Latest news of the domain name industry

Recent Posts

Chance of new gTLD delay “above zero”

Kevin Murphy, December 20, 2011, Domain Policy

ICANN has not completely ruled out the possibility that its new generic top-level domains program will be delayed, according to senior vice president Kurt Pritz.
Pritz was asked during a meeting of the GNSO Council last week whether the recent Congressional hearings into new gTLDs could lead to a delay of the January 12 launch.
“I think the risk is above zero,” Pritz said.
An “above zero” risk of delay could still mean a very small risk, of course.
He went on to point out that “the reputation of the multi-stakeholder model is wrapped up in this too”, and that to delay would be a disservice to all the people who have worked on the program.
He noted that the National Telecommunications and Information Administration assistant secretary Larry Strickling has come out in strong support of the multi-stakeholder model.
While the NTIA does not plan to enforce a delay, ICANN itself could make the decision under political pressure from elsewhere in the US, such as from Congress or the Federal Trade Commission.
Pritz faced a rough ride during a House Energy and Commerce Committee hearing last week, during which a number of Congressmen said they believed delay was appropriate.
The committee was largely concerned about the possible costs to trademark holders and implications for law enforcement agencies.
The hearing was called following lobbying by the Association of National Advertisers and the Coalition for Responsible Internet Domain Oversight.

Will new gTLDs really increase phishing?

Kevin Murphy, December 17, 2011, Domain Policy

The US Federal Trade Commission has come out swinging against ICANN’s new generic top-level domains program, saying it will increase online fraud and should be scaled back.
In an open letter to ICANN’s top brass yesterday, the FTC’s four commissioners claimed that “the dramatic introduction of new gTLDs poses significant risks to consumers”.
Saying that more gTLDs will make it easier for scammers to acquire domain names confusingly similar to existing brands, the commissioners said the program should be rolled out as a limited pilot.
The FTC commissioners wrote (pdf):

A rapid, exponential expansion of gTLDs has the potential to magnify both the abuse of the domain name system and the corresponding challenges we encounter in tracking down Internet fraudsters. In particular, the proliferation of existing scams, such as phishing, is likely to become a serious challenge given the infinite opportunities that scam artists will now have at their fingertips. Fraudsters will be able to register misspellings of businesses, including financial institutions, in each of the new gTLDs, create copycat websites, and obtain sensitive consumer data with relative ease before shutting down the site and launching a new one.

The letter demands better Whois accuracy enforcement, better ICANN compliance programs, and a cap on approved new gTLDs in the first round perhaps as low as a couple dozen.
The FTC’s claims that new gTLDs will increase phishing may not be supported by reality, however.
The latest data (pdf) from the Anti-Phishing Working Group shows that in the first half of the year only 18% of domain names used in phishing attacks were registered by the attacker.
That was down from 28% in the second half of 2010. Phishers are much more likely to compromise a domain belonging to somebody else – by hacking a web server, for example.
Of the 14,650 maliciously registered domains 10,444 (70%) were used to phish Chinese targets, “overwhelmingly” the e-commerce site Taobao.com, the APWG found.
Furthermore, only 2% of these domains – just 1,816 over six months – were judged to have been registered due to their confusing similarity with the brands they target.
The APWG said (emphasis in the original):

These are the lowest numbers we have observed in the last past four years, and show that using domain names containing brand strings has fallen further out of favor among phishers.

the domain name itself usually does not matter to phishers, and a domain name of any meaning, or no meaning at all, in any TLD, will usually do. Instead, phishers almost always place brand names in subdomains or subdirectories

The APWG found only one gTLD that ICANN has introduced – .info, with 4.5% – in its top ten phishing TLDs. The .com space accounts for 48.9% of all phishing domains.
Will the increase in the number of gTLDs reverse these trends? The FTC seems to think so, but the claims in its letter appear to be based largely on guesswork and fear rather than data.
I suspect that the FTC’s letter is more concerned with ICANN’s ongoing bilateral talks with registrars over law enforcement-demanded amendments to the Registrar Accreditation Agreement.
These talks are completely separate and distinct from the new gTLDs program policies, but in the last few weeks we’ve seen them being repeatedly conflated by US lawmakers, and now the FTC.
This may be ignorance, but it could just as well be an attempt to apply political pressure on ICANN to make sure the RAA talks produce the results law enforcement agencies want to see.
ICANN does not want to be forced into an embarrassing retreat on its hard-fought gTLD expansion. By producing a strong RAA, it could deflect some of the concerns about the program.