.GOV Domains Get Higher Security


Today .GOV domains got a little security update which will now require administrators to use two-factor authentication. This makes a lot of sense to me and I’m actually a bit surprised that this wasn’t a requirement a long time ago.

Officials at federal agencies such as the departments of Justice, State and Defense can begin adding two-step verification to their accounts on Monday, according to the General Services Administration, the agency that manages dot-gov domains for the U.S. government. In the coming months, state and local officials will be prompted to add the security feature. (Source – Washington Post)

So…I wouldn’t be surprised if this change came because a bunch of government domains were tampered with. Heck, it’s 2018 – critical domain names that our government uses should be protected by more than a simple password, right?

The thing I’m still trying to figure out from the article is if two-factor authentication is now required, or if it wasn’t even an available option in the past? If this is the first time it’s available that’s a little mind boggling.

What do you think? Is this actually a new feature or just a requirement? I want to hear from you, comment and let your voice be heard!


Blockchain and Domain Names

A University in China has filed a pretty interesting patent focused on exploring how to better manage domain names using Blockchain. Yes, I know what your first reaction is going to be – “come on, you can’t just revolutionize everything by adding the word Blockchain to it” and you’d be right. The challenge with all new blockchain-based technologies and ideas is determining which can truly deliver value.

The goal of the blockchain-based approach to domain management is to improve security by leveraging a “consortium blockchain.” But wait – there’s more:

An additional claimed advantage is that, being based on a system of distributed nodes, no “consortium or small group” can control the entire process. While cryptocurrencies are potentially prone to what’s called a 51 percent attack (in which an entity that controls more than half of the network can rewrite transactions in their favor), only allowing “trusted” nodes means the proof-of-work mechanism by which miners secure a network “is not required,” the filing says. (Source – CoinDesk)

I think it will probably be 5 – 10 years until we see any major use of Blockchain in the domain space, but it is interesting to see the ideas start to develop and take shape. Remember, crypto may crash and burn, but I think it’s safe to say Blockchain is here to stay and it’s not hard to imagine it being used to improve the way domains are managed in the future.

The question is, who’s going to do it? What do you think, could Blockchain progress the domain industry forward or is this just going to lead us into a confusing mess?  I want to hear from you, comment and let your voice be heard!

{ 1 comment }

It’s a myth that has spread across the domain name world for years – the older a domain, the more valuable it is. This morning domain industry veteran Alan Dunn hit the nail on the head with this tweet:


I can’t tell you how many times someone has emailed me about valuable “aged” domains that they have, and when I look at the list, it’s all junk. Just take a quick look at Go Daddy auctions and you’ll find a ton of domains, worth $0, all registered in the 90’s and expiring. Here’s an example from this morning, every name you see on this list was registered before 1997:


Some Domainers have domain portfolios that look like this, and they email other Domainers with subjects like, “Valuable aged domain portfolio” or “Portfolio of aged domains registered in 1996.” If you find yourself doing this, or even starting to go down this path, stop. Seriously, you’re only fooling yourself and if you have somehow convinced yourself that these domains are valuable, you’ll keep renewing junk every year and eating up money that could be used to buy actual investment-grade domains.

Now it’s important for me to say something that should be obvious but that if I don’t put in writing could get confused. Yes – there are some VERY valuable domains that were registered in the 90’s. Think about it, a LOT more domain names were available to register back then so a lot of the super premium one-word .COMs were registered back then.

At the end of the day, it’s the domain name itself and the TLD its on that define the value, age is nothing more than a vanity metric. So go ahead, buy domains registered in 1996, just make sure you buy the 1% that are actually investment grade domains.



I am starting a new monthly series highlighting founders of companies that make software that I myself know and love. So it should probably come as no surprise that to kick things off I decided to pick Doron Vermaat, founder of the popular domain name service Efty.com. Last year I had the chance to sit down with Doron over lunch in Hong Kong to talk more about his inspiration for the company and the genesis of Efty and I thought his experience getting started would be something my readers would all really enjoy.

Ready to dive in? Here we go – Doron, I have some questions for you!

[MORGAN] When did you first come up with the idea for Efty?
[DORON] I started investing in domain names in 2012 and the moment my portfolio started to grow I found it was difficult to stay organized, track renewals, expenses and measure my performance (was I making a profit, or not?).  At the same time, I started looking for a tool to help me better present and sell my names by using good-looking For-Sale landing pages instead of parking them with pay-per-click ads that hardly made me any money. I also thought it was ridiculous to pay commissions on sales when they happened through direct navigation (when a buyer types in your domain name directly in their browser). When I found there was no solution on the market to help you manage, organize as well as sell your domains without paying a commission I realized there was an opportunity and the idea for Efty was born.
[MORGAN] How long did it take from having the idea to starting on the development?
[DORON] Not long. It just so happened that Lionel, who’s my technical co-founder, and I were looking for the right idea to start a business. We’re long-time friends and we thought that building a business together would be a great “excuse” to travel and see each other more often since I had moved from the Netherlands to Hong Kong several years earlier. So when I came up with the idea for Efty Lionel hopped on a plane to Hong Kong right away and we started working on Efty in November 2013.
[MORGAN] When it comes to building software, everything tends to take longer than you expect. How long did you think it would take to build v1 vs how long it actually took?
[DORON] I can’t really remember if we had a timeline set but while I started to create some buzz and build a list of domain name investors that wanted to help us beta-test the platform, Lionel shipped the first version of the software within 6 months. We launched a private beta version of Efty in May 2014.
[MORGAN] What have you done to get user feedback?
[DORON] Efty is being built around user feedback which we’re very grateful for. We actively ask for feedback at any chance we get. When we publish on our blog, when we attend conferences, in our email onboarding, within the application itself and also while we deal with customer support. Domain name forum NamePros.com has also been invaluable for us to get early and ongoing feedback from the community.
[MORGAN] How do you decide which feedback to act on?
[DORON] A big part of my job is to be in constant contact with our users to gather feedback and then try to filter out and prioritize the most popular requests. We act on feedback when we’re confident that a new feature will add value to the fast majority of our users, not just a segmentation of them. I try to keep in mind that often “less is more” and building an application that is too feature rich can also scare some users who get turned off by too many bells and whistles.
[MORGAN] What has been the high point of running Efty so far?
[DORON] I love hearing from users how much more money they’ve made after switching to Efty and sell domain names directly without paying a commission. We don’t have access to sales data at Efty so it’s always awesome hearing from users who closed sales with the help of the platform while saving a huge amount of money otherwise paid in commision. Another great win for us was bringing Michael Cyger into the company as an advisor and investor. His alignment with our vision for Efty and how it helps create better domain name investors was a great confirmation that we were on the right track and his advice and support over the years are priceless.
[MORGAN] What has been the low point?
[DORON] Since Efty only charges a small monthly or annual fee instead of a commision on sales, we’re essentially a hosting company. You pay us, we host your For-Sale landing pages and marketplace site. This business model caused a lot of stress and anxiety during a time we were growing at such a rapid pace that we were starting to experience some serious scaling issues last year. Luckily we managed to turn the tide and Lionel did a brilliant job getting Efty in shape for the next phase of its growth.
[MORGAN] Can you share a new feature you’re working on now?
[DORON] We’re currently working on bringing Google Analytics visitor stats inside the Efty application so you don’t have to leave the site anymore to check your traffic stats and we’re also working on integration Escrow Pay into the platform. There’s another, very exciting, partnership in the works which I hope we can share more about later this month.
[MORGAN] If you could go back and do one thing differently what would it be?
[DORON] There are many things I am sure but that is the great thing about a startup, you learn so much along the way and I wouldn’t have it any other way. If I have to choose one however it would be an earlier focus on turning Efty into the sales platform it is today. We spend a lot of time and resources in the early days on hard-to-scale and costly domain name management features.
[MORGAN] Tell us something about you that we probably don’t know
[DORON] I also spend a significant amount of my time building and growing another SaaS business called Loopy Loyalty. We’re the worlds only blockchain backed web application to create and manage digital stamp cards for Apple Wallet and Google Pay. Our users range from coffee shop and restaurant owners to dog walkers and nail salons. These small business owners often are so different than domain name investors which makes my average day at work very diverse and never boring!



As I said a couple of weeks ago, I’m planning on shifting my investment strategy a bit in 2019 to put more focus on buying liquid numeric domain names. Some people have asked me what I’ve bought so far so I thought it would be good to share that with all of you.

Like the title says, my current progress is at 0%. I haven’t purchased anything yet, but I have been reading, and watching. Lately I’ve been trying to discover more domain marketplaces in Asia besides the big and well-known ones like 4.CN. I would share a list but I haven’t done a deep enough dive to determine which are worth recommending, which aren’t, and which could turn out to be a scam…so I don’t want to share any “resources” until I know they’d actually be helpful.

I have also been looking at as much data as I can get my hands on related to the current prices that 4N, 5N, 6N and 7N domains are selling for – these four types of numeric domains are where I plan to start. 3N .COMs are going to be out of my budget, and while I could go nuts with 8N and 9N .COMs, I wanted to draw the line somewhere that felt reasonable.

One resource I can definitely recommend is GGRG.com, along with being a super nice guy, Giuseppe puts together some pretty solid reports about liquid domains. If you don’t know about these reports, essentially Giuseppe has partnered with companies like Estibot and DomainIQ and popular domain escrow service Escrow.com, all of which have a ton of data about domain sales, and put together a comprehensive report on the liquid domain market.

It’s interesting to do a deeper dive into this data and compare with current auction prices. 5N .COMs for example saw sales prices in the 5th percentile at just shy of $500. This goes to show that while 5N .COMs are selling for $5,000+ on Go Daddy Auctions, it’s only the best that go for that price. If you just start buying 5N .COMs randomly, without doing your homework, you could dramatically overpay.

This is also why I’m currently sitting at 0% progress, I’m still in learning mode. Sometimes people think that if you’ve been buying and selling domains for years you somehow magically get “expert” status in all things Domaining. While some people might pretend that they know everything, I’m proud to say that I sincerely don’t, but I love learning.

As I continue to do more research I will of course share what I learn with all of you. For now, there’s not much more I can share because I’m still trying to figure out which way is up myself in the world of liquid numeric domains.

Have any resources you think I should check-out? Any marketplaces in Asia that are lesser-known that I should take a look at? As usual I want to hear from you, comment and let your voice be heard!


sinking ship

Domain Name Wire wrote an interesting article today about how NameJet can right the ship, and for those who have been following the drama, you know the ship is already partially underwater. Andrew did a good job of outlining the events that have transpired over the last year that led to the current state of things over at NameJet:

First, there was the shill bidding scandal last summer.

Then, the company re-lost its Tucows expired inventory to rival GoDaddy. This is despite Tucows owning half of NameJet, so that wasn’t exactly a vote of confidence.

It also lost Name.com inventoryAnd Namecheap.

(Source – Domain Name Wire)

Andrew also suggested three ways the struggling drop-catcher can come back from the grave, namely – fix it’s app, modernize it’s design, and change the private seller system. First, I agree with all of these, but I don’t think this would save them – I think NameJet needs a complete reboot and a renewed focus. This might sound crazy but I think it’s time for NameJet to pivot.

A lot of people confuse Pivots with just abandoning what you are doing and starting over. I don’t think NameJet needs to do that, but I do think they need to look at the market they serve and what they might be able to offer that’s new and different. There are a lot of directions they could go and I’m not going to pretend that I know the answer. What I can see here is the writing on the wall, which is actually pretty sad since there are a lot of really amazing people at NameJet that have a thirst for innovation.

So here’s what I’m going to try to do…I want to help NameJet. I’m going to reach out to the team there and see if they are open to sharing some of the ideas they have to get NameJet back on the map. I will then share these with all of you (if they’re game of course) and you can give feedback. Hopefully together we can help NameJet emerge from this stronger than ever before.

What do you think? Is this a good idea or is it too late? I want to hear from you, comment and let your voice be heard!


domain theft

It always bugs me when articles tell consumers something about domain names that just isn’t true. Yes, it happens all the time, and yes, it gets me every time. In many cases I find articles that overall are pretty solid that throw in something that makes me scratch my head. That head scratcher happened to me today when I was reading an article about domain theft, in it, it says:

The first thing you need to know about domain name thefts is how you can become a victim. The thieves view people’s whois details and use it to hack them. (Source – jbklutse.com)

Huh? Let’s get real. If stealing someone’s domain name meant simply viewing information in their public WHOIS we’d have a major crisis on our hands. The reality is, there shouldn’t be anything in your WHOIS that would allow you to get hacked, and unless you’re storing passwords in there, you should be okay.

The most common form of domain theft I’ve seen over the years is someone who offers to buy your domain and asks if they can pay via Pay Pal. They make the payment, you transfer the name and then they contact their credit card company and report the charge as fraudulent, or contact Pay Pal and say that they never got the merchandise. Either way, it’s a lot less of a sophisticated hack than it is a basic scam.

The article does mention a great tip for preventing domain theft, two-factor authentication, and this really should be something that every single person does at all of their registrars. If you haven’t done this yet – do it now. Of course this doesn’t mean you’re perfectly safe, but you’re a lot safer since someone could hack into your email account and still not be able to login to your registrar account.

On top of using two-factor authentication, it’s also critically important to use a well-known and trusted registrar. My three favorites are Uniregistry, NameCheap, and Go Daddy. Buyer asking you to use Pay Pal? Use Escrow.com instead and your chances of getting scammed drop dramatically.

The reality is, there are plenty of people out there using random insecure registrars, not using two-factor authentication, and accepting payment via Pay Pal. Fix these three things and don’t worry about your WHOIS because that’s really not how people are going to “hack” you.

What do you think? Are the three tips I mentioned above the best way to prevent domain theft? I want to hear from you – comment and let your voice be heard!

{ 1 comment }

Last week was a frustrating one of Zoho and their customers as Tierra, the domain registrar for Zoho.com decided to take the site down citing security concerns. If you aren’t familiar with Zoho, you can think of it as a CRM (like Salesforce) coupled with a suite of online office apps (like GSuite) all wrapped into one. Not surprisingly, if your CRM and office suite are down at the same time your work comes to a screeching halt.

When I first heard about the Zoho.com outage I thought – wow, someone forgot to renew the domain. This has happened in the past to large well-known companies, it’s an embarrassing oversight, but it happens. In this case, forgotten renewal was not the culprit, instead Tierra, their registrar decided to punish them for not responding to emails they had sent regarding security concerns.

Initially Zoho execs had no idea what was going on and ended up making a desperate plea on Twitter to see if someone out there could help them:


I don’t know about you but I can’t think of many registrars that would take down a domain name for a major customer like this. While I don’t know the details of what Tierra.net thought Zoho was doing that was a security risk, it seems like a pretty serious move to take the domain down given the massive customer impact it made.

According to the CEO of Zoho, they had received three security complaints from Tierra, two of which they had resolved…needless to say, he was pretty pissed off.

“There were a total of 3 complaints in 2 months and we took action on 2 of them immediately and one is pending investigation,” he shot back on Twitter. “We serve 40 million users. 3 complaints in 2 months.” (Source – The Register)

If this is true, which it sounds like it is, then Tierra might just be the worst registrar on the planet, a title that I had given to 1&1 Domains years ago. I have been in the domain industry for over ten years and have never heard of Tierra, now I have and I can tell you that I wouldn’t touch them with a ten foot pole based on what they did to Zoho.

Am I missing something or does Tierra just suck as a registrar?



I read a rather strange press release tonight from a company called Fiesta Motors. It doesn’t start out too strange, actually the move they made makes a lot of sense – let me break it down. A car dealership called “Fiesta Motors” was stuck with GoFiestaMotors.com – it was in fact owned by another car dealership in another city in Texas. Well, luckily for the Fiesta Motors in Lubbock, their competitor went out of business and they jumped in to buy the domain.

Sounds pretty simple right? There is a huge benefit to Fiesta Motors if they can own their exact match .COM so of course it makes a lot of sense to buy it. In the press release they talk about how valuable the domain is to their business:

“When the other Fiesta Motors was sold in September, we jumped at the chance to purchase the domain name—it was worth it to us to pay $2,500,” said Brad Kalivoda, co-owner of the Lubbock dealership. “For 16 we have considered ourselves to be the premiere buy-here pay-here dealership for the Lubbock area. I always cringed at the thought of someone looking for and not finding us—therefore not getting the first class treatment that they get here—all because they didn’t know our website address.” (Source – PRNewswire)

So far so good, I think we’d all agree, great buy and good move Fiesta Motors. In my mind I also think – what a powerful domain name for their business for only $2,500. Heck even weird names like QNet.org are selling for $27,250 so in my mind they got a GREAT deal on FiestaMotors.com. This is where the press release really threw me for a loop:

“It’s important to note that Fiesta Motors’ owners paid this high fee for a domain name, not a website.” (Source – PRNewswire)


Wait what? The press release even goes on to say that domains like Whiskey.com sold for $3.1M and Super.com for $1.2M, so how did they decide that $2,500 was a high fee to pay for a domain name? I’m confused, are you?


So Dreamforce is here in SF which means that 180,000 people have descended on a city with a population of 870,000 – in short, that’s a lot of people. While I’m not attending the conference I got invited to a pretty fun party on a boat hosted by Chorus.ai and Betts Recruiting (feels right to give a shot out to them right?). Here’s a few shots from the boat:

Okay, so now back to the topic of this post. One of the people I spoke to on the boat is the founder of a company who currently owns their name in .AI. Their company name happens to end in LY and I asked him if he had ever tried to get the .COM. What he told me was pretty surprising, “I don’t care much about the .COM, it’s the .LY that I really want.”

Now let me say two things:

  1. This definitely is not the norm. I can tell you that 99.9% of startups would prefer to have their .COM
  2. .LY isn’t a particularly popular extension from what I’ve seen but this startup happened to have their name end in LY

Still, I told the founder, well you should really get the .COM, sure get the .LY, but people are going to end up going to the .COM and emailing the .COM so you really need to have that. He didn’t budge – “nope” he said, “I just want the .LY, I could care less about the .COM”

It was one of the more interesting conversations I’ve had with a startup founder about domains so I thought I’d share it with the rest of you. What do you think? I want to hear from you, comment and let your voice be heard!