" is higher in Chinese
language domain names ignores the fact that Chinese registrants also
register domain names in other new gTLDs. Some of these new gTLDs have
specifically engaged in promotional discounting and tend to have higher
levels of speculative registrations, from many countries, than new gTLDs
that have higher registration fees.
Because of the poor methodology used in determining if a website or
domain name is "parked", the review team did not have the necessary data
to measure the effect of these speculative registrations and how they
are being used.
Some of these registrations have websites with automatically generated
affiliate pages and seemingly deep content. Some speculative
registrations in the Chinese market have lottery and gambling landing
pages/websites rather than developed content. To an unsophisticated
methodology, such as that relied upon by the review team, these websites
would not appear as "parked" and would give a misleading view of web
usage in the gTLD. Statistics on the effect of speculative registrations
and their renewal rates were posted to the mailing list for the gTLD
Marketplace Health Index.
The review team, because of the lack of historical data, could not
recognise the fact that many of these websites are "one year wonders".
They do not renew at high rates and it is cheaper for the registrant to
avail of the latest discounting promotion rather than renew a domain
name at a full registration fee.
Speculative registrations in a newly launched gTLD tend to have a higher
than average non-renewal rate. They are registered with the intent of
being sold on for a profit. When they cannot be sold on for a profit,
they are generally deleted unless the registrant wishes to renew them in
the hope that one day they will be sold for a profit. The introduction
of discounted registrations amplified speculative trends in newly
launched gTLDs and since 2014, there has been a drive amongst the larger
new gTLDs to grow the number of domains under management by discounting.
As has been seen with the XYZ gTLD's 1 cent promotion, heavy discounting
leads to high rates of non-renewal.
Discounting, when overused, locks the registry into a boom and bust
cycle where it finds itself chasing the next discounting deal in order
to keep the number of new registrations and renewals ahead of the deletions.
1.1 Parking, Page 3: "There may be some correlation between parking and
malware distribution, but that is not as strong and indicative as the
overall trend of lower malware distribution rates than those of legacy
gTLDs. Nonetheless, the malware distribution rate gap between legacy and
new gTLDs appears to be shrinking, and it behooves the community to
further explore the correlation between parking and malware distribution."
While the recommendation for further analysis and exploration is
welcome, the initial hypothesis seems to be based on a somewhat narrow
focus on malware propagation and definitions.
Active websites, rather than "parked" websites, are more efficient
vectors for malware distribution simply because they have higher levels
of traffic than "parked" domain names. However, "parked" domain names
are not generally as effective or targeted as a means of spreading malware.
Compromised and infected websites are more likely to be active websites
using vulnerable software and plug-ins rather than "parked" domain
names. Compromised control panel software is generally a short-lived
event. Abandoned websites tend to be a greater risk when it comes to
malware distribution because they remain unpatched, unsecured and abused.
1.1 Parking, Page 4: "The overall results of the Review Team’s
observations on parking are inconclusive and suggest the need for
further research not limited to the impact of new gTLDs. Therefore, the
Review Team recommends a more rigorous collection of data around various
types of parking to facilitate further examination by the community of
the impact of parking on competition, consumer trust and its proxy, DNS
The acknowledgement of the need for further research is welcome. It
would have been better if the review team had reached out to the
community for advice rather than attempting to muddle through with
flawed conclusions based on poorly defined metrics and insufficient data.
The problem of inconclusive results has its genesis in the lack of
experience of the review team in the complex field of web usage
measurements. More rigorous collection and analysis would have been a
good thing but the emphasis should be on web usage trends rather than
simply on "parking".
ICANN should have been more proactive in terms of providing data. It
should not have expected that people with limited expertise in various
fields could properly specify, on their own, the kind of data needed and
be assured that the data received was of sufficient quality and depth to
test various hypotheses. For future review teams, ICANN needs to
reevaluate its selection process to ensure a team with the necessary
combination of skillsets and expertise, (domain name industry,
technical, commercial, legal and economic) to carry out the review and,
the necessary data, and, if necessary, directly help the teams in
If the necessary data or help is unavailable from ICANN, future review
teams should reach out to the community for help when an element of the
review is beyond their collective levels of expertise.
Comment on Section 3.1 Potential Impact of “Parked” Domains on
Measures of Competition.
Competition, Section 3.1, Page 8: "Examples of behaviors that could be
considered parking include:
The domain redirects to another domain in a different TLD."
This is wrong. Redirects to domain names in other TLDs are not
"parking". This type of baseless assumption damages the credibility of
the "parking" section in the report. Redirects are common in most TLDs
and redirecting to domain names/websites in other TLDs is often done to
prevent duplicate content issues with search engines and for brand
protection purposes. There is growing use of HTTPS secured websites and
these will often use redirects to redirect the user to the secured
version of the website either in the same TLD or a different TLD.
The attempt at guessing renewal rates for parked domain names from prior
years only using parking rates from a month after these domain names had
deleted was a feat rivalling the Medieval religious debates about how
many angels can dance on the head of a pin. It doesn't matter that a
Pearson Correlation was used to give some semblance of mathematical
credibility. The simple fact is that the review team and its contractor
did not have any data on previously parked and deleted domain names as
these domain names were deleted prior to its survey.
The review team was trying to find a correlation with renewal rates and
"parking" rates without having any domain name level data on renewal
rates and data on whether the deleted domain names were "parked".
Unsurprisingly, it couldn't find any correlation. The section is so
logically unsound and abjectly wrong that it should not have a place in
an ICANN report.
The deletions from the period used (July 2016 to December 2016)
coincided with the bursting of the 2015 Chinese Bubble with millions
more domain names than usual being deleted in the legacy gTLDs. It is
ironic that the deletion of many of the Chinese Bubble registrations
(many were not active or developed, or were parked on PPC or for sale on
domain name auction sites) in this period was just the kind of effect
that the review team wanted to find. Some of the domain names the review
team's contractor's survey would not go through their first
renewal/deletion cycle until approximately December 2017 to February 2018.
Comment on Section 3.2 Geographic Differences in Parking Behavior
The focus on Chinese gTLDs to illustrate parking behaviour on a
geographic basis has been mentioned earlier. The Chinese market also has
PPC, holding pages, and domain names at auction like other gTLDs. The
use of automated affiliate landing pages and websites, typically
gambling related, is more common in Chinese dominated gTLDs than others.
Some of these Chinese dominated gTLDs are not based in China.
The reference to the Oxford Information Labs, LACTLD, EURid and
InterConnect Communications, Latin America and Caribbean
DNS Marketplace Study (September 2016) did seem to obfuscate the
difference between non-responding domain names (domain names that are
not active in DNS) and domain names that have websites that are not
developed or parked on PPC, holding pages or domain name sales sites. To
its credit, the review team states that this section is based on limited
data and that more granular data is necessary to properly study how the
behaviour varies across regions.
Comment on Section 3.3 Relationship Between Parking and DNS Abuse
The problems created by a lack of data are also apparent with this
section. While it relies upon academic studies (Vissers et al) to
support its possible hypothesis of a relationship between "parking" and
DNS abuse, the hypothesis seems to be based on a limited understanding
of the spread of malware and the part that compromised active websites,
rather than "parked" websites, play in its efficient and successful
propagation. A compromised active website with thousands of users each
day has the capability to infect thousands of users in a day. A "parked"
website with a single visitor every six months has the potential to
infect that single user.
The review team does mention that it is unsure about whether Vissers et
al's study applies more to malware links in advertising networks than
compromised parked websites. Search engines have been actively removing
parked websites from their indices for some years now.
While the review team's emphasis was on "parked" domain names, it did
not mention anything concerning a connection between DNS abuse and
heavily discounted domain names. Heavily discounted domain names reduce
the costs of setting up websites to propagate malware or spam.
The link between cost of registration and malware propagation, and other
forms of DNS abuse, in a gTLD has been covered more extensively in the
SIDN study. It would be a good thing if the review team gave more
prominence to the report as it is based on data.
The value of a compromised website to a malicious actor lies in its
traffic and the trust in which that website is held by visitors. DNS
abuse is not limited to the propagation of malware, spam and phishing. A
compromised website can also be valuable to a malicious actor in terms
of hidden links that are only visible to search engines rather than to
human users. These compromised sites tend to be used for blackhat search
engine optimisation and linking schemes and this kind of use can be more
common than malware distribution and phishing because it often goes
undetected by the owners of the websites since there are no direct
victims other than the site owner. The recommendation to focus purely on
the connection between parking and malware distribution by the review
team is one that seems to be based on a limited understanding of the
threat environment in gTLDs and it should be expanded to cover other
forms of DNS abuse. The SIDN study was a good step in this direction.
Comment on Section 3.4 Recommendations
"Recommendation 5: Collect parking data."
The focus on "parking" is misleading. It should be rephrased to "Collect
usage data." This would give a future review team, and ICANN, the
ability to comprehensively analyse trends in how gTLDs are used and
detect competition and other activities.
There is a correlation between "parking" rates and non-renewal. But each
TLD also has a separate parking and renewal, or non-renewal, trend for
non-speculative registrations. Discounted registrations should be
identified as part of this collection process so that the effects of
discounting on both usage and renewal rates can be measured. Discounting
promotions generally result in new registration spikes on registrars and
hosters so ICANN already has some of the raw data.
Future review teams should be provided with enough data to test their
hypotheses rather than having to try to assemble the data themselves
without knowing the reliability of the data. This should be an ICANN task.
* e-mail: jmcc at hosterstats.com
* web: http://www.hosterstats.com/
* Domain Registrations Statistics
* And Historical DNS Database.
* Over 519 Million Domains Tracked.
* Skype: hosterstats.com
More information about the Comments-cct-recs-27nov17