Latest news of the domain name industry

Recent Posts

Typosquatting is huge but not dangerous, study finds

Kevin Murphy, December 15, 2011, Domain Tech

A study of typosquatted domain names has found that the practice is reaching pandemic levels for the largest brands, but that there’s surprisingly little malware distribution going on.

The security company Sophos surveyed 2,249 domains that were one letter different to the .com sites of Facebook, Google, Twitter, Apple and Microsoft, and found that two thirds resolved.

Not all of those 1,502 sites were malicious typosquats; some were legitimate sites that just happened to have similarly spelled names (such as goole.com and witter.com) Sophos noted.

Apple was the most-squatted company, according to this method: resolving Microsoft typos were at 61%, Twitter at 74%, Facebook at 81%, Google at 83% and Apple at 86%.

Sophos concluded that “there is a significant typosquatting ecosystem around high-profile, often-typed domain names.”

But it did not find as much malware as it was expecting, with only one domain leading to a malware site, 0.07% of the total.

However, 2.7% of the URLs “fell into the loose category of cybercrime”, which “means they are, or have been, associated with hacking, phishing, online fraud or spamming”.

The report, which also fingers parking services from Demand Media, Sedo, Oversee and Bodis as the recipients of 37% of the typo traffic, contains much more data and is well worth a read.

Annoyingly, it appears that Sophos only surveyed .com domains, so the data doesn’t really tell us much about the impact of TLDs (such as .co) on the typosquatting problem.

Go Daddy bans DNS harvesting

Kevin Murphy, November 9, 2011, Domain Tech

Go Daddy is blocking companies from harvesting its DNS records, the company has confirmed.

CTO Dave Koopman denied that Go Daddy has a “DNS Blackouts” policy, but confirmed that it has banned certain IP addresses from doing DNS queries for its customers’ domains. He wrote:

The rumor about “DNS Blackouts” was started by someone using Go Daddy servers to cache all Go Daddy DNS records on his personal servers for financial gain.

Back to our previous example of 100 queries a day. Instead of one person accessing 100 domain names, this individual was attempting to download tens of millions of Go Daddy DNS records – twice daily. While his behavior did not cause any system issues, we felt it best to revoke access to the offending IPs.

If Go Daddy finds unwanted activity in our network, Go Daddy takes actions to stop it.

That appears to be a reference to a blog post from DNSstuff.com founder R Scott Perry, who complained in early September about what he called a “Selective DNS Blackouts” policy.

Perry suggested that Go Daddy was trying to drum up interest in its Premium DNS service by providing poor DNS service to regular customers.

Blocking DNS queries from selected IP addresses draws to mind Go Daddy’s policy of banning DomainTools and other companies from harvesting Whois records in bulk.

In January, the company confirmed, that it was blocking commercial Whois aggregators including DomainTools. The ban appears to still be in affect for non-paying DomainTools users.

Like DomainTools, DNSstuff.com offers DNS monitoring and alerts for premium fees.

ICANN steps in front of astrology lawsuit

Kevin Murphy, October 15, 2011, Domain Tech

ICANN has agreed to take over a critical online time zone database, after its original operators were sued for copyright infringement by an astrology software company.

The organization said last night that it will start to manage the Internet Time Zone Database, following the retirement of Arthur David Olson, who has managed it for nearly 30 years at the US National Institutes of Health.

“The Time Zone Database provides an essential service on the Internet and keeping it operational falls within ICANN’s mission of maintaining a stable and dependable Internet,” ICANN COO Akram Atallah said.

While it’s possible that ICANN will face criticism for this apparent case of “mission creep”, the move could actually be pretty good news for new top-level domains applicants.

The tz database is used by countless applications and platforms. It’s baked into Java, PHP, Perl, Python, .NET, PostgreSQL and BSD-derived operating systems including Mac OS X.

If ICANN is able to leverage those relationships, it may be able to increase adoption of its Universal Acceptance of TLDs project, an authoritative database of all live TLDs.

This could help new gTLDs, primarily those longer than three characters, have a smoother ride in terms of compatibility with internet software.

But the real reason for the handover to ICANN at this time appears to be the fact that Olson was sued at the end of September by Astrolabe, a Massachusetts-based provider of astrology software.

Astrolabe claims (pdf) it has copyright on some facts about historical time zone information, and has sued Olson for an injunction and damages

The lawsuit prompted the removal of the FTP site where the database is hosted, and oodles of bad karma for Astrolabe after the suit was reported in The Register.

So has ICANN just risked having its name added to the lawsuit in order to ensure the ongoing stability of the time zone database? Is it taking one for the team? It certainly appears so.

According to Astrolabe’s latest observations:

Conditions are confused and uncertain. Feelings run high. Perceptions are altered, leading to misunderstandings. Imagination, escapism, and gullibility are factors to contend with.

Indeed.

ANA finds SEO more effective than Facebook

Kevin Murphy, October 10, 2011, Domain Tech

Advertisers are “beginning to question the effectiveness” of social media marketing, but they’re still mostly sold on the benefits of search engine optimization.

That’s according to a new study from the Association of National Advertisers, the results of which have just been published.

The ANA’s survey of 92 marketers gave SEO an “effectiveness rating” of 52%, the highest rating given to any of the six categories respondents were asked to comment on.

However, that represented a decline of three percentage points from a similar survey in 2009.

Social networking sites (presumably including Facebook, although names were not named) received an effectiveness rating of 28%, up from 17% two years ago, ANA reported.

SEO and social sites were used in marketing by 88% and 89% of respondents respectively.

ANA president Bob Liodice said in a press release:

While marketers have substantially increased their use of newer media platforms over the past few years, they are beginning to question the effectiveness of some of these vehicles. The ANA survey indicates a strong willingness by marketers to integrate innovative new approaches into their marketing mix; however, this enthusiasm is tempered by concerns regarding the return-on-investment of these emerging options.

While it’s all speculation at this point, SEO improvements are often pointed to as a potential (and I stress: potential) benefit of new dot-brand or category-killer top-level domains.

The ANA is the current opponent-in-chief of ICANN’s new gTLD program.

Pirates set up domain seizure workaround

Kevin Murphy, October 6, 2011, Domain Tech

Movie and music pirates are setting up alternative DNS services to help users work around the government seizure of domain names.

A new service, BlockAid.me, launched an open beta at the end of September. It’s currently being promoted prominently on at least one major movie/music/games-sharing site.

The site encourages internet users to reconfigure their computers to use BlockAid’s DNS servers. That way, if a domain name used by a piracy web site is seized by law enforcement, BlockAid will be able to direct surfers to the original owner’s IP address more or less transparently.

This is exactly what the experts predicted would happen.

Ever since the US Immigration and Customs Enforcement agency started seizing domain names associated with pirated content and US politicians have been discussing legislation to streamline the process, workarounds have been expected.

In May, DNS experts including Paul Vixie, Dan Kaminsky and now-ICANN chair Steve Crocker said that the Protect-IP Act in the US would persuade many users to switch to offshore DNS servers.

They warned that this would lead to a rise in cybercrime against consumers, as disreputable or insecure DNS providers send surfers to spoofs of banks and other sensitive sites.

While there’s no reason to believe the BlockAid project has this kind of nefarious activity in mind, if the idea catches on it’s probably inevitable that a similar service operated by crooks will emerge eventually.

Amusingly, BlockAid’s web site says that it may financially support itself in future by showing ad-laden web pages instead of returning NXDOMAIN errors, a much-criticized money-making tactic many ISPs already use.

Note also that the .me registry is managed by Afilias, a heavily US-based company, which likely makes BlockAid.me just as vulnerable to seizure as any .com address.