Fancy a .trust domain? How's $150,000 sound?
Pricing gone crazy or an effort to control domain sales?
The NCC Group has revealed how much it expects to sell new .trust domains for: $150,000. And that's just the wholesale price.
The idea for the new domains is that they will be super-secure. Back in October, NCC Group published an extensive security rulebook that all .trust domains will be expected to follow.
The company is targeting financial institutions, and in 2013 it said it had already signed up 30 companies. But that was when NCC Group was still bidding for the .secure domain and before the price was announced.
Since then, NCC Group dropped out of the bidding for .secure when it bought the rights to the .trust registry from Deutsche Post for an undisclosed sum. Its decision may also have been due to the fact that it was up against online behemoth Amazon for the .secure top-level domain.
The huge price will raise eyebrows in an industry that is only slowly getting used to a higher price point of around $50 for a new domain, up from the $10 .com standard.
Something else going on?
There may be another factor at work, however. In a note sent to registrars today announcing the wholesale price, NCC Group said that registrars would have to own their own .trust domains in order to sell .trust domains. In other words, there will be a $150,000 entry cost for selling .trust domains.
It is extremely unlikely that registrars will want to invest that kind of money just to be allowed to sell into an untested market – and that may be exactly what NCC Group is trying to achieve.
Under ICANN's rules, new gTLD operators are required to sell through accredited registrars, although they can also sell through their own registrar and can set policies around what registrars need to do to be allowed to sell their domains.
It looks like the NCC Group has decided it wants to sell .trust domains itself and so has decided to price everyone out of the market and hope they are too busy with other domains to care or to challenge the approach through ICANN.
El Reg would not be surprised to see the real price for a .trust domain being significantly lower when bought through NCC's own registrar service – possibly a third of the quoted price, which is still an extremely high cost for a domain.
As to the likely success of this approach, that remains to be seen. Last month, Gunter Ollmann, CTO at NCC Group Domain Services, posted his thoughts on why .trust would be successful.
In his post, he lists the multitude of domains soon to be made available to the financial industry: .bank, .banque, .buy, .capital, .credit, .creditcard, .creditunion, .finance, .financial, .fund, .holdings, .insure, .insurance, .investments, .lifeinsurance, .loan, .loans, .markets, .money, .pay and .tax.
"There is little doubt in my mind that this growing cacophony of financial service's gTLDs will only improve the odds of a phishing attack being successful," Ollmann wrote. "If you want to help make the Internet safer for your customers, embrace the .trust Technical Policy rather than invent a watered-down variant – phishers and other cyber adversaries will then have no choice but to move on to easier targets."
When the marketing strategy to justify a huge price premium appears to be to warn financial institutions that any other domain will bring with it security problems, then maybe NCC Group is right not to want its domain to appear alongside all the other domains in a list on a registrar's homepage – especially when other domains like .bank are expected to cost far, far less (we estimate around $1,000).
As with several other new gTLD operators, it looks like NCC Group is taking a strategic risk in an effort to differentiate itself in an increasingly crowded market. If it can convert the 30 companies it claimed to have onboard back in 2013, then it is likely to break even. Anything beyond that is pure profit. ®
Sponsored: Becoming a Pragmatic Security Leader