Latest news of the domain name industry

Recent Posts

We grassed up .TOP, says free abuse outfit

Kevin Murphy, July 18, 2024, Domain Services

A community-run URL “blacklist” project has claimed credit for the complaints that led to .TOP Registry getting hit by an ICANN Compliance action earlier this week.

.TOP was told on Tuesday that it has a month to sort of its abuse-handing procedures or risk losing the .top gTLD, which has over three million domains.

ICANN said the company had failed to respond to an unspecified complainant that had reported multiple phishing attacks, and now the source of that complaint has revealed itself in a news release.

URLAbuse says it was the party that reported the attacks to .TOP, which according to ICANN happened in mid April.

“Despite repeated notifications, the .TOP Registry Operator failed to address these issues, prompting URLAbuse to escalate the matter to ICANN,” URLAbuse said, providing a screenshot of ICANN’s response.

URLAbuse provides a free abuse blocklist that anyone is free to incorporate into their security setup. Domain industry partners include Radix, XYZ.com and Namecheap.

First registry gets breach notice over new abuse rules

.TOP Registry allegedly ignored reports about phishing attacks and has become the first ICANN contracted party to get put on the naughty step over DNS abuse rules that came into effect a few months ago.

ICANN has issued a public breach notice claiming that the registry, which runs .top, has also been ignoring the results of Uniform Rapid Suspension cases, enabling cybersquatting to take place.

The notice says that .TOP breached new rules, which came into effect April 5, that require it to act on reports of DNS abuse (such as malware or phishing attacks) by suspending the domains or referring them to the responsible registrar.

The registry didn’t do this with respect to a report of April 18, concerning “multiple .top domain names allegedly used to conduct phishing attacks”. It didn’t even read the report until contacted by ICANN, according to the notice.

As of yesterday, only 33% of the phishing domains have been suspended by their registrars, some three months after the attacks were reported, ICANN says.

Compliance is also concerned that .TOP seems to be ignoring notices from Forum, the company that processes URS cases, requiring domains to be locked within 24 hours when they’ve been hit with a charge of cybersquatting.

The registry “blatantly and repeatedly violated” these rules, according to ICANN.

.TOP has been given until August 15 to get its act together or risk having its Registry Agreement suspended or terminated.

The registry has about three million .top domains under management, having long been one of the most successful new gTLDs of the 2012 round in volume terms. It typically sells domains very cheaply, which of course attracts bad actors.