Domain Names

How Safe Are Your .KIDS?

This year has been one of the busiest years for domain launches in quite a while. Before the end of 2022, we'll see one more significant domain launch, namely .KIDS, on November 29, 2022. This extension is being launched as a safe space on the internet for children and parents. The registry has set out some very strict use policies to make this happen. Some companies have already registered their brands during the Sunrise Period, while others have taken up names in the Community Sunrise. more

Three Reasons Why CISOs Need to Understand Domain Security

Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. An attack on a web domain can lead to the redirection of a company's website, domain spoofing, phishing attacks, network breaches, and business email compromise (BEC). Domains used as a company's online world are part of an organization's external attack surface and need to be continuously monitored for cybercrime attacks and fraud. more

ICANN Policymaking Should Be Even More Transparent

Transparency and accountability are embedded in ICANN's core values. Indeed, ICANN's Bylaws mandate that "ICANN and its constituent bodies shall operate to the maximum extent feasible in an open and transparent manner ...". Public Interest Registry believes that a dedication to transparency is fundamental to the strength and continued effectiveness of ICANN's multistakeholder model. more

The Continuing WHOIS Disappearing Act

WHOIS is about to become even harder to find. ICANN has recently concluded long-delayed contract negotiations with industry meant to accommodate the technical migration from the WHOIS protocol to the Registration Data Access Protocol (RDAP). Instead of limiting the changes to what's necessary to implement the new technical protocol, the proposals effectively gut WHOIS, making it virtually impossible to find by eliminating web-based WHOIS access... more

Smells like Cybersquatting? How the UDRP “Smell Test” Can Go Awry

The UDRP has the form of a substantive Policy, but it operates as a "smell test".1 If the evidence smells bad, the panel will likely order a transfer. If it doesn't, the panel won't. An aim of this article is to help improve UDRP panels' sense of smell when it comes to differentiating between domain name investors and cybersquatters. I will provide some insight into the business of domain name investing that I hope will be helpful to UDRP panelists in making more accurate inferences in disputes involving investors. more

Turning the Tide of Online Scams: Interview With Prof. Jorij Abraham, Global Anti-Scam Alliance

Professor Jorij Abraham has been a part of the international eCommerce community since 1997. From 2013 -- 2017, he has been Director of Research & Advise at Thuiswinkel.org (the Dutch Ecommerce Association) and the European Ecommerce Association with 25.000+ members in 20 countries. He is now Managing Director of Global Anti-Scam Alliance, whose mission is to protect consumers from getting scammed. He is also e-commerce professor at the University of Applied Sciences, TIO. more

The Continued Rise of Phishing and the Case of the Customizable Site

We’ve noted in previous CSC studies that phishing continues to be an extremely popular threat vector with bad actors and shows no signs of subsiding in part, because of the COVID–19 pandemic and the rise in popularity of remote working. Indeed, the most recent figures from the Anti-Phishing Working Group (APWG) show that the numbers of phishing attacks are higher than ever before, with the quarterly total of identified unique phishing attacks exceeding 1 million for the first time in Q1 2022, and over 600 distinct brands attacked each month. more

Price Increases for .COM and .NET: The Generated Impact on the Performance of the Two TLDs

Verisign announced a few days ago a decrease of 0.4 million domain name registrations for .COM and .NET Top Level Domains, a first time in the history of these TLDs. Could this decrease be related to the successive price increases of September 2021 and September 2022? On 28 July 2022, Verisign, the registry for the .COM and .NET TLDs, announced that it would be applying a 10% increase in the price of .NET domains as of 1 February 2023. more

Solving the .US Registrant Data Directory Services (RDDS) Conundrum

Recently ten Democratic Members of Congress wrote a letter to Alan Davidson, head of the NTIA, requesting that the "NTIA immediately cease the public disclosure of personal information about users of .US" country code top-level domain (ccTLD). This communication highlights a significant concern regarding domain registration data: the need to protect the privacy rights of Registrants. However, an equally significant concern regarding registration data was raised... more

Developing Models for the Prediction of Domain Name Renewal Rates

One of the key issues for the Domain industry is how to accurately predict year-on-year how many customers will renew their domain names. It's fairly common that a registry in the first year has around a 60% renewal rate, and following the first year, that increases to around 80 and 85 percent on the remaining domain names. But how can we understand better why this is so, how can this be more accurately predicted, and what can be done to help maximize these opportunities? more

DNS Evolution: Innovation or Fragmentation?

There is no single name system that is necessarily bound to the Internet. Unlike IP addresses which are in every IP packet, names are an application construct, and, in theory, applications have considerable latitude in how they handle such names. There could be many name systems that could coexist within the Internet, in theory. In practice, there is strong peer pressure to use a single name system. more

Reexamining Internet Fragmentation

One of the discussion topics at the recent ICANN 75 meeting was an old favorite of mine, namely the topic of Internet Fragmentation. Here, I'd like to explore this topic in a little more detail and look behind the knee-jerk response of declaiming fragmentation as bad under any and all circumstances. Perhaps there are more subtleties in this topic than simple judgments of good or bad. more

ICANN’s Accountability and Transparency – a Retrospective on the IANA Transition

As we passed five years since the Internet Assigned Numbers Authority transition took place, my co-authors and I paused to look back on this pivotal moment; to take stock of what we've learned and to re-examine some of the key events leading up to the transition and how careful planning ensured a successful transfer of IANA responsibilities from the United States Government to the Internet Corporation for Assigned Names and Numbers. more

Registration Patterns of Deceptive Domains

A key requirement for a bad actor wanting to launch a brand attack is the registration of a carefully chosen domain name. The most convincing infringements frequently use a domain name that's deceptively similar to that of the official site of the target brand. This allows a variety of attacks to be executed, including phishing attacks... more

Where Domain Security Meets the Supply Chain Crunch

Over the last two years, we've all faced supply shortages on items we previously never thought could be in short supply. Most recently, the baby formula and semiconductor markets were hit. Before that, supply chain attacks on Colonial Pipeline and JBS Foods showed us that an attack on one company through a singular point of compromise has the potential to disrupt an entire network of connected companies, products, partners, vendors, and customers. more