Skip to content

Upcoming Verisign Price Increase Reminder of ICANN’s failure

2011 November 22
tags: ,
by Nat

Verisign’s price increase on .Com and .Net domains effective January 15th is a reminder of one of ICANN’s major failings. What is so galling about the Verisign price increases permitted by ICANN is that they add further unjustified costs to the Internet on top of the large, and excessive, prices that Verisign is already charging.

Hundreds of millions of dollars each year in excess profits are flowing to Verisign because several years ago ICANN failed to protect the interests of the Internet community and instead caved to pressure from Verisign. Verisign and ICANN settled a dispute between themselves by agreeing to raid the wallets of consumers and businesses worldwide for their mutual benefit and self-enrichment.

The dispute began in 2003 when Verisign rolled out its SiteFinder service which gave Verisign control over all the typo traffic going to misspelled or non-existent domains. After a huge public outcry, ICANN requested that Verisign roll back the service. Verisign refused. ICANN then ordered Verisign to roll back the SiteFinder service. Verisign responded by filing a lawsuit claiming that ICANN had overstepped its bounds by not acting as merely a technical coordinating organization and instead acting as the “de facto regulator of the domain name system”.

At the time, ICANN’s position was precarious. Many governments were unhappy that a US based organization was in charge of overseeing core functions of the Internet. ICANN’s role was also not clearly defined. Was it merely a technical group, as it often insisted? Or did it have the powers and responsibilities of a regulator? It did not help ICANN’s position that the most powerful and important registry, Verisign, was rebelling at ICANN’s efforts to assert its authority and moving forward with a lawsuit that could severely constrain ICANN’s role. Fighting Verisign’s lawsuit was costing so much that ICANN couldn’t hire the staff it needed and it was impeding ICANN’s ability to carry out its functions.

So ICANN and Verisign retreated to a back room to work out a settlement out of public view. What they come up with was that Verisign would drop the lawsuit, would pay ICANN millions of dollars, would support higher fees for ICANN from each domain registration, and in return Verisign would be granted a perpetual monopoly to the .com registry with regular price increases.

ICANN converted Verisign from an antagonist into an ally. ICANN solidified its support and would have a much larger budget. Verisign secured its rights to a monopoly worth billions of dollars. It was a win for ICANN and a win for Verisign. ICANN and Verisign agreed to join forces and leverage the control that together they had over the domain space to forge a deal that would enrich each of them on the backs of everyone else. The deal resulted in hundreds of millions of dollars per year in excess fees to ICANN and Verisign.

In a maneuver worthy of a Judo master, Verisign used ICANN’s effort to rein it in against ICANN. Verisign used its lawsuit against ICANN as leverage to obtain a perpetual monopoly on the .com registry that allowed windfall monopoly profits from the start, as well as further price increases, because hundreds of millions of dollars in annual excess profits wasn’t sufficient. As Ross Rader of Tucows put it:

VeriSign successfully leveraged the litigation into a complete renegotiation of its contract with ICANN staff who seemingly played right along to avoid further litigation.

This sweetheart deal came under attack. It resulted in an unusually close 9-5 vote by the ICANN board. But ICANN approved the deal.

ICANN’s approval of the settlement agreement with Verisign is a clear example of Regulatory Capture. As described by Wikipedia, it is when an “agency created to act in the public interest instead advances the commercial or special interests that dominate the industry or sector it is charged with regulating.” In this case, ICANN, instead of putting limits on Verisign’s control of the dot-com name space for the benefit of the Internet community at large, advanced a settlement that allowed Verisign to reap monopoly profits at everyone else’s expense.

Verisign and ICANN celebrate their success by throwing lavish parties at the ICANN conferences held around the world in spots such as Sao Paulo, Lisbon and San Francisco largely paid for by Verisign’s sponsorship. Milton Mueller at the Lisbon conference:

I just returned from ICANN’s “gala dinner,” lavish affairs that have become an institutionalized part of its meetings. My perspective on this was best encapsulated by a remark made by John Berryhill, a domain name lawyer, at the Marrakesh, Morocco meeting. As we finished a huge meal and moved on to see dozens of Berber horsemen shooting rifles, setting off fireworks and rustling camels he deadpanned, “Yeah. This is the proper way to run a computer addressing system.”

And former ICANN board member Karl Auerbach’s perspective:

[W]ould you think it a fair exchange if you gave someone $15 and they said, here I’m repaying you with this nice shiny one cent piece?” Well, that’s roughly the same ratio of the benefit that ICANN confers unto Verisign every year and the amount of Verisign’s “sponsorship” amount, i.e. about 1500:1.

Basically, the munificence of this event reminds me less of words like “dignified” and more of words like “ostentatious”. Perhaps “corrupt”; certainly “for sale”. We of the internet community are paying for all of this… I do find ICANN’s expenditures to be entirely out of line with its mission and its status as a non-profit, tax exempt, public-benefit organization.

Former Saving and Loan regulator William K. Black’s quote about the causes of the financial crisis also applies here, “The defining characteristic of crony capitalism is the ability of favored elites to loot with impunity and the failure of regulators to do their jobs.”

As John Kenneth Galbraith stated in his book, The Great Crash 1929:

Regulatory bodies, like the people who comprise them, have a marked life cycle. In youth, they are vigorous, aggressive, evangelistic, and even intolerant. Later they mellow and in old age – after a matter of 10 or 15 years – they become, with some exceptions, either an arm of the industry they are regulating or senile.

Perhaps due to its role at the heart of the Internet, ICANN has acted in this manner with Internet speed, in a few short years becoming a seeming appendage of the industry it is supposed to be overseeing for the public benefit.

ICANN, though, does not necessarily see its mission as acting for the public benefit. It has many stakeholders, and the public at large is just one of many. This was made clear in 2006 exchange between then ICANN chairman Vint Cerf and attorney Bret Fausett.

Bret Fausett: …Whether you are right or I am right about the merits of .com, I think we ought to use what I am hearing in the hallways to make it better. Because frankly, if we can’t figure out how to represent the public interest better, there are other organizations that start to look like they might be able to do that.

Vint Cerf: Just keep in mind that a multistakeholder organizations have more than just public interest to represent. Is that a fair observation, Bret?

Bret Fausett: I think in an organization like ICANN, public interest is the overriding interest that should be represented.

Vint Cerf: We should talk about that because I have a different model.

Bret Fausett: Then I think that your different model and my model of the public interest being paramount might be exactly at the source of the tensions that we are feeling.

Vint Cerf: See you over a pinot noir.

The very structure of ICANN leads it to favor registrars and registries over the interests of the public. ICANN is structured so that these groups have more influence and power within ICANN than the public, so it should not be surprising that ICANN would be more attentive to the desires of these groups than to the public interest.

The Coalition for ICANN transparency (CFIT), a group with its origins in the domain industry, sued to prevent the Verisign settlement saying that it was collusion between ICANN and Versign and violated antitrust and unfair competition laws. But earlier this year the case was settled for free. The reason the suit was in effect dropped hasn’t been made public. Verisign is now a multi-billion dollar behemoth. It turned ICANN’s lawsuit to its advantage. It would have been a long-shot for a small group of domainers to prevail against it.

One of the questions about Verisign’s control of dot-com is whether it is really a monopoly. The argument is that dot-com is just one of dozens of extensions and if someone doesn’t like the price of a dot-com domain they can pick a different extension instead. This argument says that Verizon’s control of dot-com isn’t a monopoly but that Verisign is just one of many competing providers of domain names.

This view ignores the historical background that has given dot-com a unique position in the marketplace. By the time Verisign took control of the .com registry, it was already the dominant extension, was used by most of the commercial internet, was supported by huge sums of money spent on advertising by companies using dot-com websites that reinforced that dot-com was synonymous with the Internet in the minds of many consumers, and most consumers’ interactions with the Internet occurred on dot-com addresses.

I don’t know how good an analogy this is, but it seems similar to the Electric utility claiming that it isn’t a monopoly because consumers don’t have to use electricity to light their houses, they could use candles or whale oil instead. Yes, there are alternatives to dot-com but those alternatives are qualitatively different in that no other extension offers the same benefits as dot-com.

Verisign’s monopoly on dot-com doesn’t just give it hundreds of millions of dollars in windfall profits each year, it also gives it a competitive edge to extend its dominance to other extensions. Verisign uses these monopoly profits to build a very robust infrastructure. It can then use that investment to subsidize its costs in running other registries.

This advantage was key when in 2005 Verisign had to compete for the renewal of the rights to run the .net registry. One of the key factors in evaluating the competing bids was “the ability to run a secure and stable registry”. Because the revenue from the dot-com monopoly has allowed Verisign to build a very robust infrastructure, no other competing registry could outscore Verisign on this point. ICANN used an outside firm, Telcordia, to evaluate the bids. Telcordia was owned by the same parent company as Verisign for several years. Telcordia picked Verisign to run .net.

Awarding .net to Verisign was met with a barrage of criticism and prompted observers to remark that “The bias for Verisign written into the .net process by ICANN is remarkable.”

Another remarkable outcome of the .net bid is that Verisign’s winning bid to run the .net registry was $3.50 per registration, far lower than the registration fees they charge for the much larger .com registry. This would seem to confirm many people’s belief that the actual cost to run the .com registry is less than $3 per domain, with some believing the .com registry could be profitably and securely run for $1 or less per domain registration.

With similar fixed costs to run a registry, and with a much larger base of registered domains to defray the costs, the .com registry should be far cheaper on a per domain basis than the .net registry. As Bob Parsons of GoDaddy said at the time, “it costs VeriSign… next to nothing to add each new .COM name to the registry.” Every new .com registration is pure profit.

This demonstrates one or both of two points: a) Verisign’s profit margins are enormous on .com registrations, and b) Verisign can use its profits and the infrastructure investments it made to run .com to subsidize its costs of running other registries.

I just spoke with someone who made the very good point that Verisign is well positioned to win the contracts to operate the majority of the new gTLD registries that will be coming online in the next few years. Verisign can leverage the robust registry infrastructure paid for by the .com monopoly to extend its reach to become the dominant operator of the new gTLDs. Without the windfall profits from dot-com, it is hard for other registries to put in place a similar infrastructure to support a brand new gTLD.

Verisign seems well positioned to be able to use the competitive advantages from its monopoly position in dot-com to shut out competition in the new gTLDs and become even more dominant.

13 Responses leave one →
  1. November 22, 2011

    “Verisign seems well positioned…”

    Yes – Verisign and ICANN are set for life in the Client-Server DNS markets
    The public has been played and pays. Uncle Sam has endorsed the games.

    Peer-2-Peer DNS has a new cast of emerging players
    There is no IANA or single-point-of-failure in Peer-2-Peer DNS

    Virtual Currency (ala BitCoin NameCoin) is used to “pay” for Peer-2-Peer domains. Those games are ground floor.

  2. Calv permalink
    November 22, 2011

    Sounds very nefarious. I’ve read a lot about Verisign. One thing that I find vexing is a lot of people HATE them, but they’ve done a terrific job. Are they very profitable? Yes. Do they run systemically important infrastructure? Yes.

    Their price increase on .com amounts to 4.6% per annum (7% four of six years). Deduct inflation, you’re talking 1.6-2.6% per year in real terms. Contracts like these are necessary to ensure the required capital investment.

    I bought the stock because it’s a natural monopoly, but I don’t think the price increases are as utterly unfair as people say. What do you think is fair?

    No sarcasm there, I’m interested in their competitive position, what do you think is a fair number?

    • Nat permalink*
      November 22, 2011


      Thanks for your comment.

      When I speak to Verisign staff about their Monopoly pricing, they instead want to talk about their problem-free operation of the registry and their responsive customer support.

      For them to do anything less would be foolish. They don’t want to kill the goose that lays the golden egg. If you are being paid $8 to perform a service that others could perform for $1, then the least you do is perform that service well.

      But that still doesn’t justify charging $8 for a $1 service, no matter how well performed.

      As Bob Parson says in his post cited in the article:

      I admit VeriSign does a good job.
      There’s no doubt about it, VeriSign does a good job in operating both the .COM and .NET registries, and they will be the first to tell you so. They’ll tell you that the systems they have in place result in the smooth operation of the .COM and .NET domain name routing systems and a stable internet.

      But VeriSign gets paid to do a good job.
      To quote Chris Rock, VeriSign saying it runs the .COM registry without problems is like someone saying “I make my child-support payments on time.” Mr. Rock then follows up by saying “What do you want a cookie? You’re supposed to make your child-support payments on time!” In similar fashion I think we can say: VeriSign is supposed to be doing a good job!

      As for the size of the price increases, if the starting price reflected a commercially reasonable profit margin and if Verisign wasn’t operating in a declining price environment for hardware, hosting, and bandwidth, then the price increases might be reasonable. But when the prices are extortionate to begin with, then further price increases just add insult to injury.

      And, No, it is not a ‘natural monopoly’, it is an unnatural one.

  3. November 22, 2011

    “The bias for Verisign written into the .net process by ICANN is remarkable.”

    With new DNS Resolver technology (built from the DNSMASQ base) the .NET and .COM can be merged. The free market could decide to widely adopt that
    new DNS software, changing the game. Only .COM registrations would be needed.

    Other changes via the Resolvers can be made with no change to the Registry DNS database operations. For example, domains with dashes can be mapped to synthesize new TLDs. The .COM database becomes a low-cost
    way to host a new name-space.

    Example: Domain.Arts would be mapped to

  4. November 22, 2011

    Verisign did pay $20 Billion for the .com/.net registry. Can’t investment costs be incorporated into the margins? I am not saying VeriSign isn’t running a very high-margin operation when you factor in only operating cost…they are. Over 90%. The problem is that the total costs are a non issue for everyone EXCEPT huge domain portfolio owners. You can talk percentage increases all you like but the real $$$ numbers per domain are inconsequential, a fraction of a dollar a year. If you have a portfolio of 50-100K , that is expenses taken off the top with no added benefit…painful. But understand the cost of ownership is still very low. The price difference between the .com and the .net TLDs results from the huge security/protection requirements needed for .com to be stable. A cyber terrorist/criminal targets .com to take down the internet, not .net.

    The way the contract is written is that as long as Verisign performs with virtually no outages, it will be renewed. That is a good thing for stability. If VeriSign wants to do any additional commerce or activity as a part of the registry, the contract has to be reopened. That is too big a risk for them, they know a good thing when they see it, so there is little cause for concern that they will be expanding their role as it related to .com and the roots traffic. Would I like to see the costs go down colsert to their actuall costs? Yes. Will it cause an uproar that gets any traction with the genuine decision makers (US Govt)? No.

    • Nat permalink*
      November 22, 2011

      Chip, thanks for the comment. You raise good points. The costs of this monopoly are dispersed over a very large base, while the benefits are concentrated with one company.

      Shaving pennies was the evil strategy used in Superman III because no one was likely to notice. Similarly, owners of a small number of domains aren’t likely to be that upset about paying a few dollars more than they should.

      I’d like to be better informed about your point that it costs more to provide the security infrastructure for .com than for .net. I’m sure that more attacks target the .com root than that of other TLDs, but what does the incremental security investment needed to protect dot-com translate into dollars?

      Another point I’ve heard is that US Govt is very happy that a US based Internet security company is in charge of the root. In a truly open bidding process a company controlled and subsidized by the Chinese, Russian or other foreign government might win the bidding. No one wants a foreign government with the ability to take down .Com, to filter .Com, or even to have access to the usage data. So the US Govt is probably perfectly happy to turn a blind eye to the anti-competitive nature of the Verisign control of dot-com for these considerations.

      Though if it was possible to write the bid requirements in a way to prevent this from happening, then in an open bidding process the pricing for .com would probably drop substantially as happened with the .net bidding.

      I’ve asked knowledgeable people about whether dot-com could ever be put up for a bid, and they’ve said that Verisign’s presumptive renewal rights are for all practical purposes unbreakable.

    • December 8, 2011

      Nat, that is a very comprehensive history, so thanks for putting it all together.

      Chip, I would have to say that if Verisign is supposed to be delivering added security, etc then Verisign is failing us all because according to McAfee’s report, “Mapping the Mal Web”, the .com TLD is the least secure TLD in operation. Indeed there are nearly one million .com registrations considered “risky” for malware, phishing, spam, etc. which are analyzed in the study. This recent study by McAfee is comprehensive, including country code TLDs and all the current gTLDs and the analysis and results were weighted. So if Verisign is purportedly protecting us in the .com TLD, then we are not getting our money’s worth at the moment and those monopoly profits should be reinvested further in the security of the Internet….

      However, in Verisign’s defense, there are many legal and legacy policy issues that have prevented them from cleaning up the .com TLD and Verisign has attempted to address this at various times, including this year.

      Notably, two of the safest TLDs, according to the McAfee report, are also two that would fit the model for the new gTLDs that have a niche use with restricted registrations; these two TLDs are .travel and .edu.

      • Nat permalink*
        December 8, 2011


        Thanks for commenting.

        I don’t think it is fair to blame Verisign for malware on .com domains. Verisign’s responsibility is the security of the root addressing infrastructure, not whether someone uses a dot-com domain for a phishing site.

        Both are security issues, but you are blaming Verisign for an issue that is outside of its area of responsibility.

        The .travel and .edu extensions are safe because they were restricted (not sure about .travel anymore). They also have relatively little use. The restricted use model has largely failed – with .travel and .jobs dropping most of their restrictions as the top examples.

        The challenge is to manage an open, popular, yet safe extension. Trying to create a safe extension by creating registration restrictions doesn’t solve the problem, as the cure is worse than the disease.


  5. Mike permalink
    November 22, 2011

    This is the best overall article I have ever read about this monopoly. Very well written.

    I’m afraid it would take some political influence to bring light to this. You are right, a group of domainers alone could never do it.

    • Nat permalink*
      November 22, 2011

      Thanks Mike.

      I appreciate the comment. Even if Verisign’s lock on dot-com can’t be broken, one question is whether ICANN could require Verisign to charge fair market rates based on an independent study and a comparison of the cost structures of Afilias and Neustar and the other registry back-ends.

      Public utilities are monopolies but they are regulated so that their prices provide a fair but not excessive rate of return. This would seem to be the model that is most appropriate to Verisign’s management of dot-com.

  6. OuMun permalink
    November 23, 2011

    First of all my compliments to the author of this blog. I’ve been reading blogs for a year or more and this is surely the only post worth reading for all 2011.

    I can’t stand how we can live in a world so connected but still so dependent on a de facto monopoly.

    The commenter named Calv here got involuntarily to the right point mentioning he owns Verisign stock. That’s the main problem here. Verisign will keep increasing his prices because he only has to satisfy his real main stakeholder: the stock market. It seems Occupy Wall Street is just a gay parade for some of you.

    A .com isn’t surely worth $8 if you consider the work behind it.

    I still don’t understand why this should be managed by an American company since the latest 15 years of U.S. modern history shows everything is going crap overseas?

    Wouldn’t it be better if this would be all managed by a real non-profit organization? Something at the level of U.N. since the fat cats there like to shout that the internet has become a sort of untouchable human right?

    Yes, if you don’t like .com you can register .info; these kind of statements sound so evil…

  7. November 23, 2011

    “A .com isn’t surely worth $8 if you consider the work behind it.”

    When .COM is RE-Launched in the NEW (Free) Peer-2-Peer DNS there will be no centralized “cost”.

    The Peer-2-Peer DNS is distributed across thousands of always-on nodes. The electric bill for those nodes is paid by the owners.

    As DNS Resoivers are shifted to the Peer-2-Peer DNS .COM infrastructure the reliance on Verisign will reduce.

    ICANN and the insiders continue to try to protect their fiefdoms with more and more “lock-ins” like DNSSEC and Registry-Registrar protocols and processes.

    It is ironic that Microsoft has one of the stronger hands in the Peer-2-Peer DNS field with PNRP. FREE domains should end the entire “monetized DNS” game soon. RSN

  8. November 23, 2011

    If someone has to blaimed for unfairly raising prices then Verisign is one of many.Every year we price increase in almost everything-gas,electricity,transport and etc. Monopol can not be fought without having and alternative! Sadly in the domain business one company was allowed to control the market!

Leave a Reply

Note: You can use basic XHTML in your comments. Your email address will never be published.

Subscribe to this comment feed via RSS