Security vendor Blue Coat apparently doesn’t check whether domains are actually domains before it advises customers to block them.
Unrepentant, Blue Coat continued to insist that businesses should consider blocking .zip domains, while acknowledging there aren’t any.
It said that its censorware treats anything entered into a browser’s address bar as a URL, so it has been treating file names that end in .zip — the common format for compressed archive files — as if they are .zip domain names. The blog states:
when one of those URLs shows up out on the public Internet, as a real Web request, we in turn treat it as a URL. Funny-looking URLs that don’t resolve tend to get treated as Suspicious — after all, we don’t see any counter-balancing legitimate traffic there.
Further, if a legal domain name gets enough shady-looking traffic — with no counter-evidence of legitimate Web traffic — it’s possible for one of our AI systems to conclude that the behavior isn’t changing, and that it deserves a Suspicious rating in the database. So it gets one.
In other words, Blue Coat has been categorizing Zip file names that somehow find their way into a browser address bar as .zip domain names.
That may sound like a software bug that Blue Coat needs to fix, but it’s still telling people to block Google’s gTLD anyway, writing:
In conclusion, none of the .zip “domains” we see in our traffic logs are requests to registered sites. Nevertheless, we recommend that people block these requests, until valid .zip domains start showing up.
That’s a slight change of position from its original “Businesses should consider blocking traffic that leads to the riskiest TLDs”, but it still strikes me as irresponsible.
The company has still not disclosed the real numbers behind any of the percentages in its report, so we still have no idea whether it was fair to label, for example, Famous Four’s .review as “100% shady”.
Google provided the new gTLD industry with one of its most prominent endorsements to date when it revealed this week that its new parent company, Alphabet, will use a .xyz domain name.
But it could just be the first move away from traditional TLDs such as .com — its new gTLD .google entered its “general availability” phase today.
Alphabet will be the holding company for Google the search engine provider, as well as many other subsidiaries focused on non-core areas of its business, and will replace Google as the publicly traded entity.
The new company will use abc.xyz as its primary domain.
XYZ.com CEO Daniel Negari told Wired that the move is “the ultimate validation”, and it’s hard to disagree.
Despite this, almost all the coverage in the tech and mainstream media over the last 24 hours has been about the fact that it does not own alphabet.com.
A Google News search for “alphabet.com” today returns over 67,000 results. Refine the search to include “abc.xyz” and you’re left with fewer than 2,700.
This is perhaps to be expected; BMW owns alphabet.com and has told the New York Times it does not intend to sell it. Journalists naturally gravitate towards conflict, or potential conflict.
Some reporters even suggested, with mind-boggling naivety, that Google hadn’t even done the most cursory research into its new brand before embarking on the biggest restructuring in its history as a public company.
But perhaps the reality is a little simpler: owning a .com that exactly matches your brand just isn’t that important any more.
If any company has insight into the truth of that hypothesis, it’s Google.
It should hardly be surprising that Google digs the possibilities offered by new gTLDs — remember, it applied for 101 strings and has 42 of them already delegated.
Its senior engineers have also blogged repeatedly that all gTLDs, including .com, are treated equally by its search algorithms.
Now that it has made the decision to brand its holding company on a new gTLD domain, could we expect it be similarly nonchalant about a switch to .google?
The dot-brand today came out of its pre-launch phase and entered “general availability”, meaning that the gTLD is now free for it to use.
The .google zone file only has a few domains in it at present, so we’re probably not going to see anything deployed there overnight, but I’d be surprised if we have to wait a long time before .google is put to use in one way or another.
The company set up a fleeting April Fool’s Day website at com.google earlier this year.
Google’s application for .google states:
The mission of the proposed gTLD, .google is to make the worldʹs information universally accessible and useful through the streamlined provision of Google services. The purpose of the proposed gTLD is to provide a dedicated Internet space in which Google can continue to innovate on its Internet offerings. The proposed gTLD will augment Googleʹs online presence in other registries, provide Google with greater ability to categorize its present online locations around the world, and in turn, deliver a more recognizable, branded, trusted web space to both the general Internet population and Google employees. It will also generate efficiencies and increase security by reducing Google’s current dependence on third-party infrastructure.
The company has also stated on its Google Registry web site that it intends to use .google, .youtube and .plus “for Google products”.
Forget .sucks — several less controversial new gTLD registries have come under fire from the likes of Google, Facebook and Adobe for charging sunrise fees as high as $17,000 for domains matching famous trademarks.
According to figures supplied to DI by ICANN’s Business Constituency, the domain instagram.love carries a $17,610 “Premium Name Fee” during the current sunrise period.
Instagram is of course the photo sharing service belonging to Facebook, and to the best of my knowledge not a dictionary word.
The domain facebook.love has a $8,930 fee, these figures show, while google.love costs $6,610, both in addition to sunrise fees of $350 and annual fees of $60.
The regular sunrise fee for .love comes in at $265 at some registrars.
The new gTLDs .design, .video, .wang, .wein, .rich and .top also seem to carry very high fees for brands such as Facebook, according to the BC’s numbers.
Google recently filed a public comment with ICANN which warned:
some registry operators are taking advantage of rights owners during Sunrise by charging exorbitant and extortionate Sunrise registration fees. Although such pricing policies are not strictly within the ICANN compliance mandate, they contravene the spirit of the RPMs [rights protection mechanisms], damage ICANN’s reputation, harm consumers in contravention of ICANN’s mandate to promote the public interest, and create disincentives for rights owners to take advantage of the Sunrise period
Similar comments were sent by the Intellectual Property Constituency, BC, and others.
The issue of registries charging super-high “premium” fees for trademarked names has been on the radar of the BC and the IPC since at least 2013.
It seems that in at least some cases, trademark owners are being hit with the higher fees because their marks are dictionary words that the registry has identified as premium due to their regular meaning.
For example, adobe.design is on the list of names provided by the BC, carrying a $1,175 registration fee.
But Andrew Merriam, director of business development at .design registry Top Level Design, denied that the software company is being targeted. Instead, he said “adobe” refers to the material used in architecture — its dictionary meaning.
He said: “Stucco.design, concrete.design, wood.design, granite.design (and many other materials and building styles) are all on the premium list, at varying prices. In fact, adobe.design is priced on the lower end of all these materials.”
Merriam said the registry’s premium fee for adobe.design is actually $250 and speculated that $1,175 could be the price quoted by Adobe’s brand protection registrar post-markup. It was $349 at Go Daddy, he said.
In other cases, trademarks may have found their way on to premium lists due to a lack of manual vetting by the registry, rather than nefarious targeting.
In the case of instagram.love, Evatt Merchant of .love registry Merchant Law Group told DI that Facebook can buy the name for the normal sunrise fee if it wants.
He told DI that trademark owners should contact the registry if they believe their marks have been wrongly given premium prices. He said:
While it is possible that some brand terms that are frequently googled have ended up on the premium list, valued based on their Google search frequency, there is a simple solution. During the sunrise period, brands seeking non-dictionary trademarked domain names can contact the registry so that a review of individual sunrise pricing can occur. As has already occurred, such requests will often result in the .LOVE TLD voluntarily offering to reduce their sunrise application cost to the base sunrise price and that would certainly be the case for Instagram.
ICANN’s does not regulate pricing in new gTLDs, but nevertheless the IPC and BC and their members have asked ICANN to include premium pricing of trademarked names in its upcoming review of rights protection mechanisms.
Google has secured two gTLDs representing two of its core services.
The company has won .search and .map, fighting off competition from Amazon, Donuts, Famous Four Media for .search and Rightside and Amazon for .map.
All the losing bidders have now withdrawn their applications.
Both strings were due to head to ICANN auction April 29, but appear to have been settled privately instead.
That means the winning bids will not be disclosed.
Google plans to operate .map as an open gTLD in which anyone can register.
It had originally planned to keep .search domains limited to itself, until ICANN’s Governmental Advisory Committee and others complained about so-called “closed generics”.
Its updated .search application talks about restricting .search to sites that offer search functionality that adheres to a certain technical standard.
Specifically, domains in .search will have to follow a certain URL format (example.search/?q=query, the format used by Google itself) for queries.
It’s going to be very interesting how Google goes about implementing the plans in its application. We could be looking at some innovative or possibly controversial services.
An 80-year-old seller of party supplies, owned by Warren Buffett, has won the rights to the new gTLD .fun, after the other two applicants withdrew.
Oriental Trading Company plans to operate the gTLD as a “restricted” space where only the company and its partners can register, according to its application.
Quite why this isn’t on hold as a “closed generic”, I don’t know.
The application states .fun will be:
an authoritative Internet space for OTC, its affiliates and partners where OTC can develop an unlimited number of domain names dedicated and relevant to “fun” and to provide Internet users with content, services and products they need, while being assured of brand authenticity.
The other two applicants were Google and Dot Strategy. Both applications have now been withdrawn.
OTC sells balloons, party hats, banners and such. It was acquired by Buffett’s Berkshire Hathaway in 2012 after filing for bankruptcy protection.
In other withdrawal news, games maker Konami today became the latest company to dump its plans for a dot-brand, in this case .konami.