[UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance

Siemen Roorda siemen at openprovider.nl
Wed Sep 16 20:42:04 UTC 2015 

Hello Ram,

That is true, BlueCoat treats file extensions as domain extensions.
DomainIncite has posted some explanation from them on
http://domainincite.com/19241-blue-coat-explains-zip-screw-up, including
the doesn't-make-any-sense statement "In conclusion, none of the .zip
“domains” we see in our traffic logs are requests to registered sites.
Nevertheless, we recommend that people block these requests, until valid
.zip domains start showing up."

Kind regards,

Siemen Roorda
Openprovider

On 16/09/15 22:37, Ram Mohan wrote:
> BlueCoat’s methodology is discussed in some security group mailing lists.
> 
>  
> 
> My understanding is that in the case of .zip, there were instances of
> <file>.pdf.zip which allowed for drive-bys, malware etc. regardless of
> the state of name registration.
> 
>  
> 
> -ram
> 
>  
> 
>  
> 
> *From:* Jennifer Gore Standiford [mailto:JStandiford at web.com
> <mailto:JStandiford at web.com>]
> *Sent:* Wednesday, September 16, 2015 4:32 PM
> *To:* Ram Mohan <rmohan at afilias.info <mailto:rmohan at afilias.info>>
> *Cc:* UA-discuss at icann.org <mailto:UA-discuss at icann.org>
> *Subject:* RE: [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and
> implications on TLD acceptance
> 
>  
> 
> Ram and UA Members,
> 
>  
> 
> Have we requested or received any of the underlying data that supports
> the stats outlined in the BlueCoat report? I wonder why the .zip
> extension was referenced as a ‘shady’  considering it hasn’t launched yet.  
> 
>  
> 
> Thanks,
> Jennifer
> 
>  
> 
> *Jennifer Gore Standiford*
> 
> Policy Director
> 
> Web.com
> 
> 12808 Gran Bay Parkway, West  |  Jacksonville, FL 32258
> 
> Office: 904. 680-6919| Cell: 904. 401-4347
> 
> cid:image003.png at 01CFD6B5.902BADC0
> 
>  
> 
>  
> 
>  
> 
>  
> 
> *From:*ua-discuss-bounces at icann.org
> <mailto:ua-discuss-bounces at icann.org>
> [mailto:ua-discuss-bounces at icann.org] *On Behalf Of *Ram Mohan
> *Sent:* Wednesday, September 16, 2015 1:43 PM
> *To:* UA-discuss at icann.org <mailto:UA-discuss at icann.org>
> *Subject:* [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and
> implications on TLD acceptance
> 
>  
> 
> Folks,
> 
> BlueCoat <https://www.bluecoat.com/company-overview>, a security vendor
> used by most of the Fortune 500, released a report on the Web’s shadiest
> TLDs
> <https://www.bluecoat.com/company/press-releases/blue-coat-reveals-webs-shadiest-neighborhoods>
> on Sep 1, 2015. They recommend to their 15,000+ customers to block all
> listed TLDs (report attached). Most of these are new gTLDs.
> 
>  
> 
> There are implications for universal acceptance. This will result in
> some discussion at the upcoming UA Coordination Summit in Horsham
> tomorrow and Friday. The summit will have a conference bridge for anyone
> interesting in participating. Don Hollander will provide details.
> 
>  
> 
> -Ram
> 
> Chair, UASG
> 
>  
> 
> o: +1.215.706.5700 x103; m: +1.215.431.0958; f: +1.215.706.5701
> 
> Skype: gliderpilot30
> 
>  
> 
> -----------------------------------------------------------------------------------------------
> 
>  
> 
> *The Web’s Top 10 "TLDs with Shady Sites*"*
> 
> *Rank  * *Top-Level Domain Name    * *Percentage of Shady Sites*
> 
>  *#1        .zip                                          100.00%*
> 
> *#2        .review                                    100.00%         *
> 
> *#3        .country                                  99.97%*
> 
> *#4        .kim                                         99.74%           *
> 
> *#5        .cricket                                   99.57%           *
> 
> *#6        .science                                  99.35%           *
> 
> *#7        .work                                      98.20%*
> 
> *#8        .party                                      98.07%           *
> 
> *#9        .gq (Equatorial Guinea)        97.68%*
> 
> *#10      .link                                         96.98%*
> 
>  
> 
>  
> 

-- 
Met vriendelijke groet,

Siemen Roorda
Product developer Openprovider

Hosting Concepts B.V.
Willem Buytewechstraat 40
3024 BN  Rotterdam
The Netherlands
Tel +31 (0)10 448 22 96
Fax +31 (0)10 244 02 50

www.openprovider.nl       www.twitter.com/openprovider
www.openprovider.co.uk    www.twitter.com/openprovider_en
www.openprovider.es       www.twitter.com/openprovider_es

The information contained in this communication is confidential and may
be legally privileged. It is intended solely for the use of the
individual or entity to whom it is addressed and others authorized to
receive it. If you are not the intended recipient you are hereby (a):
notified that any disclosure, copying, distribution or taking any action
with respect to the content of this information is strictly prohibited
and may be unlawful, and (b): kindly requested to inform the sender
immediately and destroy any copies.

More information about the UA-discuss mailing list