Vendor Selection Matters in the Domain Registrar Ecosystem

Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. Many of the largest companies in the world still lack basic domain security protocols, making them prime targets for bad actors. An attack on a domain can lead to the redirection of a company's website, domain spoofing, domain and domain name system (DNS) hijacking attacks, phishing attacks, network breaches, and business email compromise (BEC). more

IDN and Email: The Harsh Reality

There has been a lot of talk about IDNs here and elsewhere but what does the reality look like for a plain user? As a test, I randomly choose 28 domains from Alexa's top 100 Sites and tried to create a user account with the email address user@??.com. The bleak result... more

First Three IDN ccTLDs Are Now Live

Announced in a blog post today, ICANN's Manager of Root Zone Services, Kim Davies, reports: "Today the first three production non-Latin top-level domains were placed in the DNS root zone. ... The three new top-level domains are ????????. (“Al-Saudiah”), ??????. ( “Emarat”) and ???. (“Misr”). All three are Arabic script domains, and will enable domain names written fully right-to-left. Expect more as we continue to process other applications using the “fast track” methodology." more

The Future of Data Storage

One of the consequences of our increased use of broadband is a big increase in the amount the data that we store outside our homes and businesses. The numbers are becoming staggering. There are currently about 3.7 billion people using the Internet, and together we generate 2.5 quintillion bytes of online data every day. The trends are that by 2025 we'll be storing 160 zettabytes of data per year - a zettabyte is one trillion gigabytes. I store a lot more data online than I used to. I now store things in the cloud all day long. more

ICANN’s Picture of Itself

ICANN has released its draft new budget. The document gives us a good look at how ICANN sees itself. It's arguably an internally inconsistent view. ...This budget calls for ICANN to have almost 60 staff members by the end of the next fiscal year. Expenses under this budget are predicted to be twice those of last year ($16 million v. $8 million). more

Can We Get More Eyes on Britain’s Largest Scam “Watch List”?

The FCA has been naming and shaming financial scam domains for decades. Its "warning list" is probably one the most extensive databases of its kind. But does it do a good enough job of actually warning people? Let us begin with the FCA website, which would not exactly get full points for user-friendliness: locating the "watch list" is a task in and of itself, to say nothing of consulting and scrutinising it. more

Nom-Com Appoints Independent and Diverse Candidates to ICANN Leadership Positions

When 72 candidates vie for 8 positions, making tough choices are inevitable. ICANN's 2005 Nominating Committee (Nom-Com) on Friday announced the selection of a diverse and independent set of nominees for important roles in ICANN, including the Board of Directors, the Generic Names Supporting Organization (GNSO), the At-Large Advisory Council (ALAC) and the Country Code Names Supporting Organization (ccNSO). more

Privacy, Legal vs. Natural Persons, and the Never-Ending ICANN EPDP

It has been just over 3 years since the General Data Protection Regulation (GDPR) came into effect, and the work within ICANN (type "EPDP 2a" into your acronym decoder ring) to develop a permanent Registration Data policy is progressing at a snail's pace. At issue is a proposed mandatory requirement for Contracted Parties (really just Registrars), to differentiate between "legal persons" (a fancy way of saying corporations and similar organizations) and "natural persons" (the kind that eat and breathe and schedule Zoom calls). more

New Digital Services Act Should Not Disrupt Internet’s Technical Operations, Warn RIPE NCC, CENTR

RIPE NCC and CENTR have released a statement today in response to the upcoming European Commission's Digital Services Act, urging policymakers to distinguish between the Internet's core infrastructure and operations. more

An Internet Security Operations Viewpoint of IGF

The Internet Governance Forum (IGF) is an annual UN conference on Internet governance which was held this year in Rio de Janeiro, Brazil. The topics discussed range from human rights online to providing Internet access in developing countries. A somewhat secondary topic of conversation is Internet security and cyber-crime mostly limited to policy and legislative efforts. Techies and Internet security industry don't have much to do there, but I have a few updates for us from the conference. more

Offering Price as Evidence of Bad Faith Domain Name Registration: A False (UDRP) Factor

I have pointed out in earlier posts that some panelists disapprove of the business of speculating in domain names. There have been a succession of decisions expressing this view beginning with <crew.com> discussed below. Forfeiture has been justified with a mixture of theories. If the offering price is allegedly "excessive" or the domain name is passively held, or the respondent has renewed its registration after the mark is first used in commerce, the panelists find respondents have engaged in unlawful conduct and must forfeit their domain names. more

RIP Don Blumenthal

It is with a heavy heart that we note the passing of a dear friend, colleague and member of the CAUCE board of directors, Don Blumenthal, on September 28, 2019, in Ann Arbor, Michigan. He was 67. Don was an anti-spammer for as long a there was an anti-spam community: he helped design, deploy and maintain the famous 'Spam Fridge,' the repository of junk email maintained by the Federal Trade Commission (FTC). more

Let Me Make Yeti-DNS Perfectly Clear

The following rather alarming text caught my eye today... Had the text appeared under a less august letterhead, or signed by less qualified authors, there would be no cause for alarm. However, the letterhead was World Economic Forum and the authors were William J. Drake, Vinton G. Cerf, and Wolfgang Kleinwächter. As one of three coordinators for the Yeti-DNS project, this feels a bit like I'm in big trouble now. So, let's discuss the matter. more

NTP is Still a Security Risk

The Network Time Protocol (NTP) has been in the news a number of times over the past couple of years because of attacks on the protocol, vulnerabilities in the daemon, and the use of NTP in DDoS attacks. In each case, the developers of NTP have responded quickly with fixes or recommendations for remediating these attacks. Additionally, the development team has continued to look ahead and has worked to enhance the security of NTP. Unfortunately, that has not translated to an improved security picture for NTP. more

Verisign Will Help Strengthen Security With DNSSEC Algorithm Update

As part of Verisign's ongoing effort to make global internet infrastructure more secure, stable, and resilient, we will soon make an important technology update to how we protect the top-level domains (TLDs) we operate. The vast majority of internet users won't notice any difference, but the update will support enhanced security for several Verisign-operated TLDs and pave the way for broader adoption and the next era of Domain Name System (DNS) security measures. more