Welcome to the Root, .MOBI

mTLD's .mobi entered the root zone on Tuesday, quietly contrasted amidst all of the recent ICANN/VeriSign announcements. The .mobi mTLD is a Dublin, Ireland based joint venture between the Nokia Corporation, Vodafone Group Services Limited, and Microsoft. The .mobi domain was granted to service a sponsored community, consisting of: Individual and business consumers of mobile devices, services and applications; Content and service providers; Mobile operators; Mobile device manufacturers and vendors; IT technology and software vendors who serve the mobile community, and there are numerous benefits of .mobi to this community. more

Where Did the .Root Top-Level Domain Come From?

It was pointed out to me the other day that the ICANN/NTIA/Verisign root zone file contains a previously undiscussed top level domain. The contents of this TLD suggest that it was created by Verisign, the company that actually constructs the root zone file used by the dominant set of root servers. (The same zone file is also used by at least one of the competing root systems.) That TLD is .root. It's existence is as real as any other TLD such as .com or .org... more

Rape in the DNS

It took three years for ICANN to issue a breach notice to BizCn over the invalid WHOIS record behind RAPETUBE[DOT]ORG. Throughout the history of this absurd case ICANN staff would repeatedly insist the record had been validated and the registrar was compliant, regardless of extensive evidence proving otherwise. Despite a letter sent to ICANN's CEO and an investigation by the Washington Post, the Rape Tube stayed online. more

Personal Names, Politics and Cybersquatting

Thinking about the www.kerryedwards.com auction reminds one of the uneasy relationship between personal names, politics and cybersquatting. When reporters learned that the domain name was taken by Kerry Edwards, the Indiana bail bondsman, at least some headlines were quick to brand Mr. Edwards' conduct as cybersquatting. The Chicago Sun-Times, for example, ran the headline "Kerry Edwards is the Name, Cybersquatting is the Game." Mr. Edwards, of course, had registered his own name as a domain name long before Kerry picked Edwards as a running mate. more

An Open Letter to NTIA, ICANN, and IANA

I am writing this note in order to express my concern about an impending change in the root of the Domain Name System (DNS) and two of the largest Top Level Domains (TLDs). I am concerned that there is a risk of disruption to the net that has not been adequately evaluated and I am concerned that this change is being deployed without adequate monitoring or safeguards. more

ICANN to Add New Top-Level Domains, World to Come to an End

The biggest buzz from the Paris ICANN meeting was that the board accepted last fall's proposal for a streamlined process to add new TLDs. A variety of articles in the mainstream press, many featuring inflammatory but poorly informed quotes (from people who probably got a phone call saying "We go to press in five minutes, what do you think about ICANN's plan to add a million new domains?") didn't help. When can we expect the flood of TLDs? Don't hold your breath... more

IDN Spoofing Solutions With Balance

Last week's tizzy about IDN (Internationalized Domain Name) spoofing was an interesting exercise in watching how people react to the unknown. The nearly-universal response to the problem that had been described in detail many years ago was "turn off IDNs" instead of "assume that the people who created IDNs knew about this, so let's do some research." The following is based on my thoughts this week. For those of you who are not familiar with my earlier work, I'm one of the authors of the IDN standards... more

Can We Stop IP Spoofing? A New Whitepaper Explores the Issues

In March 2013, Spamhaus was hit by a significant DDoS attack that made its services unavailable. The attack traffic reportedly peaked at 300Gbps with hundreds of millions of packets hitting network equipment on their way. In Q1 2015, Arbor Networks reported a 334Gbps attack targeting a network operator Asia. In the same quarter they also saw 25 attacks larger than 100Gbps globally. What is really frightening about this is that such attacks were relatively easy to mount. more

An Open Letter to Yahoo!‘s Postmaster

In June 2004, Yahoo! and a number of other companies got together to announce the Anti-Spam Technical Alliance or ASTA. While it appears to have been largely silent since then, ASTA did at least publish an initial set of best practices the widespread adoption of which could possibly have had some impact on spam... The majority of these are clearly aimed at ISPs and end users, but some are either generally or specifically relevant to email providers such as Yahoo!, Google or Microsoft... The problem: Since February this year, we have been receiving a significant quantity of spam emails from Yahoo!'s servers. In addition to their transport via the Yahoo! network, all originate from email addresses in yahoo.com, yahoo.co.uk and one or two other Yahoo! domains. Every such message bears a Yahoo! DomainKeys signature... more

Should a Domain Name Registrar Run from a PO Box?

In 2008 KnujOn published a report indicating that 70 ICANN accredited Registrars had no publicly disclosed business location. The fundamental problem was one of community trust and consumer faith. Registrars extend their legitimacy to their domain customers who then transact and communicate with the public. more

Cyber Crime: An Economic Problem

During ISOI 4 (hosted by Yahoo! in Sunnyvale, California) whenever someone made mention of RBN (the notoriously malicious and illegal bulletproof hosting operation, the Russian Business Network) folks would immediately point out that an operation just as bad was just "next door" (40 miles down the road?), working undisturbed for years. They spoke of Atrivo (also known as Intercage). The American RBN, if you like... more

Analyzing The Inbox of a Spammer’s Domain

Consider this scenario: you need a domain name for your site so you go to your favorite domain registrar's website and upon a quick search find that your third choice is actually available! You quickly pull your credit card and register the name. Everything is good and you can't wait to have your new domain start pointing to your site and represent your official email address. But not so fast -- some of the recent events are revealing that, these days, when you are registering a domain name there is one more critical thing you need to do: check under the hood! more

Registrar Influence on the Domain Security Posture of the Forbes Global 2000

In the 2021 Domain Security Report, we analyzed the trend of domain security adoption with respect to the type of domain registrar used, and found that 57% of Global 2000 organizations use consumer-grade registrars with limited protection against domain and DNS hijacking, distributed denial of service (DDoS), man-in-the-middle attacks (MitM), or DNS cache poisoning. On average, the adoption of domain security controls is two times higher for enterprise-class registrars than for those using consumer-grade registrars. more

Who Runs the Internet? ICANN Attempts to Clarify the Answer With This Map

ICANN has released a "living" graphic aimed to provide a high-level view of how the internet is run attuned for those less familiar with the inner workings of the internet infrastructure ecosystem. more

CIRA Proposes New Standard for Domain Name Whois Privacy

The Canadian Internet Registration Authority (CIRA) has announced its proposed policy to provide all dot-ca domain name holders with increased privacy safeguards, bringing it in line with recently-enacted Canadian privacy laws. more