Latest news of the domain name industry

Recent Posts

ICANN reports shocking increase in pandemic scams

Kevin Murphy, May 6, 2022, Domain Tech

The number of gTLD domains being used for malware and phishing related to the Covid-19 pandemic has increased markedly in the last eight months, according to data released by ICANN this week.

The Org revealed that since it started tracking this kind of thing in May 2020 it has flagged 23,452 domains as “potentially active and malicious”.

The data is collected by checking zone files against a list of 579 keywords and running the results through third-party abuse blocklists. Blocked domains are referred to the corresponding registrars for action.

I’m not sure you could technically call these “takedown requests”, but there’s a pretty strong implication that registrars should do the right thing when they receive such a report.

The 23,452 notices is a sharp rise from both the 12,860 potentially abusive flagged names and 3,791 “high confidence” reports ICANN has previously said it found from the start of the project until August 2021.

It’s not clear whether the rise is primarily due to an increase in abusive practices or ICANN’s improved ability to detect scams as it adds additional keywords to its watch-list.

ICANN said in March that it is now also tracking keywords related to the Russian invasion of Ukraine.

It’s also asking organizations in frequently targeted sectors to supply keyword suggestions for languages or scripts that might be under-represented.

The data was processed by ICANN’s Domain Name Security Threat Information Collection and Reporting (DNSTICR or “DNS Ticker”), which Org management previously discussed at ICANN 73.

Ukraine won’t delete domains until war is over

Kevin Murphy, April 25, 2022, Domain Registries

Hostmaster, the Ukrainian ccTLD registry, has indefinitely paused domain deletions due to the ongoing war with Russian.

The company said its domain redemption period, which usually lasts 30 days after a registration expires, will now run until the end of martial law, which was brought in by the government shortly after the invasion.

The registry had previously, and perhaps optimistically, extended the window to 60 days. But the war continues, and many registrants are still unable to renew their names.

Since the first extension, registrars have already recovered over 300 names that were not renewed in time, Hostmaster said.

The price to restore an expired .ua name is the same as a renewal, the registry said.

ICANN picks recipient of $1 million Ukraine aid

Kevin Murphy, April 21, 2022, Domain Policy

ICANN has decided to donate $1 million to the Emergency Telecommunications Cluster, an international organization that helps people stay connected during times of crisis.

The donation was announced at ICANN 73 in early March, not long after Russia’s invasion of Ukraine, and ICANN has spent the last six weeks picking a recipient and doing its due diligence. For ICANN, that’s basically warp speed.

The ETC is one of 11 “clusters”, overseen by the UN’s Inter-Agency Standing Committee, which provide relief during humanitarian crises. Other clusters help with food, medicine, and so on.

Its partners include UN agencies, other governmental bodies, charities, and private companies such as Cisco and Iridium.

The ETC has been on the ground in Ukraine since March 3, preparing to provide emergency communications and strengthen infrastructure against cyber-attacks, though its latest report notes that Ukraine’s infrastructure is holding up pretty well so far.

ICANN CEO Göran Marby said in a statement:

This is an initiative for which we have no precedent; it is a first for ICANN. I am proud of the org for the drive and commitment to quickly identify the best path and organization to efficiently deliver meaningful support. The ETC’s vision of “a world where safe and local access to reliable communications is always available” is well aligned with our mission to ensure the stable and secure operation of the Internet’s unique identifier systems.

ICANN’s board has approved an ongoing program of similar donations, not just for Ukraine.

Domain sales exempt from US sanctions on Russia

Kevin Murphy, April 11, 2022, Domain Policy

A variety of internet technologies, including domain name registration services, have been declared exempt from US sanctions on Russia.

The Department of the Treasury’s Office of Foreign Assets Control has issued a notice (pdf) specifically authorizing the export to Russia for the following:

services, software, hardware, or technology incident to the exchange of communications over the internet, such as instant messaging, videoconferencing, chat and email, social networking, sharing of photos, movies, and documents, web browsing, blogging, web hosting, and domain name registration services

The move is reportedly meant to support independent media’s and activists’ fight against Russian government propaganda during the Ukrainian invasion.

Some US registrars, including Namecheap and GoDaddy, have chosen to restrict their Russian customer base on ethical grounds since the first week of the war in Ukraine.

Namecheap, which has many staff in Ukraine, has banned all Russian custom other than those actively opposing the Putin government.

Microsoft seizes domains Russia was using to attack Ukraine

Kevin Murphy, April 11, 2022, Domain Policy

Microsoft says it has taken control of some domain names that we being using by hackers connected to the Russian security services to launch cyber attacks against Ukrainian, US and EU targets.

Company VP Tom Burt wrote that seven domains used by a group called Strontium were seized via a US court order and redirected to a Microsoft sinkhole, disrupting these attacks.

Burt wrote that the targets were Ukrainian media organizations and US and EU foreign policy think tanks, adding:

We believe Strontium was attempting to establish long-term access to the systems of its targets, provide tactical support for the physical invasion and exfiltrate sensitive information.

One wonders why Russia would use domains under US jurisdiction to conduct such attacks.

Ukraine registry hit by 57 attacks in a week

Kevin Murphy, March 24, 2022, Domain Registries

Ukrainian ccTLD registry Hostmaster today said its infrastructure was hit by 57 distributed denial of service attacks last week.

On its web site, which has continued to function during the now month-long Russian invasion, the company said it recorded the attacks between March 14 and 20, which a top strength of 10Gbps.

“All attacks were extinguished. The infrastructure of the .UA domain worked normally,” the company, usually based in Kyiv, said.

Hostmaster took the initiative in the first days of the war to move much of its infrastructure out-of-country, to protect .ua from physical damage, and to sign up to DDoS protection services.

101domain throttles its business in Russia

Kevin Murphy, March 11, 2022, Domain Registrars

101domain has become the latest registrar to say it is limiting its business in Russia in response to the invasion of Ukraine.

The company, owned by Altanovo Domains, said today it is suspending all new accounts, orders and inbound domain transfers for customers located in Russia.

It will also no longer sell or accept transfers for domains in Russian-linked TLDs .ru (including third-level names), .рф (.xn--p1ai), .МОСКВА (.xn--80adxhks), .рус (.xn--p1acf), .дети (.xn--d1acj3b), .su, and .tatar.

“We will continue to process renewals of existing services for the time being, however this may change at any time and without notice,” the company said.

101domain follows fellow registrars Namecheap, IONOS, and GoDaddy in announcing what effectively amount to commercial sanctions against Russia.

Industry bodies CENTR and ICANN, along with ccTLD registry Nominet, have also committed to concrete actions to sanction Russia and/or support Ukraine.

ICANN bigwigs support sanctions on Russian domains

Kevin Murphy, March 11, 2022, Domain Policy

Current and former ICANN directors are among 36 high-profile tech policy veterans to support the creation of a new domain block-list that could be deployed in humanitarian crises such as the current war in Ukraine.

An open letter (pdf), published last night, calls to effectively create a list of sanctioned domain names and IP addresses that could be blocked in much the same way as current lists help network operators block spam and malware.

The letter says:

We call upon our colleagues to participate in a multistakeholder deliberation… to decide whether the IP addresses and domain names of the Russian military and its propaganda organs should be sanctioned, and to lay the groundwork for timely decisions of similar gravity and urgency in the future.

Signatories include current ICANN director Ihab Osman, former chair Steve Crocker, founding CEO Mike Roberts, former CSO Jeff Moss and former director Alejandro Pisanty.

Other signatories include three members of the European Parliament, various academics and security researchers, the bosses of networking coordination groups, and the CEOs of several ccTLD registries.

Dmitry Kohmanyuk, founder of Ukrainian ccTLD registry Hostmaster, also signed the letter.

The letter deconstructs Ukraine’s recent requests for internet sanctions against Russian, including its request for ICANN to turn off Russia’s .ru domain, and concludes “the revocation, whether temporary or permanent, of a ccTLD is not an effective sanction because it disproportionately harms civilians”.

Such a sanction would be trivially circumvented and would lead to the proliferation of alt-roots, harming international interoperability, they say.

Having ruled out sledgehammers, the letter goes on to suggest a nutcracker approach, whereby the domain names and IP addresses of sanctioned entities are blocked by consensus of network operators like they’re no more than filthy spammers. The letter reads:

Blocklisting of domain names allows full precision and specificity, which is the problem that precludes action by ICANN. The system is opt-in, voluntary, consensual, and bottom-up, all values the Internet governance community holds dear. Yet, at the same time, it has achieved broad adoption.

We conclude that the well-established methods of blocklisting provide the best mechanism for sanctioning both IP routes and traffic and domain names, and that this mechanism, if implemented normally by subscribing entities, has no significant costs or risks.

The billion-dollar question is of course: Who would decide what goes on the list?

The letter, which says it’s designed to be a conversation-starter, is a bit vague on the policy-making aspect of the proposal.

It calls for the formation of “a new, minimal, multistakeholder mechanism” that would publish a block-list data feed after “due process and consensus”, adding:

This process should use clearly documented procedures to assess violations of international norms in an open, multistakeholder, and consensus-driven process, taking into account the principles of non-overreach and effectiveness in making its determinations. This system mirrors existing systems used by network operators to block spam, malware, and DDoS attacks, so it requires no new technology and minimal work to implement.

While such a system might well help protect gullible (to pick a nationality at random) Americans from the Kremlin’s misinformation campaigns, it’s not immediately clear to me how such a system would help shield blameless everyday Russians from their own government’s propaganda.

If rt.com, for example, were on the block-list, and Russia wanted RT available to its citizens, presumably Russian ISPs would just be told, at the barrel of a metaphorical gun, to stop using the block-list.

It will be interesting to see where this conversation leads.

Soviet Union “no longer considered eligible for a ccTLD”, ICANN chair confirms

Kevin Murphy, March 11, 2022, Domain Policy

The former Soviet Union’s .su domain could soon embark along the years-long path to getting kicked off the internet, ICANN’s chair has indicated.

The .su ccTLD, which survived the death of the USSR thirty years ago “is no longer considered eligible for a ccTLD”, Martin Botterman said in response to a question by yours truly at the ICANN 73 Public Forum yesterday.

It seems ICANN will no longer turn a blind eye to .su’s continued existence, and that the policy enabling ccTLDs to be “retired” could be invoked in this case, after it is finalized.

The question I asked, per the transcript, was:

While it is generally accepted that ICANN is not in the business of deciding what is or is not a country, do you agree that the Soviet Union does not meet the objective criteria for ccTLD eligibility? And would you support dot SU entering the ccTLD retirement process as and when that process is approved?

I went into a lot of the background of .su in a post a couple weeks ago, and I’m not going to rehash it all here.

I wasn’t expecting much of a response from ICANN yesterday. Arguments over contested ccTLDs, which usually involve governments, are one of the things ICANN is almost always pretty secretive about.

So I was pleasantly surprised that Botterman, while he may have dodged a direct answer to the second part of the question, answered the first part with pretty much no equivocation. He said, per the recording:

It is correct that the Soviet Union is no longer assigned in the ISO 3166-1 standard and therefore is no longer considered eligible for a ccTLD.

ICANN Org has actually held discussions with the managers of the .su domain in the past to arrange an orderly retirement of the domain, and the ccNSO asked ICANN Org starting in 2010 and reiterated in 2017 to pause its efforts to retire the domain so that the Policy Development Process could be conducted. And that is a request we have honored.

So we’re glad to report that the ccNSO recently concluded that Policy Development Process and sent its policy recommendations to the ICANN board.

We will soon evaluate the ccNSO policy recommendations, and we will do so in line with the bylaws process.

It looked and sounded very much like he was reading these words from his screen, rather than riffing off-the-cuff, suggesting the answer had been prepared in advance.

I wasn’t able to attend the forum live, and I’d submitted the question via email to the ICANN session moderator a few hours in advance, giving plenty of time for Botterman or somebody else at ICANN to prepare a response.

The ccNSO policy referred to (pdf), which has yet to be approved by the ICANN board, creates a process for the removal of a ccTLD from the DNS root in scenarios such as the associated country ceasing to exist.

It’s creatively ambiguous — deliberately so, in my view — when it comes to .su’s unique circumstances, presenting at least two hurdles to its retirement.

First, the Soviet Union stopped being an officially recognized country in the early 1990s, long before this policy, and even ICANN itself, existed.

Second, the .su manager, ROSNIIROS, is not a member of the ccNSO and its debatable whether ICANN policies even apply to it.

In both of these policy stress tests, the ccNSO deferred to ICANN, arguably giving it substantial leeway on whether and how to apply the policy to .su.

I think it would be a damn shame if the Org didn’t at least try.

While it’s widely accepted that ICANN made the correct call by declining to remove Russia’s .ru from the root, allowing .su to continue to exist when it is acknowledged to no longer be eligible for ccTLD status, and the policy tools exist to remove it, could increasingly look like an embarrassing endorsement in light of Russian hostilities in former Soviet states.

Nominet cuts off Russian registrars

Kevin Murphy, March 10, 2022, Domain Registries

Russian registrars will no longer be able to sell .uk domains, due to the war in Ukraine, Nominet announced today.

“We are not accepting registrations from registrars in Russia — we are suspending the relevant tags,” the registry said.

A “tag” is the unique identifier Nominet issues to its registrars to enable them to access the .uk registry.

I believe it’s the first example of a national domain registry taking action against Russian companies in response to the invasion of Ukraine.

While Nominet is independent, it’s pretty tight with the UK government, which with international partners has implemented some quite tough economic sanctions against Russia.

Nominet said that the “very small” number of existing domains with Russian addresses “will continue to operate as normal”.

Other measures the company announced include a £200,000 donation to the war relief effort, a reduction of its roughly £100,000 of investments in Russian companies to about £1,000, and the monitoring of new .uk registrations for possible Ukraine-related scams.

Other domain companies to announce what effectively amount to sanctions against Russia include Namecheap, Sedo, IONOS, GoDaddy and CENTR.

ICANN has also offered money to Ukraine and concessions to Ukrainian registrants, though the latter may also apply to Russians.