Domain Names

Privacy, Legal vs. Natural Persons, and the Never-Ending ICANN EPDP

It has been just over 3 years since the General Data Protection Regulation (GDPR) came into effect, and the work within ICANN (type "EPDP 2a" into your acronym decoder ring) to develop a permanent Registration Data policy is progressing at a snail's pace. At issue is a proposed mandatory requirement for Contracted Parties (really just Registrars), to differentiate between "legal persons" (a fancy way of saying corporations and similar organizations) and "natural persons" (the kind that eat and breathe and schedule Zoom calls). more

Why Is Verisign Ignoring New Revenue?

Last month saw a much-anticipated decision handed down in the Independent Review Panel (IRP) proceeding examining the controversial 2015 auction for the .web generic top-level domain name registry (gTLD). This decision has been covered by others, including Kevin Murphy's DomainIncite, and has been the subject of unsurprisingly incongruous statements by both Verisign and Afilias, who are both contending for the .web concession privilege. more

The Risk of Descriptive Subdomains: Are We Revealing Too Much?

Subdomains help organizations sort different sections of their websites neatly. Looking at the subdomains of some websites, for example, we usually see subdomains like shop[.]domain[.]com and blog[.]domain[.]com, which help users navigate the sites efficiently. But we couldn't help but notice subdomains that might be revealing a lot about a company's Internet infrastructure and resources. more

Your Cybersecurity is Only as Strong as Your Weakest Vendor

Managing the risk of third parties has become a compliance focus for many large organizations. Companies even work with third-party service providers and external vendors just to manage this risk. The recent SolarWinds attack escalates the critical need for chief compliance officers to collaborate with their business counterparts to identify and mitigate potentially unknown threats that lie within third-party supply chains. Yet how can companies manage this risk when it's not if but when you're attacked? more

10th Registration Operations Workshop (ROW), June 8th, 2021, Online

The Registration Operations Workshop (ROW) was conceived as an informal industry conference that would provide a forum for discussion of the technical aspects of registration operations in the domain name system and IP addressing. The 10th ROW will be held online on Tuesday, June 8th, 2021 at 13h00-17h00 UTC. Click to learn more about the discussion topics and registration details. more

IRP Panel Dismisses Afilias' Claims to Reverse .WEB Auction and Award .WEB to Afilias

On Thursday, May 20, a final decision was issued in the Independent Review Process (IRP) brought by Afilias against the Internet Corporation for Assigned Names and Numbers (ICANN), rejecting Afilias' petition to nullify the results of the July 27, 2016 public auction for the .WEB new generic top level domain (gTLD) and to award .WEB to Afilias at a substantially lower, non-competitive price. Nu Dotco, LLC (NDC) submitted the highest bid at the auction and was declared the winner, over Afilias' lower, losing bid. more

Vendor Selection Matters in the Domain Registrar Ecosystem

Domain name abuse is one of the most dangerous and under-regulated issues in digital business security today. Many of the largest companies in the world still lack basic domain security protocols, making them prime targets for bad actors. An attack on a domain can lead to the redirection of a company's website, domain spoofing, domain and domain name system (DNS) hijacking attacks, phishing attacks, network breaches, and business email compromise (BEC). more

"It's Always DNS!" Why DNS Is the Biggest Single Point of Failure in the New Norm

Many in the network security field may be familiar with the phrase: "It's always DNS."  This is a popular meme within the industry, often making reference to the internal domain name system (DNS), the dynamic host configuration protocol (DHCP) part of a company's online network, that whenever there is a network issue, it's always an issue with DNS. more

ICANN's Tax Exemption Requires Updated Review

In September 2015, John Levine asked why ICANN should be considered a tax-exempt organization following the completion of the U.S. government's transition of technical management of the Internet's Domain Name System (DNS). The U.S. Internal Revenue Service (IRS) determined that ICANN was an exempt organization in 2000 and, inarguably, circumstances have evolved materially since then. more

Mistrust of ICANN Is Fully Vindicated

Recently, I have been reporting on a highly questionable auction scheme for a single domain name, o.com, which is currently being improperly warehoused by ICANN along with a number of other .com and .net domain names. This violates ICANN's Bylaws -- but, so what? more

Leaked Documents Reveal Xi Jinping's Communist Chinese Plan to Control the Internet's Root

Yesterday, The Epoch Times reported on leaked internal Chinese government documents revealing that premier Xi Jinping has "personally directed the communist regime to focus its efforts to control the global Internet, displacing the influential role of the United States." Xi's ultimate aim is for the Chinese Communist Party (CCP) to wield "discourse power" over communications and discussions on the global geopolitical stage by controlling content on the Internet. more

Think Beyond .com: From Country Codes to Internationalized Domain Names

One of the major takeaways from the Web Globalization Report Card is the importance of providing "front doors" to your localized websites. These doors begin with the addresses themselves, which may not include the .com domain. In fact, I'd recommend that most localized websites not use the .com domain, as this is an overloaded domain. This article looks at the many ways brands are creating more localized addresses, beginning with country code top-level domains (ccTLDs). more

Trusted Notifiers and the Future of DNS Abuse

Efforts have been ongoing in the ICANN community to develop a better understanding of its role in the combat of abuse. This theme has been rising in prominence every year since 2018, and 2021 appears to be the tipping point, in which consensus has built around the idea that more can be accomplished in terms of reducing the impact of rogue actors using the Internet for malicious purposes. more

Is NIST's Recent Letter on o.com a Bureaucratic Coup d'Etat?

Verisign recently informed ICANN that it had received a letter from the National Institute for Standards and Technology (NIST), an agency of the U.S. Department of Commerce, regarding the proposed auction of o.com described in the Second Amendment to the .com Registry Agreement agreed to by ICANN and Verisign in March 2019. This letter, which doesn't appear to be on official letterhead, is from a NIST Grants Officer and purports to overturn a letter raising objections to the auction... more

The Multistakeholder Moment of Truth: Will Stakeholders Hold ICANN Accountable?

During the two-year period preceding the IANA transition in 2016, there was a near-superhuman effort put forth by the community of stakeholders to design, debate, and deploy an accountability framework for ICANN that would serve to check and balance the coordinator of the global DNS. One of the overriding concerns that stakeholders sought to address was the possibility of ICANN being captured, and it was argued that the global community of stakeholders would serve as a "backstop" that would hold ICANN accountable. more