Domain Names

Cybercriminals Weaponize Bulk-Registered Domain Names

Domain names that can be rapidly acquired, used in an attack, and abandoned before they can be traced are a critical resource for cybercriminals. Some attacks, including spam and ransomware campaigns and criminal infrastructure operation (e.g., "botnets"), benefit particularly from the ability to rapidly and cheaply acquire very large numbers of domain names – a tactic known as bulk registration. more

Key Success Factors for Top-Level Domains: An Evaluation Grid

It isn't always easy to explain the whys and wherefores of domain name market trends. Major indicators such as growth are usually generalised, given that they are based on data common to all stakeholders, but the causes behind fluctuations are hard to pin down. And structural causes need to be separated from cyclical ones, which may be the source of major variations, as was the case with the domaining waves in China, without actually reflecting long-term market trends. more

Domain Enforcement in a Post-GDPR World

The implementation of the General Data Protection Regulation (GDPR), and ICANN's conservative temporary policy, which favors privacy and limits registrar liability, has made domain enforcement against cybersquatters, cyber criminals and infringement more difficult, expensive and slow. With heightened concerns over privacy following high-profile breaches of consumer data and its subsequent illicit use and distribution, there is no question that consumer data protection practices would come under scrutiny. more

Celebrating Twenty Years of the UDRP

The Uniform Domain Name Dispute Resolution Policy, commonly known as the UDRP, was first introduced on October 24, 1999, by the Internet Corporation for Assigned Names and Numbers (ICANN). The UDRP is incorporated by reference into Registration Agreements for all generic top-level domain names (gTLDs) and some country-code top-level domain names (ccTLDs). more

Kenya’s .KE Domain Registrations Nearing 100,000 Mark, but It Can Do Better – Here’s Why

Over the years, the Kenyan Network Information Center (KeNIC) has struggled to reach the 100,000 mark in .ke Kenya country code domain registrations. Many reasons have been given for this shortfall, among them pricing, competition from generic Top-Level Domains (gTLDs) like .com and .org, and also competition from Geographic domains like the new .africa. Also, not opening up the second level for registration has been cited as one of the reasons for the low number. more

Dead Ends: The Achievement of Consensus in UDRP Jurisprudence

Like the Internet Corporation for Assigned Names and Numbers (ICANN), the Uniform Domain Name Dispute Resolution Policy (UDRP) is consensus-driven; from the bottom up, not the top down. The result is a jurisprudence of domain names that develops in common-law fashion through Panel decisions that over time and through "deliberative conversations" among panelists resolve into consensus. more

Domain Name System to Be Featured Prominently in Upcoming Review of EU Safe Harbor Rules

In July 2019, Netzpolitik and others leaked an internal document by DG Connect that outlines the European Commission's thoughts on an update of the E-Commerce Directive. Based on this document, it seems that the domain name system and its actors will be prominently addressed in the Ursula von der Leyen's Commission-cycle from 2019 to 2025. more

Corporate Domain Name Management Becoming More Difficult – Is Anyone Surprised?

Brandsight recently concluded their Third Annual Domain Management Survey. Designed to uncover issues of greatest concern to corporate domain name professionals, the survey was sent to more than 300 companies. The companies that responded spanned all verticals, ranging from financial services to high-tech to consumer packaged goods. Of those that responded, 18% had portfolios smaller than 500 domains... more

The Utility Formerly Known As WHOIS

Muscle memory is a funny thing. We don't even think about it really, but when we do the same thing over and over again, it just becomes second nature to us. This is how we've come to use WHOIS over the past two decades to get contact information for registered domain names. If you wanted to see who owned a domain, you'd simply do a WHOIS search. I've probably done hundreds of thousands of them during my time in the industry. Well as of this week, a major step in the retirement of WHOIS officially took place. more

How Domain Data Helps Thwart BEC Fraud

It's true, domain data has many practical uses that individuals and organizations may or may not know about. But most would likely be interested in how it can help combat cyber threats, which have been identified as the greatest risks businesses will face this year. Dubbed as the greatest bane of most organizations today, cybersecurity can actually be enhanced with the help of domain data. How? more

Recovering Domain Names Lost to Fraudulent Transfer

Domain Names composed of generic terms and combinations – dictionary words, random letters, and short strings – have achieved ascending values in the secondary market. DNJournal.com (Ron Jackson) reports on his year to date chart, for example (just a random sampling from the charts) in August 2019 joyride.com was sold for $300,000, in June voice.com sold for $30 million, in July rx.com sold for $1 million, and in January california.com sold for $3 million... The magnitude of the reported sales suggests that businesses have come to depend on resellers than go to the trouble of inventing brand names from scratch. more

Business Email Compromised (BEC) Scams Explode Under the GDPR Implementation

Business email compromised (BEC) attacks targeting American companies are exploding, with an increase of over 476% in incidents between Q4 2017 and Q4 2018. Up as well is email fraud with companies experiencing an increase of over 226%. These highly targeted attacks use social engineering to identify specific company employees, usually in the finance department and then convince these employees to wire large sums of money to third-party banking accounts owned by the attackers. more

Domain Name Registrar Isn't Liable for Counterfeit Goods – InvenTel v. GoDaddy

InvenTel makes security cams for cars. It is trying to crack down on Chinese counterfeiters. It brought a prior lawsuit against a wide range of defendants, including GoDaddy. InvenTel voluntarily dismissed GoDaddy from that suit. It brought a second round of litigation involving a new counterfeit site allegedly by the same bad guys, www.hdminorcarnbuy.com, a domain name registered via GoDaddy. more

The Pros and Cons of Introducing New gTLDs

Every time new concepts are introduced, much debate ensues as to the advantages and disadvantages such a change would bring forth. We've seen that happen with the launch of IPv6. Detractors and supporters rallied to make their respective arguments heard. One thing is sure though. The need for a much larger IP address space is something both parties are in agreement with. more

Satisfying the Evidentiary Demands of the UDRP

It continues to surprise that some counsel in proceedings under the Uniform Domain Dispute Resolution Policy (UDRP) are unaware or oblivious of its evidentiary demands, by which I mean they file and certify complaints with insufficient evidence either of their clients' rights or their claims. Because the UDRP requires conjunctive proof of bad faith registration and bad faith use (as opposed to the disjunctive model of the Anticybersquatting Consumer Protection Act), it should be ingrained for counsel experienced in the jurisprudence to know they cannot hope to succeed with marks postdating registration of domain names. more