Over the past several weeks, there has been significant discussion about Verisign and its management of the .com top-level domain (TLD) registry. Much of this discussion has been distorted by factual inaccuracies, a misunderstanding of core technical concepts, and misinterpretations regarding pricing, competition, and market dynamics in the domain name industry.
Billions of internet users and trillions of dollars in global commerce rely on the continuing security, stability, and resiliency of the .com TLD and the technical infrastructure that powers it, so it is vital that discussions about this topic be rooted in fact.
To set the record straight, we have collected and addressed the most common myths currently circulating about the .com TLD.
Myths vs. Facts about .com
Myth: The technology that powers the .com TLD is not sophisticated.
Fact: Verisign has invested continuously for decades to build and evolve the infrastructure that powers the .com TLD, which is the most technically sophisticated of its kind. This infrastructure includes an advanced registration system, which reliably updates and maintains an accurate record of all registered .com domain names on a continuous basis, ensuring that millions of registry transactions are processed correctly, and millions of daily changes – including cryptographic updates to support Domain Name System Security Extensions (DNSSEC) – are distributed to a highly resilient global resolution constellation within seconds. This system ensures that users around the world maintain continuous, round-the-clock access to .com domain names and all the resources and services they support. Verisign has also played a vital role in the development and deployment of DNSSEC technology which uses cryptographic protections to ensure those connections are delivered with reliability and trust.
Verisign’s infrastructure processes an average of 329 billion Domain Name System (DNS) transactions each day, operating at a peak of more than six million transactions per second so far this year. Verisign’s resolution infrastructure is engineered to handle peak query loads significantly greater than the highest ever observed, to ensure continuous operation regardless of demand. This infrastructure has delivered 100 percent DNS availability for .com for more than 27 years without interruption. Verisign accomplishes this by operating a large, globally distributed registry operation, made up of hundreds of technical sites spread across 60+ nations on six continents. These sites run purpose-built technology invented by Verisign technologists for the unique demands of the .com TLD. Verisign engineers have developed specialized technologies and protocols that are designed to achieve higher availability and resiliency to prevent disruption. Examples of this design include employing network, system, and application-level diversification approaches such as using hardware from multiple vendors for network and data center operations and using multiple operating system providers to better withstand localized failures or single-threaded supplier issues. Using in-house purpose-built systems, as opposed to leveraging public cloud operations, lowers the risks of circular dependencies as most public cloud providers also rely on .com and the root infrastructure operated by Verisign. These approaches ensure diversity and redundancy for every component of .com operations.
Verisign is also tasked with defending against highly sophisticated and massive volumetric cyberattacks while managing ever-increasing global demand. Trillions of dollars in global commerce and billions of internet users depend on the availability of Verisign infrastructure 24/7. To defend .com against cyberattacks, including by highly sophisticated nation-state actors, Verisign employs a comprehensive enterprise risk management program and threat-driven defensive practices that drive continuous improvements to Verisign’s systems and programs. Verisign has operationalized the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework and the Center for Internet Security’s (CIS) Critical Security Controls in the ongoing design and evolution of its infrastructure, with a security-first mindset. In addition, Verisign employs advanced information security measures such as continuous monitoring, real-time threat detection, ongoing vulnerability assessments, bug bounty programs, and rigorous security audits to safeguard its infrastructure.
Verisign’s infrastructure powers more than just .com. In addition to operating other TLDs, Verisign plays a unique role as Root Zone Maintainer and operator of two of the world’s 13 root servers, a critical function necessary for internet navigation. Hundreds of Verisign employees have developed highly specialized skills, honed over decades, to develop, maintain, and operate this unique global infrastructure. Verisign holds more than 500 patents for DNS and related technologies, and its innovations are deployed globally by other critical internet infrastructure operators. Verisign has made many of its critical DNS patents available on a royalty-free basis to the global DNS community and those technologies have been deployed around the world.
Myth: The annual wholesale price for .com domain names – $10.26 as of Sept. 1 – is much higher than market value and is harming consumers.
Fact: While other generic TLDs (gTLDs) do not share .com’s pricing transparency, the annual wholesale renewal price of a .com domain name is lower than 87 percent of the 448 gTLDs for which such data is available from registrars. Based on that data, some of the largest original gTLDs, which have been in the market for over 20 years, have renewal pricing of $9.93 (.org), $15.00 (.biz), and $17.50 (.info). Some of the largest new gTLDs, which have been in the market for over 10 years, have renewal pricing of $10 (.xyz – increasing to $11 by the end of September), $25.00 (.online), and $40.00 (.store). The available market data makes it clear that .com domain names are priced at or below market value. It is notable that competing TLDs have continued to grow market share while pricing their domain names over twice as high as .com domain names.
Customers of .com domain names are more likely to be affected by two factors outside of Verisign’s control: 1) the rising cost of retail registrations that are outpacing wholesale prices, with some registrars now charging more than double the wholesale price to renew a .com domain name; and 2) the unregulated secondary market, which accumulates large inventories of domain names and charges markups that are – in some cases – thousands of times higher than the regulated wholesale price.
Myth: Verisign spends an unusual amount on share repurchases and dividends at the expense of infrastructure investment.
Fact: Verisign’s technological infrastructure is unmatched in the DNS industry for its scale, technical diversity, security, and resiliency. Verisign has invested for years to evolve and harden that technology, a fact illustrated by the company’s 27-year DNS uptime record. During the 2000s, Verisign offered a number of DNS-related services, including distributed denial-of-service (DDoS) attack mitigation and managed DNS. Significant capacity was added during that period. In 2018, when Verisign divested the last of its non-core businesses to focus on .com and other DNS operations, the company not only maintained, but increased capacity in order to meet growing DNS demand as well as to address growing DDoS volumetric attacks.
Verisign is certainly a profitable company and is proud of its operational success and history of sound financial management, which are important factors in maintaining the security, stability, and resiliency of the DNS. Some critics have singled out Verisign’s methods of increasing shareholder value, a duty of all public companies. Verisign has fulfilled this duty in part through share repurchases and dividends, which benefit a large and diverse group of shareholders including individuals, public employee retirement systems, index funds, and mutual funds (benefiting their millions of investors). Less than one percent of Verisign’s shares are held by company officers and directors.
Verisign’s return of capital practices are well in line with those of other successful public companies. In 2023, more than 90 percent of S&P 500 companies returned capital to shareholders and Verisign ranked 216th out of the S&P 500 in terms of cash returned to shareholders as a percentage of market capitalization. In terms of profitability, market expectation of Verisign’s earnings per share (a reliable measure of profitability) is $8.36 for the next 12 months, which places it 198th in the S&P 500.
Verisign’s sound and transparent financial management underpins its successful management of the .com TLD and other key internet infrastructure. Verisign has been a public company for 26 years and an S&P 500 company for 18 years. As a publicly listed company operating critical internet infrastructure, the public and the DNS ecosystem benefit from Verisign’s transparency in its operating and financial results, which must comply with the SEC’s disclosure rules and regulations for public companies. Verisign’s financial statements must also undergo an independent audit each year. By contrast, many other registries, registrars, and resellers, including some who focus on the secondary market, serve only the narrow interests of their private owners and do so with no obligations surrounding public disclosure or transparency of their ownership, profitability, operations, or otherwise. Adding obligations for these entities to report ownership, profitability, and other metrics to The Internet Corporation for Assigned Names and Numbers (ICANN) and the public would benefit the entire DNS ecosystem.
Myth: Contracts to operate gTLD registries should be routinely rebid, and a presumptive right of renewal for such contracts is bad for consumers and the internet.
Fact: The National Telecommunications and Information Administration (NTIA) recently opined that “The security, stability, and resilience of the Internet’s unique identifier systems is of paramount importance…” This position is shared by Verisign and the majority of participants in the global multistakeholder system of internet governance. ICANN has supported and clarified this priority and the role it plays in registry contracts. The contracts for .com and all other gTLDs reflect this priority (i.e., that stability and predictability in registry operations leads to long-term investments by operators). Verisign’s right to renew its .com Registry Agreement is conditioned on meeting rigorous technical and operational requirements to ensure .com’s continued security, stability, and continuous availability to billions of internet users. This contractual approach encourages gTLD operators to invest in infrastructure to support rising demand and defend against cyberattacks. Due to its investments, Verisign has operated .com with 100 percent DNS uptime for over 27 years.
Myth: Verisign’s operation of .com constitutes a “monopoly.”
Fact: There are nearly 1,200 gTLDs, and more than 250 country-code TLDs (ccTLDs), operating today. Each of these TLDs offer the same core functionality, allowing users to establish and maintain an online presence, establish websites, and create email addresses. Globally, there are over 362 million registered domain names – the majority of which are registered in TLDs not operated by Verisign. The number of domain names registered in non-Verisign operated gTLDs and ccTLDs has grown consistently as those TLDs have grown their share of the marketplace. In addition to this competition at the wholesale level, there are more than 2,800 ICANN-accredited registrars, and thousands more resellers, offering domain names at a range of prices and in a range of packages to consumers.
Further, from a practical perspective, the technical nature of TLD registries requires that they each be run by a single operator, but with so many operators in the marketplace, consumers have a broad and diverse array of choices at a range of prices. Other TLDs like .org, .shop, .ai, and .uk are not “monopolies” and neither is .com.
Myth: Verisign sets .com domain name prices for consumers.
Fact: Domain name registrars set unregulated retail prices for .com domain names, and those prices vary widely among the 2,800 ICANN-accredited registrars and associated resellers. Some registrars charge more than double the annual wholesale price for .com domain name renewals, and, in many cases, those price increases have outpaced Verisign’s tightly regulated .com wholesale price increases. In analyzing registrar pricing, it is important to distinguish introductory offers – which are often set lower to attract new customers – from renewal prices, which is what registrars charge existing customers to maintain their domain name registrations.
In addition to the retail registrar market, there is also a multibillion-dollar secondary market for domain names, in which domain investors, or “domainers,” accumulate millions of desirable domain names in order to resell them at markups that can be thousands of times higher than Verisign’s regulated wholesale prices. The gap between wholesale prices and secondary market prices makes it possible for domainers to hold names for years – making them prohibitively expensive to the general public. The profitability of the secondary market has also attracted successful retail registrars to expand into it, acquiring large portfolios of .com domain names and creating auction sites where they are sold well above retail prices. A blog that reports on high-profile domain name sales reported that just one reselling site handled $90 million in secondary sales in the second quarter of 2024 alone. Although the secondary marketplace may serve a function within the DNS ecosystem, it is completely unregulated.
Myth: The U.S. Government lifted price caps on .com domain names in 2018.
Fact: Amendment 35 to the Cooperative Agreement retained wholesale price restrictions in the .com TLD, while also retaining legacy regulations prohibiting Verisign from operating as a registrar in the .com TLD. Of the nearly 1,200 gTLDs overseen by ICANN and the global multistakeholder community, .com, .net, and .name (also operated by Verisign) remain the only three that are governed by maximum price restrictions. Those restrictions remain in place today and will remain in place after the .com Registry Agreement is renewed later this year.