Comments on Section: 1.1 Parking The CCT review team did not understand the complexities of measuring web usage in TLDs. While well intentioned, it relied data generated by a highly simplistic methodology that, among other mistakes, considered redirects to be "parking". This negatively impacted the report's conclusions on "parking". 1.1 Parking, Page 3: "Given the high percentage of “parked” registrations in new gTLDs, even relative to the high percentage of parking in legacy gTLDs, the Review Team sought to understand whether this phenomenon would affect its conclusions regarding the competitive impact of the New gTLD Program." This links directly to the approach used to measure "parking" in the new and legacy gTLDs. The reality is that different TLDs have different rates of "parking" and this is often a function of the dominant market for the TLD and the age of the TLD. It is like, in terms of development, comparing a rock with an iPhone and wondering why one cannot receive phone calls on the rock as it has silicon in it too. Grouping all new gTLDs as a single TLD is not a good way to measure this the competitive impact of new gTLDs. The new gTLDs form a set of TLDs that were launched on different dates and target different markets. Many of the legacy gTLDs have been in operation for over a decade and some longer. Their web usage patterns are quite different to newly launched gTLDs. It can, as acknowledged by the review team, take up to five years for the web usage trends in new gTLDs to stabilise. The review team did not establish what new gTLDs are competing with other specific gTLDs or ccTLDs. Even if a new gTLD registration has no website, it may still be used for e-mail or other services. It might also be a brand protection registration. Brand protection registrations are good indications of the popularity of a new TLD. Defining markets and competition, especially with generic TLDs, is difficult and it all seems to come back to the review team, through no fault of its own, not having sufficient data to analyse its hypotheses. 1.1 Parking, Page 3: "While several hypotheses as to potential impact of parking on competition were advanced, no conclusive evidence was available to support them in the near term." The important aspect with any new gTLD, or any new TLD, is web usage. Usage drives awareness which drives development and increases renewals. How are the domain names being used? Is there active content on these websites? How do these TLDs link to existing TLDs in their target markets? These are the important questions. The review team was unable to even come close to answering any of these questions. It just didn't have the necessary data, the analysis and the metrics. 1.1, Parking, Page 3: "While the Review Team did not find definitive evidence of parking’s effect on competition, we found some differentiation between regions when it comes to parking. In particular, there appears to be more parked domains in Chinese language domains where more speculation seems to be occurring." The review team had to rely on surveys that were not sufficiently comprehensive in terms of metrics and analytical depth. This was glaringly clear when it came to trying to understand what was happening in the Chinese market. The Chinese market is a very complex one in that it has speculative dynamics, ordinary web development, discounting driven registration volume and different web usage trends compared to some of the legacy gTLDs. While it has elements of Pay Per Click (PPC) advertising and parking, it also has, as befits speculation, significant numbers of domain names that are for sale on domain name auction websites. The review team's grouping of Chinese language gTLDs (XIN, WANG, TOP, XN--SES554G, REN) to illustrate how "parking" is higher in Chinese language domain names ignores the fact that Chinese registrants also register domain names in other new gTLDs. Some of these new gTLDs have specifically engaged in promotional discounting and tend to have higher levels of speculative registrations, from many countries, than new gTLDs that have higher registration fees. Because of the poor methodology used in determining if a website or domain name is "parked", the review team did not have the necessary data to measure the effect of these speculative registrations and how they are being used. Some of these registrations have websites with automatically generated affiliate pages and seemingly deep content. Some speculative registrations in the Chinese market have lottery and gambling landing pages/websites rather than developed content. To an unsophisticated methodology, such as that relied upon by the review team, these websites would not appear as "parked" and would give a misleading view of web usage in the gTLD. Statistics on the effect of speculative registrations and their renewal rates were posted to the mailing list for the gTLD Marketplace Health Index. The review team, because of the lack of historical data, could not recognise the fact that many of these websites are "one year wonders". They do not renew at high rates and it is cheaper for the registrant to avail of the latest discounting promotion rather than renew a domain name at a full registration fee. Speculative registrations in a newly launched gTLD tend to have a higher than average non-renewal rate. They are registered with the intent of being sold on for a profit. When they cannot be sold on for a profit, they are generally deleted unless the registrant wishes to renew them in the hope that one day they will be sold for a profit. The introduction of discounted registrations amplified speculative trends in newly launched gTLDs and since 2014, there has been a drive amongst the larger new gTLDs to grow the number of domains under management by discounting. As has been seen with the XYZ gTLD's 1 cent promotion, heavy discounting leads to high rates of non-renewal. Discounting, when overused, locks the registry into a boom and bust cycle where it finds itself chasing the next discounting deal in order to keep the number of new registrations and renewals ahead of the deletions. 1.1 Parking, Page 3: "There may be some correlation between parking and malware distribution, but that is not as strong and indicative as the overall trend of lower malware distribution rates than those of legacy gTLDs. Nonetheless, the malware distribution rate gap between legacy and new gTLDs appears to be shrinking, and it behooves the community to further explore the correlation between parking and malware distribution." While the recommendation for further analysis and exploration is welcome, the initial hypothesis seems to be based on a somewhat narrow focus on malware propagation and definitions. Active websites, rather than "parked" websites, are more efficient vectors for malware distribution simply because they have higher levels of traffic than "parked" domain names. However, "parked" domain names are not generally as effective or targeted as a means of spreading malware. Compromised and infected websites are more likely to be active websites using vulnerable software and plug-ins rather than "parked" domain names. Compromised control panel software is generally a short-lived event. Abandoned websites tend to be a greater risk when it comes to malware distribution because they remain unpatched, unsecured and abused. 1.1 Parking, Page 4: "The overall results of the Review Team’s observations on parking are inconclusive and suggest the need for further research not limited to the impact of new gTLDs. Therefore, the Review Team recommends a more rigorous collection of data around various types of parking to facilitate further examination by the community of the impact of parking on competition, consumer trust and its proxy, DNS abuse." The acknowledgement of the need for further research is welcome. It would have been better if the review team had reached out to the community for advice rather than attempting to muddle through with flawed conclusions based on poorly defined metrics and insufficient data. The problem of inconclusive results has its genesis in the lack of experience of the review team in the complex field of web usage measurements. More rigorous collection and analysis would have been a good thing but the emphasis should be on web usage trends rather than simply on "parking". ICANN should have been more proactive in terms of providing data. It should not have expected that people with limited expertise in various fields could properly specify, on their own, the kind of data needed and be assured that the data received was of sufficient quality and depth to test various hypotheses. For future review teams, ICANN needs to reevaluate its selection process to ensure a team with the necessary combination of skillsets and expertise, (domain name industry, technical, commercial, legal and economic) to carry out the review and, the necessary data, and, if necessary, directly help the teams in formulating hypotheses. If the necessary data or help is unavailable from ICANN, future review teams should reach out to the community for help when an element of the review is beyond their collective levels of expertise. Comment on Section 3.1 Potential Impact of “Parked” Domains on Measures of Competition. Competition, Section 3.1, Page 8: "Examples of behaviors that could be considered parking include: ... The domain redirects to another domain in a different TLD." This is wrong. Redirects to domain names in other TLDs are not "parking". This type of baseless assumption damages the credibility of the "parking" section in the report. Redirects are common in most TLDs and redirecting to domain names/websites in other TLDs is often done to prevent duplicate content issues with search engines and for brand protection purposes. There is growing use of HTTPS secured websites and these will often use redirects to redirect the user to the secured version of the website either in the same TLD or a different TLD. The attempt at guessing renewal rates for parked domain names from prior years only using parking rates from a month after these domain names had deleted was a feat rivalling the Medieval religious debates about how many angels can dance on the head of a pin. It doesn't matter that a Pearson Correlation was used to give some semblance of mathematical credibility. The simple fact is that the review team and its contractor did not have any data on previously parked and deleted domain names as these domain names were deleted prior to its survey. The review team was trying to find a correlation with renewal rates and "parking" rates without having any domain name level data on renewal rates and data on whether the deleted domain names were "parked". Unsurprisingly, it couldn't find any correlation. The section is so logically unsound and abjectly wrong that it should not have a place in an ICANN report. The deletions from the period used (July 2016 to December 2016) coincided with the bursting of the 2015 Chinese Bubble with millions more domain names than usual being deleted in the legacy gTLDs. It is ironic that the deletion of many of the Chinese Bubble registrations (many were not active or developed, or were parked on PPC or for sale on domain name auction sites) in this period was just the kind of effect that the review team wanted to find. Some of the domain names the review team's contractor's survey would not go through their first renewal/deletion cycle until approximately December 2017 to February 2018. Comment on Section 3.2 Geographic Differences in Parking Behavior The focus on Chinese gTLDs to illustrate parking behaviour on a geographic basis has been mentioned earlier. The Chinese market also has PPC, holding pages, and domain names at auction like other gTLDs. The use of automated affiliate landing pages and websites, typically gambling related, is more common in Chinese dominated gTLDs than others. Some of these Chinese dominated gTLDs are not based in China. The reference to the Oxford Information Labs, LACTLD, EURid and InterConnect Communications, Latin America and Caribbean DNS Marketplace Study (September 2016) did seem to obfuscate the difference between non-responding domain names (domain names that are not active in DNS) and domain names that have websites that are not developed or parked on PPC, holding pages or domain name sales sites. To its credit, the review team states that this section is based on limited data and that more granular data is necessary to properly study how the behaviour varies across regions. Comment on Section 3.3 Relationship Between Parking and DNS Abuse The problems created by a lack of data are also apparent with this section. While it relies upon academic studies (Vissers et al) to support its possible hypothesis of a relationship between "parking" and DNS abuse, the hypothesis seems to be based on a limited understanding of the spread of malware and the part that compromised active websites, rather than "parked" websites, play in its efficient and successful propagation. A compromised active website with thousands of users each day has the capability to infect thousands of users in a day. A "parked" website with a single visitor every six months has the potential to infect that single user. The review team does mention that it is unsure about whether Vissers et al's study applies more to malware links in advertising networks than compromised parked websites. Search engines have been actively removing parked websites from their indices for some years now. While the review team's emphasis was on "parked" domain names, it did not mention anything concerning a connection between DNS abuse and heavily discounted domain names. Heavily discounted domain names reduce the costs of setting up websites to propagate malware or spam. The link between cost of registration and malware propagation, and other forms of DNS abuse, in a gTLD has been covered more extensively in the SIDN study. It would be a good thing if the review team gave more prominence to the report as it is based on data. The value of a compromised website to a malicious actor lies in its traffic and the trust in which that website is held by visitors. DNS abuse is not limited to the propagation of malware, spam and phishing. A compromised website can also be valuable to a malicious actor in terms of hidden links that are only visible to search engines rather than to human users. These compromised sites tend to be used for blackhat search engine optimisation and linking schemes and this kind of use can be more common than malware distribution and phishing because it often goes undetected by the owners of the websites since there are no direct victims other than the site owner. The recommendation to focus purely on the connection between parking and malware distribution by the review team is one that seems to be based on a limited understanding of the threat environment in gTLDs and it should be expanded to cover other forms of DNS abuse. The SIDN study was a good step in this direction. Comment on Section 3.4 Recommendations "Recommendation 5: Collect parking data." The focus on "parking" is misleading. It should be rephrased to "Collect usage data." This would give a future review team, and ICANN, the ability to comprehensively analyse trends in how gTLDs are used and detect competition and other activities. There is a correlation between "parking" rates and non-renewal. But each TLD also has a separate parking and renewal, or non-renewal, trend for non-speculative registrations. Discounted registrations should be identified as part of this collection process so that the effects of discounting on both usage and renewal rates can be measured. Discounting promotions generally result in new registration spikes on registrars and hosters so ICANN already has some of the raw data. Future review teams should be provided with enough data to test their hypotheses rather than having to try to assemble the data themselves without knowing the reliability of the data. This should be an ICANN task. John McCormac. -- ********************************************************** * e-mail: jmcc@hosterstats.com * web: http://www.hosterstats.com/ * Domain Registrations Statistics * And Historical DNS Database. * Over 519 Million Domains Tracked. * Skype: hosterstats.com **********************************************************