NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Rich Kulawiec on gTLDs (via IP)

------- Forwarded Message

From: David Farber <dave@farber.net>
To: "ip" <ip@v2.listbox.com>
Date: Thu, 26 Jun 2008 10:36:31 -0700
 $10M) must have been very good meals $10m

From: Rich Kulawiec [rsk@gsp.org]
Sent: Thursday, June 26, 2008 1:22 PM
To: Olivier MJ Crepin-Leblond
Cc: David Farber
Subject: Re: [IP] FROM PARIS -- (STILL MUST HAVE BEEN FINE WINES TO COST $10M) must have been very good meals $10m

On Thu, Jun 26, 2008 at 09:12:25AM -0700, David Farber quoted:
> Having been present at all the debates, my feeling is that there are three
> broad camps in existence:
> 1. People who are concerned about endangering the stability of the DNS
> through introduction of too many gTLDs
> 2. Registrars/registries who are looking forward to the new gTLDs and seeing
> this as a new business opportunity
> 3. Registrars/registries who are seeing the creation of new gTLDs as a
> threat to their own business model by seeing a reduced marketspace for their
> already established gTLDs

There's at least one other camp (and probably more):

4. People who see the proliferation of TLDs as an opportunity for still
more abuse -- via spammers, phishers, squatters, link farms, typosquatters,
registrars, and anyone else who can leverage it to their advantage and
to the disadvantage of everyone else on th e Internet.

Some examples:

A. We all know that there is absolutely no technical justification for
the .mobi TLD.  Anyone wishing to offer mobile services could have used
mobi.example.com (either as a host or a subdomain) and thus avoided the
expense of yet another domain.

B. The .name TLD is being rapidly overrun by spammers, aided and abetted
by the lack of a proper WHOIS server for it.  This isn't surprising: it
follows on the heels .info and .biz (so heavily used by spammers and thus
so heavily blacklisted that not even *they* are setting up many new
domains there).  Locally, I blacklisted the entire .info TLD after noting
over 100,000 spammer domains; the count is now over 300,000 and still
going up fast.  And I'm not alone: .info is rapidly becoming scorched earth,
useless to anyone.  There little remaining reason for it to exist at all.

C. As soon as any new TLD is created, domain speculators will rush to
buy popular names in it: if .foo is created, sun.foo, google.foo,
ibm.foo, myspace.foo, etc. will all be snatched up quickly.  The only
question is whether they'll be grabbed by squatters or whether the
companies most often associated with them will get there first.  Of course
this kind of land rush creates substantial income opportunities for
registrars and squatters (who can always offer to sell domains to
legitimate operations who wish to avoid litigation) but it benefits nobody
else and imposes substantial costs on people who don't need, don't want,
and have no reason to use a .foo domain.

D. Repeat (C) but with typosquatters, who will attempt to do there what
they've done in .com and .net and other TLDs.  I doubt the folks at eBay
actually wanted paypa1.com (which is not the same as paypal.com) but
self-defense against typosquatting likely compelled them to acquire it.
They can now look forward to the expense and headache of acquiring
not just paypal.foo, but also paypa1.foo for the same reasons.

E. There is now evidence on the table that some registrars are nothing
more than spammer fronts, created to provide a layer of obfuscation
and plausible deniability, as well as to reduce operational costs.

We don't need any more gTLDs: if any are created, they will quickly
be overrun by abusers and rendered as much a wasteland as .info is today.
In the process, registrars will profit, abusers will profit, and everyone
else will be forced into pointless expenditures (to proactively or
reactively defend themselves from the ensuing abuse).

What we *do* need is an end to nonsense known as "domain tasting",
an end to the abuse known as "front-running", rigorous vetting of
registrars, unfettered WHOIS access, and an end to obfuscated domain
registration [1].  These are steps toward end-to-end accountability
in the domain registration process, something that's been sadly lacking
over the past decade.

- ---Rsk

[1] It's often falsely claimed that this will expose addresses to
spammers.  This is silly: spammers already have or will soon acquire
any address they wish, via a myriad of means.  They're way, WAY ahead
of the curve on this one, and security-by-obscurity is not going to work
here any more than it does anywhere else.  The best course is to presume
that any email address will be targeted and defend it appropriately.

- -------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

------- End of Forwarded Message