Google Domains

With Google Domains, Let’s Raise Prices And Make SSL Certificates Free

Next Story

AirBnB Tests Group Travel Discounts With London’s Citysocializer

Domain registration is a bit like renewing license plates at the Department of Motor Vehicles. It’s the annual tradition for web developers to secure their address on our public Internet by filling out a bunch of paperwork, such as giving contact information for the registrant, administrator, technical contact, and billing contact (even the DMV doesn’t require four copies of everything!) Pay the tax, er, registration fee, and continue on your way.

But there is one important difference: the DMV doesn’t usually try to upsell you on every single service it offers.

That’s always been the fundamental challenge of running a registrar: The actual registration of domain names is a ridiculously low-margin, high-volume business. The real money is made off of the secondary services that come from that initial lead generation, such as web hosting, email servers, and SSL certificates. In order to turn a profit, a registrar must push you to purchase these services at varying levels of aggressiveness. Since registration is a yearly process, even if a customer was missed, there was always another opportunity to upsell.

The actual registration of domain names is a ridiculously low-margin, high-volume business.

Now, the world might be shifting. Google, which has been notably absent from this market despite the obvious connections to its other products, announced yesterday that it was beginning a private beta for its own domain registrar. It is offering some important features, not the least of which is free private registration, which has typically been the most common additional service offered by other registrars.

There is a real opportunity for Google to shake up a market that has been something of a business backwater, with very little innovation in business models or approach. But what exactly should Google do? I think there are three goals that Google should be advocating: raising the minimum fee for domain registrations, offering free SSL certificates with domain registration, and developing community-driven policies around takedowns.

Advocate Raising Domain Name Prices

Yes, you read that right. I am advocating for higher prices for domain registration.

Now, it’s important to state right away, Google doesn’t have the ability to raise the price of domain names. That ability rests with ICANN, the Internet Corporation for Assigned Names and Numbers, which promulgates agreements that set the base price with organizations called registries. For the .com domain registry, which is currently run by VeriSign, the maximum price that ICANN allows VeriSign to charge as a registration fee is $7.85, plus a $0.25 fee for ICANN itself.

Thus, when you buy a .com domain name, you pay this VeriSign fee (which is probably lower in actuality due to volume discounts), the ICANN fee, and credit card processing fees. The incredible competition for domain registrations has meant that the price of domain names comes very close to these three expenses.

Since domain registration is so cheap, buying up dozens, hundreds, or even thousands of domains – with the hope of brokering their sale to others – has long been a major business. As any startup founder knows when searching for a domain, it is possible to try hundreds of combinations and still not find an open domain name. Furthermore, most of these domains will be empty, or have a “buy now” link on them. Not surprisingly, following these links will often lead to an obscene price quote in the several thousands of dollars, since the domain name resale model requires such prices to be profitable.

Some of this activity is being thwarted with the introduction of new generic top-level domains (thereby increasing the supply of domains), but higher prices on .com domain registrations could dramatically reduce the amount of pollution in that namespace, without causing too much pain for those who own a single or domain or a small handful. Google could help lead a charge at ICANN to encourage it to look into the pricing of .com domains, and consider the effect of cybersquatting and its relationship to registration fees.

Offer Complementary SSL Certificates With Every Domain

Security has been on the minds of everyone on the Internet. As I wrote about just a few weeks ago, security has never been more important for startups and small businesses alike on the web, and yet, the tools needed to make the web more secure remain obtuse and difficult to use properly.

This is particularly the case with SSL certificates. In order for websites to properly use HTTPS, the more secure version of the typical HTTP Internet protocol, they need to have a certificate that is validated by a Certificate Authority.

While it is possible to self-sign these certificates using standard command-line tools, these do-it-yourself certificates generally raise warnings in major browsers to end users. No store wants a warning saying that a connection might be insecure during a checkout process, and so everyone ponies up to one of the major Certificate Authorities to ensure that the most number of browsers will recognize a certificate.

The cost for these SSL certificates remains high. At VeriSign, the basic product, the “Secure Site” certificate, is $399 for a one-year registration. At NameCheap, the basic product is $9 per year, which is almost the price for a domain registration in the first place (the difference in these prices appears to be in the amount of insurance offered alongside the SSL certificate).

Building a more secure Internet means changing many of our defaults from insecure options to secure options. One area that Google could truly shine here is to make SSL certificates automatic upon purchase of a domain, with the necessary paperwork included as part of the checkout flow. Then, with its own products and partnerships with third parties, it could ensure that HTTPS is the default protocol for all users and applications from the moment they register their domain.

Moving people to SSL and HTTPS will not solve all security problems on the web, but it certainly is an important step, particularly for Google’s intended small business users who are likely less knowledgeable with domain and web server management.

Reform Domain Takedowns

One challenge that faces registrars is how to handle domain names that are potentially committing illegal activities, such as copyright infringement, or that are accused of hosting spam. Different registrars have widely divergent policies related to handling these issues, but many of the decisions can seem capricious and arbitrary, with little recourse available to the domain owner. There have been some efforts over the past few years to reform this process, but most domain owners remain at the whim of their registrars when it comes to these takedown orders (take for example this letter from April from the Electronic Frontier Foundation).

Google has much more leeway when it comes to some of the “value-added” services that currently permeate most domain registrars.

Given Google’s generally open nature (and the fact that it is actually including support on a product), there is a real opportunity for the company to provide explicit policies and procedures on how it will take action on requests from law enforcement or private organizations. Since Google has a much better sense of people than the typical registrar from its vast amount of data on users, it also has the ability to make much more informed decisions related to these issues.

Now, I realize that a lot of people still feel burned by how Google handled the real name policy on Google+. In some cases, the company shut off access to a customer’s Google account for failing to use their legal name, in a policy that was not always well-communicated. Google has the opportunity to redeem itself this time, by ensuring that customers (who are actually paying Google for their domain) have a chance to offer evidence around takedown requests.

What Will Google Do?

What is the likelihood of getting anywhere on these goals?

Raising domain prices is highly unlikely (as much as I think it would solve a lot of problems with the industry). The reality is, ICANN has been working hard to reduce the prices of domain names for decades now, and it is difficult to see a path forward in which they change their policy, even if a company as large as Google were to advocate for it.

That said, Google has much more leeway when it comes to some of the “value-added” services that currently permeate most domain registrars. It could absolutely include these services for free, especially SSL certificates, ensuring that customers are getting a more complete and secure product with their domain purchase.

But perhaps where Google has the best chance to shine is to ensure that freedom of information and speech remain hallmarks of the web. As denial-of-service attacks increase, the ability of a large company like Google to guarantee the uptime for a domain could allow political groups to find a more stable home on the Internet.

Either way, I am simply excited that domain registration may finally receive some creative innovation, particularly for those who are less knowledgeable about the Internet. It would be great to see more small and medium businesses on the web, and more entrepreneurs able to take advantage of what the Internet has to offer. If Google can help move the industry along, that could be a really good thing for the future of e-commerce and our economic growth.

IMAGE BY Bryce Durbin