<div dir="ltr">To Lars&#39; point, let&#39;s focus on the article and getting it out.  <br><br>One of the things that will hurt our efforts in UA is ignoring market impacts of scaring people inappropriately or discouraging them from support or use of IDN.  <div><br>We could benefit from a stronger message that matches more of what edmon and rod have identified with respect to the molecule-sized scale of the issue.  Using real statistical data from trusted sources, if we can indicate that this issue does exist but is quite small in scale, and contrast it to other phishing techniques that are prevalent in non-IDN, we can hopefully reduce the fear appropriately.</div><div><br>I am not suggesting we tell people to ignore the homograph confusability potential, but rather to put the matter into an appropriate contextual scale and not be used as a justification not to explore reaching a wider, global audience with IDN, where they might be hobbling growth of their goods or services having wider international consumers.</div><div><br></div><div>See if my redline helps - and treat it like a buffet - just put the stuff on your tray that works for you...</div><div><br></div><div>-Jothan<br><br><br><br><br><br><br></div><div><br></div><div><br><div><br></div><div><br></div></div></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><br>Jothan Frakes<br>Tel: +1.206-355-0230<br><br></div></div></div>
<br><div class="gmail_quote">On Wed, Apr 26, 2017 at 11:47 AM,  <span dir="ltr">&lt;<a href="mailto:icann@rodrasmussen.com" target="_blank">icann@rodrasmussen.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="word-wrap:break-word">Resending from my mailing list “approved” address.<div><br></div><div>==============================<wbr>=</div><div><br></div><div>Edmon,<div><br></div><div>Greg Aaron and I will be publishing a long-overdue catch-up on these APWG studies within the next couple weeks.  In it we will cover 2015 and 2016.  In it we will cover the fact that the described homograph attack problem is virtually non-existent in real-world phishing attacks.  In all of 2015, the various organizations contributing data to the APWG saw ONE true homographic attack, and in 2016, TWO.  There were other uses of IDNs and mixed scripts that we’ll discuss, but there were just a handful.  Phishers don’t need to mount homographic attacks to be successful, and I’d say that most of them don’t have the skills and/or motivation to do so.  Ironically, the “buzz” about it that this article and coverage has created may actually get a few bad guys interested in exploring the concept. :-(  That said, just like any other vulnerability or exploit that has low use but high potential for harm, being prudent about putting measures in place to limit risk and building understanding of those risks are still well worth pursuing, but this certainly isn’t an emergency that needs the “overheating” Andrei so appropriately mentioned.  I’ll send a link to the paper once we get it published via the APWG.</div><div><br></div><div>Cheers,</div><div><br></div><div>Rod</div><div><br><div><blockquote type="cite"><div><div class="h5"><div>On Apr 26, 2017, at 5:07 AM, Edmon Chung &lt;<a href="mailto:edmon@registry.asia" target="_blank">edmon@registry.asia</a>&gt; wrote:</div><br class="m_-7759855091234965469Apple-interchange-newline"></div></div><div><div class="m_-7759855091234965469WordSection1" style="font-family:Helvetica;font-size:12px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div><div class="h5"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif">Should consider including reference to:<u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><u></u> <u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><a href="https://www.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2010.pdf" style="color:purple;text-decoration:underline" target="_blank">https://www.apwg.org/reports/<wbr>APWG_GlobalPhishingSurvey_<wbr>2H2010.pdf</a><u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif">Only 10 of the 42,624 domain names we studied were IDNs, and only one was a homographic attack.<u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><u></u> <u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><a href="https://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2013.pdf" style="color:purple;text-decoration:underline" target="_blank">https://docs.apwg.org/reports/<wbr>APWG_GlobalPhishingSurvey_<wbr>2H2013.pdf</a><u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span style="font-size:11pt;font-family:Arial,sans-serif">Eighty-two of the 82,163 domain names were internationalized domain names (IDNs), and none were homographic attacks.<u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><u></u> <u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><a href="https://docs.apwg.org/reports/APWG_GlobalPhishingSurvey_1H2013.pdf" style="color:purple;text-decoration:underline" target="_blank">https://docs.apwg.org/reports/<wbr>APWG_GlobalPhishingSurvey_<wbr>1H2013.pdf</a><u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif">Seventy-eight of the 53,685 domain names were internationalized domain names (IDNs), and three of them were homographic attacks.<u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><u></u> <u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif">And this is certainly not a new issue:<u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><u></u> <u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><a href="https://www.google.com/url?sa=t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;cd=2&amp;cad=rja&amp;uact=8&amp;ved=0ahUKEwjwwqzBhcLTAhWIVbwKHShHA9kQFggtMAE&amp;url=https%3A%2F%2Fwww.symantec.com%2Fcontent%2Fdam%2Fsymantec%2Fdocs%2Fsecurity-center%2Farchives%2Fintelligence-quarterly-oct-09-en.pdf&amp;usg=AFQjCNGu8162_PXXqnhfHjAQfSUAqYaEXw" style="color:purple;text-decoration:underline" target="_blank">https://www.google.com/url?sa=<wbr>t&amp;rct=j&amp;q=&amp;esrc=s&amp;source=web&amp;<wbr>cd=2&amp;cad=rja&amp;uact=8&amp;ved=<wbr>0ahUKEwjwwqzBhcLTAhWIVbwKHShHA<wbr>9kQFggtMAE&amp;url=https%3A%2F%<wbr>2Fwww.symantec.com%2Fcontent%<wbr>2Fdam%2Fsymantec%2Fdocs%<wbr>2Fsecurity-center%2Farchives%<wbr>2Fintelligence-quarterly-oct-<wbr>09-en.pdf&amp;usg=AFQjCNGu8162_<wbr>PXXqnhfHjAQfSUAqYaEXw</a><u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><u></u> <u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><u></u> <u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><a href="http://www.symantec.com/content/en/us/enterprise/other_resources/b-intelligence_report_08-2011.en-us.pdf" style="color:purple;text-decoration:underline" target="_blank">www.symantec.com/content/en/<wbr>us/enterprise/other_resources/<wbr>b-intelligence_report_08-2011.<wbr>en-us.pdf</a><u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><u></u> <u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif">Edmon<u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><u></u> <u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><u></u> <u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="EN-CA" style="font-size:11pt;font-family:Arial,sans-serif"><u></u> <u></u></span></div></div></div><div style="border-style:none none none solid;border-left-color:blue;border-left-width:1.5pt;padding:0mm 0mm 0mm 4pt"><div><div class="h5"><div><div style="border-style:solid none none;border-top-color:rgb(225,225,225);border-top-width:1pt;padding:3pt 0mm 0mm"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><b><span style="font-size:11pt;font-family:Calibri,sans-serif">From:</span></b><span style="font-size:11pt;font-family:Calibri,sans-serif"><span class="m_-7759855091234965469Apple-converted-space"> </span><a href="mailto:ua-discuss-bounces@icann.org" style="color:purple;text-decoration:underline" target="_blank">ua-discuss-bounces@<wbr>icann.org</a><span class="m_-7759855091234965469Apple-converted-space"> </span>[<a href="mailto:ua-discuss-bounces@icann.org" style="color:purple;text-decoration:underline" target="_blank">mailto:ua-discuss-<wbr>bounces@icann.org</a>]<span class="m_-7759855091234965469Apple-converted-space"> </span><b>On Behalf Of<span class="m_-7759855091234965469Apple-converted-space"> </span></b>Lars Steffen<br><b>Sent:</b><span class="m_-7759855091234965469Apple-converted-space"> </span>Wednesday, 26 April 2017 18:15 PM<br><b>To:</b><span class="m_-7759855091234965469Apple-converted-space"> </span>Andrei Kolesnikov &lt;<a href="mailto:andrei@rol.ru" style="color:purple;text-decoration:underline" target="_blank">andrei@rol.ru</a>&gt;; Don Hollander &lt;<a href="mailto:don.hollander@icann.org" style="color:purple;text-decoration:underline" target="_blank">don.hollander@icann.org</a>&gt;<br><b>Cc:</b><span class="m_-7759855091234965469Apple-converted-space"> </span>Dr. AJAY D A T A &lt;<a href="mailto:ajay@data.in" style="color:purple;text-decoration:underline" target="_blank">ajay@data.in</a>&gt;; tan tanakadennis via ua-discuss &lt;<a href="mailto:ua-discuss@icann.org" style="color:purple;text-decoration:underline" target="_blank">ua-discuss@icann.org</a>&gt;<br><b>Subject:</b><span class="m_-7759855091234965469Apple-converted-space"> </span>Re: [UA-discuss] UASG Response to WordFence IDN Phishing concerns<u></u><u></u></span></div></div></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><u></u> <u></u></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Hi all,<span class="m_-7759855091234965469Apple-converted-space"> </span><u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">A general reply to this thread: Can we agree on the current version of the blog post to be published asap before we continue the discussion…?<u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Thank you,<u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">Lars<u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><u></u> <u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><b><span lang="DE" style="font-size:11pt;font-family:Calibri,sans-serif">Von:</span></b><span lang="DE" style="font-size:11pt;font-family:Calibri,sans-serif"><span class="m_-7759855091234965469Apple-converted-space"> </span><a href="mailto:ua-discuss-bounces@icann.org" style="color:purple;text-decoration:underline" target="_blank">ua-discuss-bounces@icann.<wbr>org</a><span class="m_-7759855091234965469Apple-converted-space"> </span>[<a href="mailto:ua-discuss-bounces@icann.org" style="color:purple;text-decoration:underline" target="_blank">mailto:ua-discuss-<wbr>bounces@icann.org</a>]<span class="m_-7759855091234965469Apple-converted-space"> </span><b>Im Auftrag von<span class="m_-7759855091234965469Apple-converted-space"> </span></b>Andrei Kolesnikov<br><b>Gesendet:</b><span class="m_-7759855091234965469Apple-converted-space"> </span>Mittwoch, 26. April 2017 12:06<br><b>An:</b><span class="m_-7759855091234965469Apple-converted-space"> </span>Don Hollander &lt;<a href="mailto:don.hollander@icann.org" style="color:purple;text-decoration:underline" target="_blank">don.hollander@icann.org</a>&gt;<br><b>Cc:</b><span class="m_-7759855091234965469Apple-converted-space"> </span>Dr. AJAY D A T A &lt;<a href="mailto:ajay@data.in" style="color:purple;text-decoration:underline" target="_blank">ajay@data.in</a>&gt;; tan tanakadennis via ua-discuss &lt;<a href="mailto:ua-discuss@icann.org" style="color:purple;text-decoration:underline" target="_blank">ua-discuss@icann.org</a>&gt;<br><b>Betreff:</b><span class="m_-7759855091234965469Apple-converted-space"> </span>Re: [UA-discuss] UASG Response to WordFence IDN Phishing concerns<u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div><div><div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Dusan gave us great overview of different ccTLD which ICANN has very little control. However most of the cc registries carry the mitigation process to bring down malicious domain names used explicitly for bad purposes.<u></u><u></u></span></div></div><p class="MsoNormal" style="margin:0mm 0mm 12pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">I definitely don&#39;t support  overheating the problem. If cross-script attack reaches the level of Kaminsky attack hysteria, we are in deep trouble :)<span class="m_-7759855091234965469Apple-converted-space"> </span><u></u><u></u></span></p></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">--andrei<u></u><u></u></span></div></div></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div><div><div><div class="h5"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">2017-04-26 12:50 GMT+03:00 Don Hollander &lt;<a href="mailto:don.hollander@icann.org" style="color:purple;text-decoration:underline" target="_blank">don.hollander@icann.org</a>&gt;:<u></u><u></u></span></div></div></div><blockquote style="border-style:none none none solid;border-left-color:rgb(204,204,204);border-left-width:1pt;padding:0mm 0mm 0mm 6pt;margin:5pt 0mm 5pt 4.8pt" type="cite"><div><div><div class="h5"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">I would expect a fair number of ccTLDs where it could be an issue as well.<u></u><u></u></span></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Andrei:  What about ccTLDs in other Cyrillic script communities?  Have they taken the same precautions as .ru?<u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">D<u></u><u></u></span></div></div></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div><div><blockquote style="margin-top:5pt;margin-bottom:5pt" type="cite"><div><div class="h5"><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">On 26/04/2017, at 9:40 PM, Dr. AJAY D A T A &lt;<a href="mailto:ajay@data.in" style="color:purple;text-decoration:underline" target="_blank">ajay@data.in</a>&gt; wrote:<u></u><u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div></div></div><div><div><div><div class="h5"><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Exactly Andrie. Thank you for confirming the same. <br><br>I confirmed with .pyc registry (we enabled EAI on почта.рус) also and they are not allowed (as per agreement) to use any other script other than Cyrillic. <u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"> <u></u><u></u></span></div></div><div><p class="MsoNormal" style="margin:0mm 0mm 12pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">So basically it looks like .com problem. Any other examples other than .com ?  It narrows down the problem to solve. <br><br>Thanks. <u></u><u></u></span></p></div><div id="m_-7759855091234965469m_-8972866712172944214mySignature"><div><div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><strong><span lang="DE" style="font-size:8.5pt;font-family:Tahoma,sans-serif;color:rgb(51,51,153)">Dr. Ajay DATA</span></strong><span lang="DE" style="font-size:8.5pt;font-family:Tahoma,sans-serif;color:rgb(51,51,153)"><span class="m_-7759855091234965469Apple-converted-space"> </span><strong><span style="font-family:Tahoma,sans-serif"> | Founder &amp; CEO </span></strong></span><span lang="DE"><u></u><u></u></span></div></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:10pt">Get email id like<span class="m_-7759855091234965469Apple-converted-space"> </span></span><strong><span lang="DE" style="font-size:7.5pt;font-family:Kokila"><a href="mailto:%E0%A4%85%E0%A4%9C%E0%A4%AF@xn--c2bd1gb.xn--h2brj9c" style="color:purple;text-decoration:underline" target="_blank"><span style="font-family:&#39;Nirmala UI&#39;,sans-serif;font-weight:normal">अजय</span><span style="font-family:&#39;Times New Roman&#39;,serif;font-weight:normal">@</span><span style="font-family:&#39;Nirmala UI&#39;,sans-serif;font-weight:normal">डाटा</span><span style="font-family:&#39;Times New Roman&#39;,serif;font-weight:normal">.</span><span style="font-family:&#39;Nirmala UI&#39;,sans-serif;font-weight:normal">भारत</span></a></span></strong><span lang="DE" style="font-size:10pt"> in your own language,<br>visit <a href="http://www.xgenplus.com/" style="color:purple;text-decoration:underline" target="_blank"><span style="font-size:7.5pt">www.xgenplus.com</span></a> </span><span lang="DE"><u></u><u></u></span></div></div></div><div id="m_-7759855091234965469m_-8972866712172944214__hggasdgjhsagd_once"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"> <u></u><u></u></span></div></div></div><div class="MsoNormal" align="center" style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif;text-align:center"><span lang="DE"><hr size="2" width="100%" align="center"></span></div><p class="MsoNormal" style="margin:0mm 0mm 12pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><strong><span lang="DE">From:</span></strong><span lang="DE"><span class="m_-7759855091234965469Apple-converted-space"> </span>Andrei Kolesnikov &lt;<a href="mailto:andrei@rol.ru" style="color:purple;text-decoration:underline" target="_blank">andrei@rol.ru</a>&gt;  </span><span lang="DE" style="font-size:7.5pt;font-family:Verdana,sans-serif">MailId : [68484721]</span><span lang="DE"><br><strong>To:</strong><span class="m_-7759855091234965469Apple-converted-space"> </span>Don Hollander &lt;<a href="mailto:don.hollander@icann.org" style="color:purple;text-decoration:underline" target="_blank">don.hollander@icann.org</a>&gt;<br><strong>Cc:</strong><span class="m_-7759855091234965469Apple-converted-space"> </span>&quot;Dr. AJAY D A T A&quot; &lt;<a href="mailto:ajay@data.in" style="color:purple;text-decoration:underline" target="_blank">ajay@data.in</a>&gt;,tan tanakadennis via ua-discuss &lt;<a href="mailto:ua-discuss@icann.org" style="color:purple;text-decoration:underline" target="_blank">ua-discuss@icann.org</a>&gt;<br><strong>Subject:<span class="m_-7759855091234965469Apple-converted-space"> </span></strong>Re: [UA-discuss] UASG Response to WordFence IDN Phishing concerns<br><strong>Date:</strong><span class="m_-7759855091234965469Apple-converted-space"> </span>26 Apr 2017 02:16:05 PM<span class="m_-7759855091234965469Apple-converted-space"> </span><u></u><u></u></span></p></div></div><div><div><div><div class="h5"><div><div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Don,<span class="m_-7759855091234965469Apple-converted-space"> </span><br>there is no such thing as IDN at .RU - only ascii allowed - we understood the problem long time ago due to similarity of many Cyrillic letters with Latin.<span class="m_-7759855091234965469Apple-converted-space"> </span><u></u><u></u></span></div></div><p class="MsoNormal" style="margin:0mm 0mm 12pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">In IDN .РФ in Russia only Cyrillic allowed.<span class="m_-7759855091234965469Apple-converted-space"> </span><br>This definitely must be the rule for registries. Or some kind of immediate mitigation service to bring down dangerous domains.<span class="m_-7759855091234965469Apple-converted-space"> </span><u></u><u></u></span></p></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">--andrei<u></u><u></u></span></div></div></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div><div><div><div class="h5"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">2017-04-26 11:34 GMT+03:00 Don Hollander &lt;<a href="mailto:don.hollander@icann.org" style="color:purple;text-decoration:underline" target="_blank">don.hollander@icann.org</a>&gt;:<u></u><u></u></span></div></div></div><blockquote style="border-style:none none none solid;border-left-color:rgb(204,204,204);border-left-width:1pt;padding:0mm 0mm 0mm 6pt;margin:5pt 0mm 5pt 4.8pt" type="cite"><div><div><div class="h5"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Hi Andrei:<span class="m_-7759855091234965469Apple-converted-space"> </span><u></u><u></u></span></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"> <u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">What about at the ccTLD?  <a href="http://idn.ru/" style="color:purple;text-decoration:underline" target="_blank">idn.ru</a>?   Does .ru also allow ASCII?<span class="m_-7759855091234965469Apple-converted-space"> </span><u></u><u></u></span></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"> <u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Does the .ru registry, for example, do anything to address homoglyphs between ascii and cyrillic?<u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"> <u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">D<u></u><u></u></span></div></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"> <u></u><u></u></span></div></div></div></div><div><blockquote style="margin-top:5pt;margin-bottom:5pt" type="cite"><div><div class="h5"><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">On 26/04/2017, at 8:30 PM, Andrei Kolesnikov &lt;<a href="mailto:andrei@rol.ru" style="color:purple;text-decoration:underline" target="_blank">andrei@rol.ru</a>&gt; wrote:<u></u><u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div></div></div><div><div><div class="h5"><div><div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">most use of idn.ascii gTLD as far as I know is .com for example<span class="m_-7759855091234965469Apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__xn-2D-2Dh1akeme.com_&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=Aumtm9oLaw_1FAQZ4MvKpmNHj3khbV5zlM_VGiARFFQ&amp;e=" style="color:purple;text-decoration:underline" target="_blank">http://путин.com/[xn--<wbr>h1akeme.com]</a><u></u><u></u></span></div></div><p class="MsoNormal" style="margin:0mm 0mm 12pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Basically most of the confusing cases discussed above are from .com<u></u><u></u></span></p></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">--andrei<u></u><u></u></span></div></div></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div><div><div><div class="h5"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">2017-04-26 10:35 GMT+03:00 Dr. AJAY D A T A &lt;<a href="mailto:ajay@data.in" style="color:purple;text-decoration:underline" target="_blank">ajay@data.in</a>&gt;:<u></u><u></u></span></div></div></div><blockquote style="border-style:none none none solid;border-left-color:rgb(204,204,204);border-left-width:1pt;padding:0mm 0mm 0mm 6pt;margin:5pt 0mm 5pt 4.8pt" type="cite"><div><div><div class="h5"><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Hello Don, <br><br>Which all registries are allowed to register mix of scripts domain while registering an IDN. I checked .pyc (Cyrillic) and .</span><span lang="DE" style="font-family:&#39;Nirmala UI&#39;,sans-serif">भारत</span><span lang="DE"><span class="m_-7759855091234965469Apple-converted-space"> </span>(Devanagiri) do not allow mix of scripts.  I think we address those registries through ICANN by modifying the registry agreement, major problem can be solved. <br><br>Thanks. <u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"> <u></u><u></u></span></div></div><div id="m_-7759855091234965469m_-8972866712172944214m_4576729271658896846m_8042960321159864960mySignature1"><div><div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><strong><span lang="DE" style="font-size:8.5pt;font-family:Tahoma,sans-serif;color:rgb(51,51,153)">Dr. Ajay DATA</span></strong><span lang="DE" style="font-size:8.5pt;font-family:Tahoma,sans-serif;color:rgb(51,51,153)"><span class="m_-7759855091234965469Apple-converted-space"> </span><strong><span style="font-family:Tahoma,sans-serif"> | Founder &amp; CEO </span></strong></span><span lang="DE"><u></u><u></u></span></div></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:10pt">Get email id like<span class="m_-7759855091234965469Apple-converted-space"> </span></span><strong><span lang="DE" style="font-size:7.5pt;font-family:Kokila"><a href="mailto:%E0%A4%85%E0%A4%9C%E0%A4%AF@xn--c2bd1gb.xn--h2brj9c" style="color:purple;text-decoration:underline" target="_blank"><span style="font-family:&#39;Nirmala UI&#39;,sans-serif;font-weight:normal">अजय</span><span style="font-family:&#39;Times New Roman&#39;,serif;font-weight:normal">@</span><span style="font-family:&#39;Nirmala UI&#39;,sans-serif;font-weight:normal">डाटा</span><span style="font-family:&#39;Times New Roman&#39;,serif;font-weight:normal">.</span><span style="font-family:&#39;Nirmala UI&#39;,sans-serif;font-weight:normal">भारत</span></a></span></strong><span lang="DE" style="font-size:10pt"> in your own language,<br>visit <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.xgenplus.com_&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=-y6ACRLtO7BC6nXjQGKJQgFQOCdSIe6PZqjZMKRTGXc&amp;e=" style="color:purple;text-decoration:underline" target="_blank"><span style="font-size:7.5pt">www.xgenplus.com[<wbr>xgenplus.com]</span></a> </span><span lang="DE"><u></u><u></u></span></div></div></div><div id="m_-7759855091234965469m_-8972866712172944214m_4576729271658896846m_8042960321159864960__hggasdgjhsagd_once"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"> <u></u><u></u></span></div></div></div><div class="MsoNormal" align="center" style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif;text-align:center"><span lang="DE"><hr size="2" width="100%" align="center"></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><strong><span lang="DE">From:</span></strong><span lang="DE"><span class="m_-7759855091234965469Apple-converted-space"> </span>&quot;Tan Tanaka,Dennis via UA-discuss&quot; &lt;<a href="mailto:ua-discuss@icann.org" style="color:purple;text-decoration:underline" target="_blank">ua-discuss@icann.org</a>&gt;  </span><span lang="DE" style="font-size:7.5pt;font-family:Verdana,sans-serif">MailId : [68456683]</span><span lang="DE"><br><strong>To:</strong><span class="m_-7759855091234965469Apple-converted-space"> </span>Don Hollander &lt;<a href="mailto:don.hollander@icann.org" style="color:purple;text-decoration:underline" target="_blank">don.hollander@icann.org</a>&gt;,&quot;<a href="mailto:ua-discuss@icann.org" style="color:purple;text-decoration:underline" target="_blank">ua-<wbr>discuss@icann.org</a>&quot; &lt;<a href="mailto:ua-discuss@icann.org" style="color:purple;text-decoration:underline" target="_blank">ua-discuss@icann.org</a>&gt;<br><strong>Subject:<span class="m_-7759855091234965469Apple-converted-space"> </span></strong>Re: [UA-discuss] UASG Response to WordFence IDN Phishing concerns<br><strong>Date:</strong><span class="m_-7759855091234965469Apple-converted-space"> </span>25 Apr 2017 06:28:22 PM<span class="m_-7759855091234965469Apple-converted-space"> </span><u></u><u></u></span></div><div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt">Don, my comments enclosed</span><span lang="DE"><u></u><u></u></span></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt">Thanks</span><span lang="DE"><u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt">-Dennis</span><span lang="DE"><u></u><u></u></span></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="border-style:solid none none;border-top-color:rgb(181,196,223);border-top-width:1pt;padding:3pt 0mm 0mm"><div style="margin:0mm 0mm 0.0001pt 36pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><strong><span lang="DE">From:<span class="m_-7759855091234965469Apple-converted-space"> </span></span></strong><span lang="DE">&lt;<a href="mailto:ua-discuss-bounces@icann.org" style="color:purple;text-decoration:underline" target="_blank">ua-discuss-bounces@<wbr>icann.org</a>&gt; on behalf of Don Hollander &lt;<a href="mailto:don.hollander@icann.org" style="color:purple;text-decoration:underline" target="_blank">don.hollander@icann.org</a>&gt;<br><strong>Date:<span class="m_-7759855091234965469Apple-converted-space"> </span></strong>Monday, April 24, 2017 at 5:40 PM<br><strong>To:<span class="m_-7759855091234965469Apple-converted-space"> </span></strong>&quot;<a href="mailto:UA-discuss@icann.org" style="color:purple;text-decoration:underline" target="_blank">UA-discuss@icann.org</a>&quot; &lt;<a href="mailto:ua-discuss@icann.org" style="color:purple;text-decoration:underline" target="_blank">ua-discuss@icann.org</a>&gt;<br><strong>Subject:<span class="m_-7759855091234965469Apple-converted-space"> </span></strong>[EXTERNAL] [UA-discuss] UASG Response to WordFence IDN Phishing concerns<u></u><u></u></span></div></div><div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"> <u></u><u></u></span></div></div></div><div style="margin:0mm 0mm 0.0001pt 36pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt">Further to recent discussion on this list, we have drafted a document that we plan on posting as a Blog Post to the UASG Web site that can be referenced by others.</span><span lang="DE"><u></u><u></u></span></div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt 36pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt">We want to get feedback from the community on this document by Thursday UTC.</span><span lang="DE"><u></u><u></u></span></div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt 36pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt">So, here it is – pasted below and as a word document in case you want to enable tracking and make amendments.   If you have comments or suggestions, please share them to this group.</span><span lang="DE"><u></u><u></u></span></div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt 36pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt">Don</span><span lang="DE"><u></u><u></u></span></div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt 36pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><strong><span lang="DE" style="font-size:11pt">IDNs and Phishing: What You Need to Know</span></strong><span lang="DE"><u></u><u></u></span></div><div style="margin:0mm 0mm 0.0001pt 36pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt">By TBD at UASG<span class="m_-7759855091234965469Apple-converted-space"> </span></span><span lang="DE"><u></u><u></u></span></div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt 36pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_resources_pages_idn-2D2012-2D02-2D25-2Den&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=JGHMSOqc_3GaqYY6Sf8m9MBfj3dj9vTRIsoi3E_9KRc&amp;e=" style="color:purple;text-decoration:underline" target="_blank">Internationalized Domain Names[icann.org]</a><span class="m_-7759855091234965469Apple-converted-space"> </span>(IDNs) are growing in popularity, a testament to their role in the expansion of the global Internet and the value they provide in connecting non-English speakers to the Web. However, you may have noticed a renewed focus over the past week of a script mixing technique that phishing scammers could potentially use to trick Internet users into visiting malicious websites. This phishing method takes advantage of the fact that characters from various languages and scripts are sometimes visually similar to each other. For example, the Cyrillic “</span><span lang="RU" style="font-size:11pt">а</span><span lang="DE" style="font-size:11pt">” and the<span class="m_-7759855091234965469Apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_ASCII&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=yfwSeTzAiHcLTq4jEae3TOx116_t2m_mn8vT4UOo7Go&amp;e=" style="color:purple;text-decoration:underline" target="_blank">ASCII[en.wikipedia.org]</a><span class="m_-7759855091234965469Apple-converted-space"> </span>“<wbr>a” look virtually identical. This technique is known as a homograph attack. <span class="m_-7759855091234965469Apple-converted-space"> </span></span><span lang="DE"><u></u><u></u></span></div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt 36pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt">Homographic phishing efforts associated with IDNs are not new. In fact, they date back to the early 2000s. Registries have since implemented policies that preclude mixing scripts<sup>[1]</sup><span class="m_-7759855091234965469Apple-converted-space"> </span>within a domain name label.</span><span lang="DE"><u></u><u></u></span></div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt 36pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt">While this issue should be taken seriously and serves as an important reminder of consumer safety, various IDN and anti-abuse groups are actively working to mitigate potential threats, and there are already certain browser-set protections in place. In the meantime, Internet users should practice the same basic security hygiene that is always recommended: avoid clicking suspicious links, and use a good password manager that will only enter login credentials on trusted sites.<span class="m_-7759855091234965469Apple-converted-space"> </span></span><span lang="DE"><u></u><u></u></span></div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt 36pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt">Equally important is to recognize the benefits of IDNs and avoid disabling them, which could lead to an unpredictable user experience and eventually a decrease in adoption. IDNs are essential in bringing non-English speakers – the majority of the world’s population – online, and allowing those users to create their own highly relevant online identities as well as navigate the Internet in their native languages. In addition to the social and cultural benefits of IDNs, they also represent a significant economic opportunity; a recent<span class="m_-7759855091234965469Apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__uasg.tech_whitepaper_&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=VMxJkqVb1W-ZyIEhQREIQRg3LsygAashMrgpllm7Qs4&amp;e=" style="color:purple;text-decoration:underline" target="_blank">report[uasg.tech]</a>commis<wbr>sioned by the Universal Acceptance Steering Group (UASG) found that online spending from new IDN users could start at USD 6.2 billion per year. <span class="m_-7759855091234965469Apple-converted-space"> </span></span><span lang="DE"><u></u><u></u></span></div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt 36pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt">The UASG’s mission is to help software developers and website owners keep pace with the evolving Domain Name System (DNS) – and this includes issues around the adoption and acceptance of IDNs. If you’d like to get involved in helping work toward a solution to this and other IDN-related issues, please visit<span class="m_-7759855091234965469Apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__uasg.tech_&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=fHMruCNtXCtlHyAJqUQ0xMY3bJLSKhk8h77uH_2ctvk&amp;e=" style="color:purple;text-decoration:underline" target="_blank">https://uasg.tech/[uasg.<wbr>tech]</a><span class="m_-7759855091234965469Apple-converted-space"> </span>or<span class="m_-7759855091234965469Apple-converted-space"> </span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__uasg.tech_contact_&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=YqvahA1bKLAZn3Ywt6hgEEjSlYv9iV1zX3u3qDUzvXE&amp;e=" style="color:purple;text-decoration:underline" target="_blank">get in touch[uasg.tech]</a><span class="m_-7759855091234965469Apple-converted-space"> </span>to learn more.<span class="m_-7759855091234965469Apple-converted-space"> </span></span><span lang="DE"><u></u><u></u></span></div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div style="margin-left:36pt"><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:11pt"> </span><span lang="DE"><u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt 36pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><br clear="all"><u></u><u></u></span></div><div style="margin-left:36pt"><div><div class="MsoNormal" style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><hr size="1" width="33%" align="left"></span></div></div></div></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><br clear="all"><u></u><u></u></span></div><div><div class="MsoNormal" style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><hr size="1" width="33%" align="left"></span></div></div><div id="m_-7759855091234965469m_-8972866712172944214m_4576729271658896846m_8042960321159864960ftn1"><p class="m_-7759855091234965469m-8972866712172944214m4576729271658896846m8042960321159864960msofootnotetext" style="margin-right:0mm;margin-left:0mm;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><a name="m_-7759855091234965469_m_-8972866712172944214_m_457672927165889"></a><span class="m_-7759855091234965469m-8972866712172944214m4576729271658896846m8042960321159864960msofootnotereference"><span lang="DE">[1]</span></span><span lang="DE"><span class="m_-7759855091234965469Apple-converted-space"> </span></span><span lang="EN-SG">Exceptions are practiced for languages with established orthographies and conventions that require the commingled use of multiple scripts, e.g. the Japanese writing system.</span><span lang="DE"><u></u><u></u></span></p></div></div></div></div></div></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="font-size:7.5pt;font-family:Arial,sans-serif;color:white">Do not Remove:<br>[HID]20170425182821379[-HID]</span><span lang="DE" style="border:1pt solid windowtext;padding:0mm"><span id="m_-7759855091234965469cid:~WRD039.jpg">&lt;~<wbr>WRD039.jpg&gt;</span></span><span lang="DE"><span class="m_-7759855091234965469Apple-converted-space"> </span><span style="border:1pt solid windowtext;padding:0mm"><span id="m_-7759855091234965469cid:~WRD039.jpg">&lt;~WRD039.jpg&gt;</span></span><u></u><u></u></span></div></div></blockquote></div><span class=""><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><br><br clear="all"><span style="color:rgb(136,136,136)"><br><span class="m_-7759855091234965469m-8972866712172944214hoenzb">--<span class="m_-7759855091234965469Apple-converted-space"> </span></span></span><u></u><u></u></span></div><div><div><div><div><div><div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Andrey Kolesnikov<u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__RIPN.NET&amp;d=DwMFaQ&amp;c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&amp;r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&amp;m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&amp;s=bzXSVwk1DZEFet4B2d2K-x7-PI4e37O64WojUXqaNCM&amp;e=" style="color:purple;text-decoration:underline" target="_blank">RIPN.NET[RIPN.NET]</a><u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"> <u></u><u></u></span></div></div></div></div></div></div></div></div></span></div></div></blockquote></div><span class=""><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div><div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Don Hollander<span class="m_-7759855091234965469Apple-converted-space"> </span><u></u><u></u></span></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Universal Acceptance Steering Group<u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Skype: don_hollander<u></u><u></u></span></div></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"> <u></u><u></u></span></div></div></div></span></div></blockquote></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><br><br clear="all"><br>--<span class="m_-7759855091234965469Apple-converted-space"> </span><u></u><u></u></span></div><div><div><div><div><div><div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Andrey Kolesnikov<u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><a href="http://ripn.net/" style="color:purple;text-decoration:underline" target="_blank">RIPN.NET</a><u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"> <u></u><u></u></span></div></div></div></div></div></div></div></div></div></div></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE" style="border:1pt solid windowtext;padding:0mm"><span id="m_-7759855091234965469cid:~WRD039.jpg">&lt;~WRD039.jpg&gt;</span><span id="m_-7759855091234965469cid:~WRD039.jpg">&lt;~WRD039.jpg&gt;</span></span><span lang="DE"><u></u><u></u></span></div></div></div></blockquote></div><span class=""><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div><div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Don Hollander<u></u><u></u></span></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Universal Acceptance Steering Group<u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Skype: don_hollander<u></u><u></u></span></div></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div></span></div></div></blockquote></div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><br><br clear="all"><span class="HOEnZb"><font color="#888888"><br>--<span class="m_-7759855091234965469Apple-converted-space"> </span><u></u><u></u></font></span></span></div><span class="HOEnZb"><font color="#888888"><div><div><div><div><div><div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE">Andrey Kolesnikov<u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><a href="http://ripn.net/" style="color:purple;text-decoration:underline" target="_blank">RIPN.NET</a><u></u><u></u></span></div></div><div><div style="margin:0mm 0mm 0.0001pt;font-size:12pt;font-family:&#39;Times New Roman&#39;,serif"><span lang="DE"><u></u> <u></u></span></div></div></div></div></div></div></div></div></font></span></div></div></div></div></blockquote></div><br></div></div></div></blockquote></div><br></div>