The Domain Industry in 2025: Infrastructure Consolidation, Regulatory Milestones, and the AI Pivot

The domain industry in 2025 saw rapid consolidation, rising regulatory pressure, and a strategic pivot toward AI, trust infrastructure, and tokenization, reshaping domains from static web addresses into dynamic assets for digital identity and commerce. more

Massive Cyberattack Aimed at Flooding .Gov Email Inboxes With Subscription Requests

"Massive Email Bombs Target .Gov Addresses," Brian Krebs writes in Krebs on Security: "Over the weekend, unknown assailants launched a massive cyber attack aimed at flooding targeted dot-gov (.gov) email inboxes with subscription requests to thousands of email lists." more

A Snapshot of the Domain Industry in 2023

The year 2022 was a turning point. We started emerging from the covid emergency and could return to traveling and meeting our peers at industry events worldwide. But it was also a year of taking stock, with numbers returning to pre-covid levels. After two years of sky-high domain registrations, figures returned to pre-pandemic levels in 2022. The domain sector shows a good mix of strength and adaptability to change compared to other industries.  more

Email and Social Media Accounts Under the Spotlight in UK’s Proposed New ‘Spy’ Plan

It would be reasonable to assume that your employer is archiving your email communications. But what about your personal emails, texts, phone calls and Facebook posts. Are these really private? Not for long, if the UK government has its way. It has been reported that its new anti-terror plan, if passed, would require Internet providers and phone companies to store all online communications by UK citizens for one year. more

STIR Working Group Officially Formed to Work on Secure Caller ID For VoIP

Interested in working on an open standard for "secure Caller ID" for voice-over-IP (VoIP)? If so, the new "Secure Telephone Identity Revisited (STIR)" working group was just officially chartered within the IETF and the mailing list is open for all to subscribe.  more

Put Security Alongside .XXX

Isn't security as important to discuss as .XSS? The DNS has become an abuse infrastructure, it is no longer just a functional infrastructure. It is not being used by malware, phishing and other Bad Things [TM], it facilitates them. Operational needs require the policy and governance folks to start taking notice. It's high time security got where it needs to be on the agenda, not just because it is important to consider security, but rather because lack of security controls made it a necessity. more

Comcast Fires Back at E360

Back in January, bulk mailer E360 filed a suit against giant cable ISP Comcast. This week Comcast responded with a withering response... Their memorandum of law wastes no time getting down to business: "Plaintiff is a spammer who refers to itself as a "internet marketing company," and is in the business of sending email solicitations and advertisements to millions of Internet users, including many of Comcast's subscribers." Comcast's analysis is similar to but even stronger than the one I made in January... more

ICANN Threatens RegisterFly Termination

ICANN sent a 10-page letter to RegisterFly on February 21st threatening to terminate its accreditation. The letter is available here. ICANN's not exactly advertising this -- no conspicuous notice appears on its home page and, more curiously, no update has been posted by the Ombudsman despite two prior postings about RegisterFly in the past week. A member of the general public would be hard pressed to find out that any action has been threatened. more

A Brooklyn Bitcoin Mining Operation is Causing Interference to T-Mobile’s Broadband Network

The Federal Communications Commission on Thursday sent a letter to an individual in Brooklyn, New York, alleging that a device in the individual's residence used to mine Bitcoin is generating spurious radiofrequency emissions, causing interference to a portion of T-Mobile's mobile telephone and broadband network. more

Do New gTLDs Disrupt .com?

This post examines whether the new gTLDs program is a disruptive innovation to the dominance of .com. I then use the idea of disruptive innovation to explain the relative adoption failure of previous generic Top-Level Domains (gTLDs), such as .biz, .info and .mobi. Harvard Professor Clayton Christensen's theory of disruption explains battles between market entrants and incumbents. Examples of markets transformed by disruptive innovations include classified ads (Craigslist), long-distance calls (Skype), record stores (iTunes), research libraries (Google), encyclopedias (Wikipedia), and taxis (Uber). more

The UDRP “Celebrates” Its 500th Reverse Domain Name Hijacking Case

Today, for the 500th time, an expert panel under the Uniform Domain Name Dispute Resolution Policy or "UDRP", issued a decision finding a Complainant guilty of Reverse Domain Name Hijacking or "RDNH". RDNH is an attempt to egregiously misuse the UDRP to unjustly seize a domain name from its lawful owner... To-date, the UDRP has adjudicated over 80,000 domain name disputes. The vast majority of them result in the transfer of a cybersquatted domain name to the rightful trademark owner. more

Towards a Generalised Threat-Scoring Framework for Prioritising Results From Brand Monitoring Programmes

The ability to rank results according to the level of threat they pose (based on factors such as, for example, the extent to which a webpage relates to a brand of interest) is a key component of many brand protection services. The prioritisation process has a number of purposes, including the identification of: (a) priority targets for further analysis; (b) candidates for content tracking (i.e. regular reinspection of content or configuration, and the generation of an alert if high-concern findings are identified) - as may be appropriate in cases where a domain name presents a high potential level of risk but is not currently associated with any live site content; and (c) priority targets for enforcement actions. more

Sovereignty and the Geography of Cyberspace

The cross-border nature of the Internet challenges an international system based on separate national jurisdictions. Unfortunately, discussions among governments on this growing tension easily spiral into ideological infighting about the application of sovereignty. Early November however, 1600 participants from 100 countries gathered for the 7th annual Internet Governance Forum (IGF)... Several sessions showed that it is possible to address the relations between the Internet and sovereignty in a responsible manner. more

Mandatory Provision of Abuse Contact Information in WHOIS

An industry professional at Abusix is the backbone behind a proposal to improve and create better mitigation of abuse across different global internet networks. Basically, this introduces a mandatory "abuse contact" field for objects in global Whois databases. This provides a more efficient way for abuse reports to reach the correct network contact. Personally - as a Postmaster for a leading, white-label ISP, I applaud this with great happiness for multiple reasons. I also feel people who handle abuse desks, anti-abuse roles, etc. should closely follow this. more

A Few Thoughts on the Future of Email Authentication

With the Online Trust Alliance Town Hall Meeting and Email Authentication Roundtable next week as well as the RSA Conference, I decided to pause and think about where we are and where we might be headed with regard to email authentication. Over the years, many of us have collectively worked to provide a framework for authenticating email... more