According to RFC1034, "cnn.com" and "cnn.com." should be the same domain names. However, it doesn't appear that programmers always understand that trailing dots can be added to domain names. Web servers also can't seem to agree what to do with a period at the end of a host name. IIS, thttp, and Akamai's Web server all get confused while Apache doesn't seem to care. How much other software behaves incorrectly because of a trailing period on a domain name? Can spam-filtering software be bypassed with dotted email addresses? Here is a situation when bad things can happen -- "WebShield SMTP infinite loop DoS Attack"... more
John Banks is a loan officer in New York. John's supervisor recently warned John about the potential number of bad loans he may be carrying as part of his portfolio. To dump some of the bad loans he might be carrying, John came up with a scheme. He pointed his web browser to www.whois.org and entered terms denoting disease or poor health such as 'cancer' and 'illness'. This query on the Internet's WHOIS database reported results of names and addresses of domain name owners who had developed websites devoted to providing information on certain serious illnesses. John compared these names and addresses with those in his portfolio of loans. For the matches, he canceled the loans and required immediate payment-in-full. more
When a brand goes so far as to ask a domain name registrar for Whois (the registration contact details) of a potentially abusive domain name, there's likely a lot at stake. Most often, the request is prompted by consumer safety concerns, such as the risk to consumers posed by a malicious site. Other times, the demand has a simple goal: to have a dialog with the registrant about the use of trademarks or other intellectual property in order to avoid extreme action. more
EDUCAUSE, the exclusive registry operator and registrar of .edu domain names under a Cooperative Agreement with the U.S. Department of Commerce, is preparing a mass purge of .edu domain names. The organization says it is part of the final phase in a year long project to improve the accuracy of the WHOIS database for the .edu space. more
In a recent issue of the Wall Street Journal, I noticed an underreported story about an embarrassing glitch that occurred involving the "washpost.com" domain name, which is used by the Washington Post Newspaper Company. Apparently, recently, the domain name stopped working -- no domain name services. This disrupted the flow and access of e-mail at the Washington Post as well as the operations of the washpost.com website. more
Someone recently observed that many stakeholders have fallen victim to a "chilling effect" resulting from fear of retaliation by the rich and powerful bullies currently infecting the multistakeholder community, ICANN, and Internet governance. I related to what I was hearing because I've been personally targeted and libelously attacked and it is deeply dismaying enough having to worry about threats to revenue and reputation along with other harmful effects of such thuggery. more
I have been thinking a lot about stewardship lately in my role as CEO of Tucows and how that relates to employees, a board of directors and investors. Where I've got to, which is not necessarily relevant for this post, is that stewardship needs to exist at EVERY level of a company and a life. With the recent dustup created by Verisign's new Sitefinder service it has crystallized for me what has always bothered me about the .com/.net registry and the way Verisign has approached it.
more
The ICANN Board has approved the community recommendation that "the provision of Thick Whois services should become a requirement for all gTLD registries, both existing and future." We have long supported the migration from 'thin' to 'thick' Whois, which will improve both quality and ease of access to Whois data, thereby further facilitating intellectual property enforcement online. The ICANN community has debated the merits of migration from 'thin' to 'thick' Whois for years, as part of the larger Whois Review process. more
It is just another phishing case. Why should I care? I happened to receive my own copy of the phishing email message. Most Internet users will just smile bitterly before deleting it. I checked it to see why it had gone through the spam filters. It had no URL in the text but a reply-to address. So it needed a valid domain name, and had one: postfinances.com. PostFinance (without trailing "s") is the payment system of the Swiss Post. It has millions of users. more
We Internet users, who either own domain names or have an interest in the domain name system, wish to object to the VeriSign's Site Finder system. We believe that the system: 1) Breaks technical standards, by rewriting the expected error codes to instead point to VeriSign's pay-per-click web directory, and threatens the security and stability of the Internet; 2) Breaks technical standards affecting email services, and other Internet systems... more
Late last month, ICANN took a major step toward addressing some ongoing concerns by signing a new agreement with the U.S. government entitled the Joint Project Agreement (JPA) heralded as a "dramatic step forward" for full management of the Internet's domain name system through a "multi-stakeholder model of consultation." ...While the Joint Project Agreement may indeed represent an important change, a closer examination of its terms suggest that there may be a hidden price tag behind ICANN newfound path toward independence -- the privacy of domain name registrants. more
Two months ago, the Federal Bureau of Investigation (FBI) alerted the public to a list of domains that could easily be mistaken to be part of its network. The list of artifacts contained a total of 92 domain names, 78 of which led to potentially malicious websites, while the remaining 14 have yet to be activated or are no longer active as of 23 November 2020. more
The long awaited Service Concession Contract to operate the .eu registry was signed yesterday (Oct. 12). Now the European Commission will formally notify ICANN of the selected registry operator allowing official negotiations to commence between EURid and ICANN to have .eu put in the root. According to the press release, registrations could begin in six to nine months... more
This may or may not come as a shock to some of you, but ICANN's contract with the Domain Name Registrars, in terms of WHOIS inaccuracy is not enforceable. Bear with me. The ability of ICANN to enforce against a Registrar who fails to correct or delete a domain with false WHOIS does not exist. more
As facts unfold, and the NTIA's decision to take away our privacy comes to light, it is interesting to see the NTIA struggling to explain its decision. Keep in mind that an "as yet to be identified" bureaucrat made this decision to take away your privacy, did it without notice, and without holding hearings. Those affected were not given an opportunity to explain how the loss of privacy would negatively affect them. Quite simply, this is NOT how our government is supposed to work. We should be outraged... more
A World-Renowned Source for Internet Developments. Serving Since 2002.