Category: Opinion

Use of .BRANDS and Efforts To Thwart Domain Name Abuse Industry Highlights For DOTZON’s Katrin Ohlmer

Criminal activities continue to be an issue and challenge for the domain name industry, and it’s one of the main issues addressed in today’s Q&A with Katrin Ohlmer, CEO and founder of DOTZON GmbH. Ohlmer cites it as a highlight and lowlight – a highlight because the industry is attempting to tackle domain name abuse and a lowlight with phishing, malware, botnets and pharming being threats to consumers putting the whole industry in a bad light and seemingly not interested in fixing the issue. Ohlmer also sees the growth in usage of .brand new gTLDs as another highlight while she says the whole domain industry could improve in terms of customer experience and customer-centric marketing and communications.

Domain Pulse: What were the highlights, lowlights and challenges of 2019 in the domain name industry, both for you and/or the industry in general?

Katrin Ohlmer:

Highlights

A new awareness has been reached within the industry that many registries and registrars are responsible and taking actions against abuse, including the “Framework to Mitigate Abuse”. We started to communicate our efforts better to the community and will continue these efforts in 2020.

We noticed a growing use of domain names of .brands including the likes of .audi, .dvag and .mma – all with well beyond 1,000 registered domain names. We spotted quite a number of .brand domains “in the wild” – in print advertising, on vehicles and social media ads.

Lowlights

The ever-present existence of phishing, malware, botnets and pharming threats to consumers puts the whole industry in a bad light seemingly not interested in fixing this issue. The industry has to improve its communication activities within the community and to all stakeholders in 2020.

In 2020, we would like ICANN to focus again on their mission “to ensure the stable and secure operation of the Internet’s unique identifier systems”.

Challenges

GDPR brought to our industry new challenges and burdens. GDPR and its consequences are an asset for our industry that personal data are not published anymore. Even though this negatively affects the interests of the trademark industry.

DP: What are you looking forward to in 2020?

KO: I’m really looking forward to welcoming the ICANN community to Hamburg in Autumn and showcasing the broad use of .hamburg domain names in the city. With and ICANN meeting taking place only for the second time ever, it will be a great opportunity for the local and national Internet community to meet the ICANN community.

DP: What challenges and opportunities do you see for the year ahead?

KO: As the next round of new TLDs is still ahead of us, .brands including some of our customers have the opportunity to showcase the many usage scenarios which they have already implemented and will be implemented in 2020.

The whole industry has to increase their communication efforts about DNS Abuse to demonstrate that they take abuse seriously. Further debates are likely whether registries and registrars will mitigate abuse beyond DNS like counterfeiting, but hopefully ICANN will stay within its remits.

Further consolidation will happen between registries, registrars and vertically integrated groups. We might also see further investments from equity investment companies within the industry.

Tech trends like Artificial Intelligence, Bitcoin, Internet of Things will improve our industry – whether process-wise, with new products or communication channels.

The topic how ICANN will consider in its actions the Public Interest – not only at the Board level, but also within the wider community – will be a challenge. A first step has been made with the proposal drafted by the Board, and further activities will likely happen in 2020.

DP: How have new gTLDs fared in 2019?

KO: We observed that the diversity of TLDs being actively used across the globe is slowly but constantly increasing. Therefore we expect a steady uptake over the next few years and establishing the new gTLDs as a valid alternative to former TLDs.

A number of the new gTLDs are doing very well – they are chosen by users because they have a meaning like .realestate, .consulting and .rich, some provide local and regional identity to users like .berlin, .bzh and .nyc, and some represent the brand online like .audi, .google and .edeka. The more generic TLDs are, the less differentiation and meaning they have making it harder to develop a long-term value proposition beyond the price.

DP: What progress do you see on a new round of applications for new gTLDs in 2020?

KO: We are currently finalising the last open issues within the Subsequent Procedures PDP Working Group. I expect that the substantive progress of our ongoing work will continue in 2020, leading to a final report being sent to the GNSO Council and later to the ICANN Board for approval.

DP: What one thing would you like to see addressed or changed in the domain name industry?

KO: I tend to repeat myself: I still think the whole domain industry could improve in terms of customer experience and customer-centric marketing and communications including lower barriers to set-up a website, easing the whole domain registration process, and setting up an email account.

For decades, customers were attracted by prices. This led to many registrations with no or very limited usage. Now it’s time to encourage existing customers to use the product they bought and improve processes for new customers making it easier to bring their website with their new domain online.

Previous Q&As in this series were with:

Fraudsters Obtained $30 Million Worth of IP addresses in South Africa

[HEFICED news release] In September, South African media revealed an elaborate fraud scheme where IPv4 addresses reportedly worth at least $30 million on the second-hand market were stolen or misappropriated from large multinational companies based in South Africa.

The registered owners were mostly not aware of any violation of their properties, as the attackers exploited complex ownership structures. In addition, the legitimate owners were often unfamiliar with the considerable asset value presented by their stocks of IPv4 addresses.

Among the address sets stolen were a number of especially valuable “legacy blocks”, sets of IP addresses that were assigned before the establishment of regional internet registries (RIRs) and are thus completely free to use.

“We often notice that companies that obtained large pools of IPv4s when they were still readily available are not aware that they are now quite valuable. Thousands of addresses used to be free, now a single legacy address can be worth as much as $30,” comments Vincentas Grinius, CEO of Heficed, a company offering network infrastructure solutions that center on the procurement and management of IP addresses.

IPv4 fraud has become an increasingly pressing issue in the past decade. This is because the omnipresent IP addresses are actually a finite resource. Their original sources, the RIRs serving a continental region each, have all nearly run out of original, free-to-use address blocks within the last ten years, with AFRINIC being the only one still allocating them with relative ease.

Since IPs are localized, however, African addresses only serve limited use – to operate a server within Europe or America, a user needs a European or American IP. This is especially relevant for latency-dependent customers, like those who operate within fields of tight competition.

Whoever needs IPv4 addresses thus has to obtain them on the second-hand market. Like in any commodity market, fraud constitutes a problem, too.

Even in highly-regulated jurisdictions like the United States, fraudsters still go after the high-value resource. With proper attention and dedication, even stolen addresses can be recovered, but this often takes considerable time and legal investments. Most importantly, it is often impossible for large-scale corporate owners to properly track IPv4 ownership themselves.

“As with all complex, immaterial goods, like stocks or virtual assets, intermediary network infrastructure providers fulfil more than just the function of traders. They market, manage and care for their clients’ resources,” says Grinius.

Dealing with technicalities like IP addresses is often the least priority large companies have, if they are aware of the issue at all.

“The news from South Africa clearly shows that oversight is the main issue. Mostly without notice, IPv4s have become a hugely profitable opportunity that can be utilized if the proper care is taken. Heficed is among the specialist companies that offers this oversight and care, and thus provides security to clients who might not even have known that their assets were in danger,” Grinius adds.

Heficed believes that companies must take charge of their own IPv4-security, since institutional help is unlikely to arrive. Officially, the protocol is being phased-out in favour of IPv6, a process that has only very slowly advanced since IPv6’s introduction in 1998. This long-term solution is still far off: according to Google’s own statistics, less than 30% of users have access to their services using IPv6.

“For the time being,” Grinius concludes, “the only way to avoid potentially ruinous security breaches is to work with trustworthy partners in procuring and managing IPv4 addresses. With high demand encouraging fraud, the existing authorities are simply overstrained.”

This HEFICED news release was sourced from: https://www.heficed.com/press-releases/fraudsters-obtained-30-million-worth-of-ip-addresses-in-south-africa-experts-comments

NamesCon Crowdsourcing Session Submissions

NamesCon Global has grown over the years to become the largest annual domain-industry conference. It’s gone from being a domain investor-centric gathering to an event for everything domain-related, from channel providers and software vendors to domain investors and end-customers. And now as part of that growth they’ve moved to crowdsourcing for submissions for some of their sessions for this year’s theme: 360 Degrees Around the Dot.

The move from Las Vegas is also a reinvention of sorts: they’re going to Austin to establish the Domain Economic Forum, taking a broader and deeper look at the ecosystem in which we work and strive to innovate.

NamesCon is not looking for pitches of specific products or solutions but rather they want to see an industry overview, surfacing potential large-scale opportunities over the next decade. Successful submissions will round out the current programme.

NamesCon explain they’re looking for submissions in the following three clusters:

Quantifying the Domain Ecosystem

What is the true size of the domain industry? They explain that several parts of the ecosystem are not quantified—at least not yet. In particular we’re thinking of the secondary domain market: the opacity here is due to the fact that, for several reasons, most secondary-market transactions are not reported.

They’re seeking session ideas that will help a broader audience to understand the size and scope of the domain industry as a whole, and specifically in the secondary market—and the opportunities that lie within.

Big-Picture Market Opportunities

They want to dig more deeply into liquid domains as digital assets or a store of value, such as long-tail registrations for brand protection. They also want to explore the future of identity management, as well as next-generation DNS services as a driver for the domain industry: Right now, email and websites are based on domains, but what comes next?

The Buyer’s Perspective

NamesCon want as many buyers as possible at the Domain Economic Forum, and this means a diversity of needs and use cases. They’re looking for buyers from various backgrounds and industries to talk about the experience buying domains from investors; as well as how they approach brand protection. They want to learn more about real-life buying behaviour, budgeting, and other factors that make or break a deal.

To submit session ideas click here.

NamesCon 2020 Dates (Slightly) Change For A Day At The Beach

NamesCon Global logo

NamesCon Global have announced a slight change in the dates for their 2020 event to be held in Austin, Texas, for the first time, from 29 January to 1 February, a 3 day delay on the previously announced dates. And the reason for the change, in part, is partly because of a day at the beach.

“Our NamesCon Europe 2019 Beach Day was such a huge success that we knew we had to do a dedicated fun day in Austin,” said NamesCon CEO Soeren von Varchmin. “Since our program for that day can only be done on a weekend, we’ve had to shift the event dates to 29-February 1. So it starts a few days later than before.” (Also, they say they can’t mess with Super Bowl Sunday)

NamesCon will kick off on Wednesday the 29th with Beginner and Expert tracks as well as the opening reception. Then NamesConGlobal moves into two action-packed days of programming. These will include the exhibition hall and the famous live domain auction. It will wrap up with a day of fun and networking “out of the office”, so to speak.

“I can’t tell you yet what the fun day will be,” said Head of NamesCon Helga Neumer. “It’s still a surprise!”

“The date change also allows us to better realise our vision for NamesCon Global 2020, which we’re calling ‘The Domain Economic Forum’,” says von Varchmin. “NamesCon has evolved from an investor-focused event into the central event for everything domain-related. We’re happy to bring in domain name investors, registries, registrars, internet service providers, attorneys, brand managers, affiliate marketing companies, domain marketplaces, parking companies, financial service providers, and individual end-users. We’re looking beyond the right or left of the dot: now we’re taking you 360 degrees around the dot!”

“Our team has been going back and forth between Cologne and Austin to get things ready, even though the event is six months away,” said Neumer. “It’s a lot of flying, but it’s worth it!” The team has scored a new partnership with the Omni Hotel Austin Downtown: it’s described as a cool, chic spot with a rooftop pool. The special NamesCon rate is $200 less than the OMNI’s average price per night.

Since its founding in 2013, NamesCon’s flagship event has been held in Las Vegas.

Early-bird registrations are open until 31 July to save a few hundred bucks.

UAE Government Launches U.AE As Official Website For Govt Services

The United Arab Emirates has launched its official government website, its official portal that provides public access to information, services, projects, strategies and laws in the UAE using the u.ae domain name.

The new domain name, developed in cooperation between The Prime Minister’s Office at the Ministry of Cabinet Affairs and the Future and the Telecommunications Regulatory Authority (TRA), is composed of the initials of the United Arab Emirates (u.ae). The first letter is the domain name, while the second and third letters form the UAE’s country code Top Level Domain “.ae”.

The official portal of the UAE Government is a comprehensive platform for all government services and information, as well as important data and information related to vital sectors in the UAE, including education, economy, business, infrastructure, residency regulations, health, national policies and strategies, and others.

“The new domain name of the UAE Government portal embodies the meaning of innovation, which is simple and easy to remember,” said Commenting on the new domain name, Hamad Obaid Al Mansoori, TRA Director General. “It also reflects the centrality of the people in the government’s concerns with its various projects, programmes and plans. The adoption of the new domain name comes at an important stage of the digital transformation, in which we enter the era of the Fourth Industrial Revolution, the smart city, and the government of Artificial Intelligence. We are guided by our wise leadership directives to adopt a culture of innovation and creativity as a way to assert our nation’s leadership and our community’s happiness.”

“The most important message of the new domain name is the focus on people. It is a message from the UAE leadership that you are the goal, you are the purpose, you are the bet, you are the government, and you are the United Arab Emirates. We enter the digital age through the u.ae portal, to tell the world that the people are the ultimate goal of the UAE Government. The people in the broad sense of participation, tolerance, peace, prosperity, happiness, wellbeing, and sustainable development. The “u.ae” mission is that we are all our partners in future making. “

The informative side of the portal includes facts and figures on the UAE Government organisational structure, the Founding Fathers, the UAE strategies and initiatives, and development goals and plans. The portal also includes an e-participation platform that contains an online forum, blogs, surveys, polls, Chatbot, and links to the mGovernment pages on social medial such as Facebook, Twitter, YouTube and others.

Radix’s Karn Jajoo Discusses GDPR Benefits, How New gTLDs Are Looking Good and Radix’s Impressive Growth

In the latest Domain Pulse Q&A, we talk to Karn Jajoo, Head of Premium Portfolio at Radix, the registry behind successful new domain extensions such as .TECH, .STORE, .ONLINE, .SPACE and .SITE. Radix is one of the world’s largest nTLD portfolio registries with over 4M domains under management.

Jajoo discusses Radix’s impressive growth in 2018, the positive impact of the EU’s GDPR has been it’s spawned privacy discussions in developing countries with local data privacy laws, how registries should be deploying a long-term strategy now and keep away from the practice of trying to sell as many names as possible and instead focus on sustainable growth and usage and that the wider industry is developing products to support. Not unsurprisingly, Jajoo is excited about the prospects for the new generic top-level domains.

Domain Pulse: What were the highlights, lowlights and challenges of 2018 in the domain name industry for you?

Karn Jajoo: 2018 was a great year for new domains with some solid premium sales across top nTLDs, and two premium name sales over $500,000 that have set a new benchmark. Good meaningful names in suitable extensions will continue to find end users willing to pay a premium price.

Many globally popular brands warmed up to using new domains with the industry experiencing increasing adoption across different verticals globally.

There was also a 25% YoY growth in overall new domain registrations from registrars outside China; in fact, there were a total of 10 million registrations in 2018 vs 8 million in 2017. Specifically for us, it was a great year as Radix grossed $16.95M in total revenue in 2018, a 30% rise over its revenue in 2017. Radix’s net profit also grew by 45.6% in comparison to last year.

One of the biggest challenges for the new domains industry still remains to be the mindset within the domain industry. While there has been a gradual but definite shift in the perception of nTLDs within the domain industry, I think for many folks, an inherent conflict of interest leads to skepticism. Such biases need to be checked given the success of so many good nTLDs and plenty of use cases that continue to thrive.

DP: GDPR – good, bad and/or indifferent to you and the wider industry and why?

KJ: Much like others within the domains industry as well as other industries across the globe, the exercise to implement these changes in processes was challenging, and often confusing. Although, I don’t think we could classify it as good or bad. Instead of a binary judgment, we should look at it as a welcome change as far as the protection of private data is concerned.

On one hand, the domain industry seems to have coped well with the regulations that came into effect last year. On the other hand, DNS security agencies and counter abuse efforts have suffered a setback with redacted WHOIS information. The one positive effect of GDPR has been that data privacy discussions have spawned in other developing nations leading to the formation of local data privacy laws.

DP: What are you looking forward to in 2019?

KJ: As Radix, we are looking forward to becoming the biggest nTLD operator globally, and at the current growth pace, that could happen soon! We are already the only nTLD portfolio registry that has two of its TLDs with over 1 million domain registrations each.

We are also excited about the increasing number of startups that are investing in and using new gTLDs. Owing to the booming startup ecosystem globally, we can expect a lot of room for growth in new gTLDs in 2019. Our Startup League initiative now has 300+ startups that we are actively supporting.

As top nTLDs get more mainstream, their usage and acceptance would steadily increase, and so will the value of premium domains on nTLDs. We expect to make some big-ticket sales in 2019 and beyond.

DP: What challenges and opportunities do you see for the year ahead?

KJ: Registries should be deploying a long-term strategy now and keep away from the practice of trying to sell as many names as possible and instead focus on sustainable growth and usage.

A big positive for this industry is that partners such as domain marketplaces, brokerages, etc. are building more products and allocating time and resources towards marketing and selling new TLDs. Site builder SaaS platforms of all sizes are also starting to enhance their domains play and are understanding the importance of domain names as the gateway to more sales of their products.

DP: 2019 will mark 5 years since the first new gTLDs came online. How do you view them now?

KJ: Most extensions have been active for 2-4 years now and there is adequate channel and customer feedback on various aspects such as market segmentation, geographies, pricing etc. There has been considerable consolidation in the industry and many extensions that shouldn’t have existed in the first place are either declining in registrations or have ceased to exist, while meaningful extensions that offer customers genuine value have continued to grow.

Customer awareness and acceptance continues to be a challenge and an opportunity. We will continue to see a growing number of new domains spotted ‘in the wild’. We have a high decibel digital marketing campaign targeting end consumers running through various media channels for our flagship generic TLD, .ONLINE. We did similar campaigns for .STORE and .TECH last year and we can see their impact on the business.

I feel registries should be doing as much as possible to increase the pace of building awareness by communicating their value proposition.

DP: Are domain names as relevant now for consumers – business, government, and individuals – as they have been in the past?

KJ: I think domain names are more relevant now than ever. Trust between social media and consumers was shaken many times in the last couple of years and businesses realise that they need to ‘own their property’ i.e. their touchpoint with their customers or followers. If they only rely and build upon the property of someone else, they will always risk losing control of that relationship. Such dependence on social media has impaired many businesses which relied heavily on them for revenue or growth of the community. A good domain is an investment into your own brand and thus the best names will continue seeing higher valuations and interest in the coming years.

Previous Q&As in this series were with:

  • EURid, manager of the .eu top level domain (available here)
  • Katrin Ohlmer, CEO and founder of DOTZON GmbH (here)
  • Afilias’ Roland LaPlante (here)
  • DotBERLIN’s Dirk Krischenowski (here)
  • DENIC (here)
  • Internet.bs’ Marc McCutcheon (here)
  • nic.at’s Richard Wein (here)
  • Neustar’s George Pongas (here)
  • CentralNic’s Ben Crawford (here)
  • CIRA’s David Fowler (here)
  • Jovenet Consulting’s Jean Guillon (here)
  • GGRG’s Giuseppe Graziano (here)
  • Blacknight Solutions’ Michele Neylon (here)
  • Public Interest Registry’s President and CEO Jon Nevett (here)
  • ICANN board member and founding auDA CEO Chris Disspain (here)
  • InternetNZ’s Chief Executive Jordan Carter (here).

If you’d like to participate in this Domain Pulse series with industry figures, please contact David Goldstein at Domain Pulse by email to david[at]goldsteinreport.com.

DDoS Attacks Inflicting Serious Damage To Brands: Neustar

DDoS attacks continue to be an effective means to distract and confuse security teams while inflicting serious damage to brands, according to a report released last week by Neustar, Inc.

The first quarter 2019 Cyber Threats and Trends report highlights new areas of growth in Distributed Denial of Service (DDoS) attacks over the past year. One issue the report highlights is that while volumetric attacks over 50Gbps remain a relatively small segment of the overall threat picture at only 12% of attacks, their frequency has grown enormously when compared to the same period in 2018. The latest attacks morph over the course of the attack using a variety of ports and protocols to locate and exploit vulnerabilities. In Q1, 2019, over 77% of attacks used two or more vectors.

In particular, the trend of targeting subnets and classless inter-domain routing (CIDR) blocks to slow or stop network traffic across the internet is a disruptive DDoS threat, identified in the report. By using DDoS methods aimed completely at subnets, rather than specific IP addresses, an attack is often more difficult to detect and mitigate. These attacks often feature multiple vectors, and will switch between them as they migrate from subnet to subnet.

Neustar handled a mitigation for just such an attack in an around-the-clock collaboration between SOC engineers and a new customer who was quickly onboarded by Neustar after being dropped [during the attack] by their Tier 1 Internet Service Provider (ISP).

“Today’s artificial intelligence and machine learning technologies enable us to identify anomalous traffic and patterns, correlate data across systems, and perform behavioral analytics on users and entities,” said Rodney Joffe, Neustar Senior Vice President, Technologist and Fellow. “But none of these systems function without professionals who know how to deploy them, interpret their data, identify the existence and location of problems, and mitigate them.”

Such immediate personal involvement with expert engineers is a significant benefit in working with an estab-lished firm such as Neustar, particularly when under attack. “Neustar’s 10+Tbps of scrubbing capacity and variety of offerings are world class, and we have more power than ever to defend against the range of DDoS attacks,” said Michael Kaczmarek, Neustar Vice President of Security Products. “But it’s important to remember our most powerful defense: people.”

Neustar provides its customers with the resources and assurance that are needed to ensure data and infra-structure is continually protected against any type or size of DDoS attack. Neustar’s DDoS Mitigation Solutions offer the largest dedicated global network with over 10Tbps + of scrubbing capacity in North America, Europe, Asia, South America, Africa, Australia and India.

A free copy of The Neustar Q1’19 Cyber Threats and Trends Report is available here.

7th Domain Stammtisch München Coming in May

The seventh Domain Stammtisch München is coming next month and will be held on 18 May in the Hopfengarten in Munich, a popular beer garden.

The event, which is privately organised is described as a loose meeting of the domain industry where the organisers want to have some fun and talk about the good old days, but also about current domain topics. Participation is free of charge, but every participant has to pay for their own food and drinks.

The event has some of the leading players in the German-language domain name industry including Andreas Schreiner (CEO tamiva Ventures), Tobias Sattler (CTO united-domains), Richard Wein (CEO nic.at), Jochen Kieler (CSO BrandIT) and Stefan Panten (Managing Director DACH Gandi).

For free registration and more information, all in German, go to: stammtisch.domains

auDA ‘Not Engaged In Evidence-Based Policy Making’: ICA

Policy changes proposed an auDA Panel have been slammed by the Internet Commerce Association who have said they should ‘embrace domain investing’, “the Panel has found solutions in search of a problem” and it “has not engaged in evidence-based policy making” and that the Panel has “created equally or more unclear policies which are impossible and costly to effectively enforce.”

In late March, auDA, the policy and regulatory body for Australia’s country code top level domain (ccTLD), released a report compiled by their Policy Review Panel (PRP) who is inviting feedback from the Australian community on its final recommendations to the auDA Board. It’s turned out to be just another sad and sorry chapter since a cabal associated with the right-wing political party of Australian politics took control of auDA in 2016.

auDA logo

Over the last 3 years this cabal has seen the founding CEO booted out, referred allegations of impropriety against former employees and directors to Victorian state police that have predictably come to nothing, overseen around one thousand people from outside Australia joining as members within a few weeks when only a handful of new members ever join every month to ensure they get constitution changes, seen multiple staff and directors bullied and harassed into leaving the organisation including one being given notice while she was on sick leave having cancer treatment and who later died, likely deliberately leaked a confidential report to discredit agitators against the direction of the organisation, been the recipient of an Australian government review that said the organisation was “no longer fit-for-purpose and reform is necessary”, seen Members agitate for 2 Special General Meetings that saw a Chair resign before being booted out, undertaken a dubious Registry tender and spent A$4.247 million in the year to 30 June 2018 on consultants and advisers to further their objectives, up from $1.783 million in the previous financial year.

So it’s hardly surprising a Panel appointed by auDA has come up with a list of policies that defy evidence, are likely unworkable and seeks to alienate the registrants of what is probably a significant part of the .au portfolio.

In their submission responding to the public consultation period auDA is currently undertaking on proposed changes, the ICA summarises their problems with the auDA Panel proposals as follows:

1. auDA should reconsider its approach to domain name investing and should embrace it as a beneficial and important part of the domain name ecosystem;

2. The Panel has found solutions in search of a problem;

3. The Panel has not engaged in evidence-based policy making;

4. Rather than clarifying the policies, the Panel has merely created equally or more unclear policies which are impossible and costly to effectively enforce.

It should be noted that under rules for .au, domain monetisation is allowed, but the registering of domain names for the sole purpose of sale is not. Sales of .au domain names happen every day in Australia through expired domains via dropcatchers and aftermarket sales. auDA themselves sold many generic domain names for a windfall back in 2002.

In their submission, the ICA defends the role of domain investors, or domainers, as a legitimate activity and they “would have expected that the experiences of other countries such as the UK, Canada, United States, and New Zealand would have been examined and considered. In each of these aforementioned countries, domain investing contributes positively to the overall domain name ecosystem and helps ensure the success and viability of the registry.”

The ICA believes “the primary beneficiary of the optimism of domain investors who register in bulk domain names that would otherwise sit unregistered is auDA itself. auDA likely receives millions of dollars in revenues from such registrations and renewals. From a public policy perspective, the question arises as to what harm is caused by the optimism that results in the bulk registration of otherwise unregistered domains when balanced with all the worthwhile initiatives that auDA could fund with the revenues from such registrations and renewals.”

The ICA also wonders what problem auDA is trying to address with their policy recommendations.

“The Panel however stated in the Final Report, that ‘on balance’ it ‘believes that the resale and warehousing prohibition should be retained and strengthened’. From our review of the Final Report however, it is entirely uncertain and undocumented as to what extent there is any genuine ‘problem’ existing in the Australian namespace arising from the current rules as drafted, rather than an assumption by the Panel.”

The submission raises plenty of issues such as what constitutes the business of a domainer, what constitutes a “computer generated website” which the auDA Panel report proposes as a means of determining if the domain name used is intended for domaining. Additionally, the report contends that if a seller lists multiple domain names for sale, then this is an indicator of a domainer. And as the ICA submission notes, there’s no information provided by the auDA report as to how many domain names are listed for sale and sold, nor how many domains are warehoused.

The ICA also notes an “indicator proposed by the Panel for determining the ‘primary purpose’ of the registration is whether more than six domain names were sold or transferred during the previous six months except in relation to a business.” The ICA then asks “what constitutes a business? Who investigates how many domain names were sold or transferred by a registrant? How does the registrant prove that the domain names were transferred for a bona fide reason?”

The ICA also raises concerns about the introduction of second level registrations, whose introduction this writer has long supported. However the proposals suggested by the Panel add complications. There are also proposed changes to domain monetisation. The ICA wonders what the problem is that the auDA Panel is trying to address as there is no problem that has arisen either in practice, or that the Panel has been able to identify. The Panel identifies anecdotal problems, but nothing that is substantiated.

To download, read and make submissions on the Policy Review Panel (PRP) report, see:
https://www.auda.org.au/news/auda-announces-further-phases-of-public-consultation-for-policy-reform/

The submission by the Internet Commerce Association submission to the auDA PRP, see:
https://www.auda.org.au/news/auda-announces-further-phases-of-public-consultation-for-policy-reform/

DomainTools Webinar: DNS Mapping for Better Context on Threats

According to the FBI, U.S. businesses alone suffer from nearly $343k in damages every hour from phishing – and this number has been rising year over year for the last five years. Join Ben April, Chief Technology Officer at Farsight and Corin Imai, Senior Security Advisor at DomainTools for this 30 minute webinar on a real-world DNS forensic investigation. Starting with a single IOC (indicator of compromise), they will step through how to pivot through domain infrastructure to build intelligence of associated malicious activity.

March 26, 2019 at 10 AM PT/1 PM ET

In this webinar, you will learn:

  • How to take an IOC and pivot on supporting threat intelligence
  • Where pDNS can uncover cybercrime forensics data
  • When to leverage DomainTools and Farsight to build an investigation

To register for this free webinar, go to:
https://www.domaintools.com/resources/videos/webinar-dns-mapping-for-better-context-on-threats