NameSilo, as far as I know, comes very close to the registry pricing and offers DNSSEC, nameserver registration and other APIs with the registry.
This could totally throw all registrars out of competition for the price of registry wholesale price. You just have to hope CloudFlare wouldn't overstep their role as a registrar if you only register the domain from them.
My only complaint with them is their DNS records are only updated once every 15 minutes.
This makes doing automated API based DNS based LE challenges annoying because you need to sleep your script for 15 minutes to ensure the update got pushed.
Also, I'm surprised Cloudflare omit talking about whois privacy in the blog post. Makes me wonder if they plan to sell that for some amount of money.
Cloudflare is also the largest authoritative DNS deployment in the world, and changes propagate in closer to 15 seconds than 15 minutes.
Do you happen to also offer free email forwarding with registered domains?
The ideal situation would be if we could find a way to do email forwarding which wasn't just as good as what they do, but was exciting and meaningful. We'll keep thinking about it and let you know on our blog.
The category of customer who consider the flaky email solutions provided by registrars to be worth using, and who are unaware of how to hook their domains up to free forwarding at services such as Mailgun, are unlikely to ever buy your higher-margin services.
Your introduction of at-cost domain registration will already blow everyone away, you do not need email for that, but high-value domain owners will worry that the service will not be sufficiently-resourced to protect their domains. Those are precisely the domain owners you want because they are more likely to end up paying for your other services.
So, try to finally get U2F support in place before you spread your legs for mass domain registration. Real, proper U2F support that encourages users to associate TWO different hardware tokens with their account will save you from the tsunami of domain jacking attempts you are about to experience.
The point of having two different hardware tokens, kept in separate locations, is that it becomes far more unlikely that your support will ever have to deal with them. As long as they can continue to access their account with one, they will have time to buy and associate a replacement.
Meanwhile, any hacker attempting to socially engineer your support would be left with the tough job of having to explain how they managed to lose both tokens at the same time - they won't bother, they will move on to some other registrar that is too dumb to implement U2F.
You save your staff a world of hassle, you protect your reputation from a potential PR nightmare, and the high-value domain owners will be more than happy to bear the $95 cost of two Yubikeys. You just have to make it possible and gently encourage users in that direction.