<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=utf-8"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:"Nirmala UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
p.m4576729271658896846m8042960321159864960msofootnotetext, li.m4576729271658896846m8042960321159864960msofootnotetext, div.m4576729271658896846m8042960321159864960msofootnotetext
{mso-style-name:m_4576729271658896846m_8042960321159864960msofootnotetext;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman",serif;}
span.m4576729271658896846m8042960321159864960msofootnotereference
{mso-style-name:m_4576729271658896846m_8042960321159864960msofootnotereference;}
span.hoenzb
{mso-style-name:hoenzb;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Dear all,<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>To properly address and explain this problem. The nature of this attacks on a global level suggest that they will be done through most used gTLDs (old and new) who allows different scripts, which is by far> .com.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>For local level it can be done under ccTLDs and geoTLDs who allows different script.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Now, the real picture, Don, is that we have a lot of registries who mix scripts in the table.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>You can look at IANA tables and see what is there. One example is .SU which allows all Cyrillic scripts from ex-Soviet Union (USSR).<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Then, there are ccTLDs like .PL, mixing the whole Unicode for years. I can understand why some ccTLDs allow that: in countries, there are a lot of minorities, so excluding their script from the table of national ccTLDs is not politically correct. To know if those cc’s allows usage of different (or even mixing) scripts and the attack can be created, we need to check local rules – and they are NOT something that ICANN is aware off, or something that ICANN can easily change. Even rules for the root zone, which are mentioned during this discussion, for the cc’s they will be presented in the form of recommendation. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Some countries like Bulgaria and Greece, have IDN and ASCII under the same table and they have national laws on their usage. <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>But, even in countries like Croatia and Romania, usage of their own Latin script can produce some of homographic attack. Like> coca-cola.hr and co</span><span lang=SR-LATN-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>ča-cola.hr (confusion). Homographic attack is not a problem only in usage of different script under one TLD – they can be done under one, f.e. Latin, script also.<o:p></o:p></span></p><p class=MsoNormal><span lang=SR-LATN-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Andrei suggested one way to address problem, but it can’t be the rule, because of political and other logical questions inside the countries. It’s in the ruleset of every single registry – who allows mixing script or not.<o:p></o:p></span></p><p class=MsoNormal><span lang=SR-LATN-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>You can have 20 different scripts in table, if you strictly avoid mixing, you are ok – and cross script homographic attack are not possible. <o:p></o:p></span></p><p class=MsoNormal><span lang=SR-LATN-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>But, single script attacks are staying possible, such as IBM.</span><span lang=SR-CYRL-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>рф </span><span lang=SR-LATN-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>or </span><span lang=SR-CYRL-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>саре.рф.<o:p></o:p></span></p><p class=MsoNormal><span lang=SR-LATN-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>If you want to change agreement with cc’s, in order to address their rules for registration, is not going to be easy task for ICANN, because of the nature of agreements. Some of them are just in the form of „exchange of letters“ and zou know which level of agreement is that. <o:p></o:p></span></p><p class=MsoNormal><span lang=SR-LATN-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> <o:p></o:p></span></p><p class=MsoNormal><span lang=SR-LATN-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Regards,<o:p></o:p></span></p><p class=MsoNormal><span lang=SR-LATN-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'>Dusan<o:p></o:p></span></p><p class=MsoNormal><span lang=SR-LATN-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=SR-LATN-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span lang=SR-LATN-RS style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'> </span><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri",sans-serif;color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'>From:</span></b><span style='font-size:11.0pt;font-family:"Calibri",sans-serif'> ua-discuss-bounces@icann.org [mailto:ua-discuss-bounces@icann.org] <b>On Behalf Of </b>Andrei Kolesnikov<br><b>Sent:</b> Wednesday, April 26, 2017 10:46 AM<br><b>To:</b> Don Hollander <don.hollander@icann.org><br><b>Cc:</b> Dr. AJAY D A T A <ajay@data.in>; `tan tanakadennis via ua-discuss` <ua-discuss@icann.org><br><b>Subject:</b> Re: [UA-discuss] UASG Response to WordFence IDN Phishing concerns<o:p></o:p></span></p><p class=MsoNormal><o:p> </o:p></p><div><div><div><p class=MsoNormal>Don, <br>there is no such thing as IDN at .RU - only ascii allowed - we understood the problem long time ago due to similarity of many Cyrillic letters with Latin. <o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'>In IDN .РФ in Russia only Cyrillic allowed. <br>This definitely must be the rule for registries. Or some kind of immediate mitigation service to bring down dangerous domains. <o:p></o:p></p></div><p class=MsoNormal>--andrei<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>2017-04-26 11:34 GMT+03:00 Don Hollander <<a href="mailto:don.hollander@icann.org" target="_blank">don.hollander@icann.org</a>>:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><div><p class=MsoNormal>Hi Andrei:<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>What about at the ccTLD? <a href="http://idn.ru/" target="_blank">idn.ru</a>? Does .ru also allow ASCII?<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Does the .ru registry, for example, do anything to address homoglyphs between ascii and cyrillic?<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>D<o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><blockquote style='margin-top:5.0pt;margin-bottom:5.0pt'><div><p class=MsoNormal>On 26/04/2017, at 8:30 PM, Andrei Kolesnikov <<a href="mailto:andrei@rol.ru" target="_blank">andrei@rol.ru</a>> wrote:<o:p></o:p></p></div><p class=MsoNormal><o:p> </o:p></p><div><div><div><div><p class=MsoNormal>most use of idn.ascii gTLD as far as I know is .com for example <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__xn-2D-2Dh1akeme.com_&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&s=Aumtm9oLaw_1FAQZ4MvKpmNHj3khbV5zlM_VGiARFFQ&e=" target="_blank">http://путин.com/[xn--h1akeme.com]</a><o:p></o:p></p></div><p class=MsoNormal style='margin-bottom:12.0pt'>Basically most of the confusing cases discussed above are from .com<o:p></o:p></p></div><p class=MsoNormal>--andrei<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal>2017-04-26 10:35 GMT+03:00 Dr. AJAY D A T A <<a href="mailto:ajay@data.in" target="_blank">ajay@data.in</a>>:<o:p></o:p></p><blockquote style='border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-right:0cm'><div><div><p class=MsoNormal>Hello Don, <br><br>Which all registries are allowed to register mix of scripts domain while registering an IDN. I checked .pyc (Cyrillic) and .<span style='font-family:"Nirmala UI",sans-serif'>भारत</span> (Devanagiri) do not allow mix of scripts. I think we address those registries through ICANN by modifying the registry agreement, major problem can be solved. <br><br>Thanks. <o:p></o:p></p></div><div><p class=MsoNormal> <o:p></o:p></p></div><div id="m_4576729271658896846m_8042960321159864960mySignature"><div><div><div><p class=MsoNormal><strong><span style='font-size:8.5pt;font-family:"Tahoma",sans-serif;color:#333399'>Dr. Ajay DATA</span></strong><span style='font-size:8.5pt;font-family:"Tahoma",sans-serif;color:#333399'> <strong><span style='font-family:"Tahoma",sans-serif'> | Founder & CEO </span></strong></span><o:p></o:p></p></div></div><div><p class=MsoNormal><span style='font-size:10.0pt'>Get email id like </span><strong><span style='font-size:7.5pt;font-family:"Nirmala UI",sans-serif'><a href="mailto:अजय@डाटा.भारत"><span style='font-weight:normal'>अजय</span><span style='font-family:"Times New Roman",serif;font-weight:normal'>@</span><span style='font-weight:normal'>डाटा</span><span style='font-family:"Times New Roman",serif;font-weight:normal'>.</span><span style='font-weight:normal'>भारत</span></a></span></strong><span style='font-size:10.0pt'> in your own language,<br>visit <a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__www.xgenplus.com_&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&s=-y6ACRLtO7BC6nXjQGKJQgFQOCdSIe6PZqjZMKRTGXc&e=" target="_blank"><span style='font-size:7.5pt'>www.xgenplus.com[xgenplus.com]</span></a> </span><o:p></o:p></p></div></div><div id="m_4576729271658896846m_8042960321159864960__hggasdgjhsagd_once"><p class=MsoNormal> <o:p></o:p></p></div></div><div class=MsoNormal align=center style='text-align:center'><hr size=2 width="100%" align=center></div><p class=MsoNormal><strong>From:</strong> "Tan Tanaka,Dennis via UA-discuss" <<a href="mailto:ua-discuss@icann.org" target="_blank">ua-discuss@icann.org</a>> <span style='font-size:7.5pt;font-family:"Verdana",sans-serif'>MailId : [68456683]</span><br><strong>To:</strong> Don Hollander <<a href="mailto:don.hollander@icann.org" target="_blank">don.hollander@icann.org</a>>,"<a href="mailto:ua-discuss@icann.org" target="_blank">ua-discuss@icann.org</a>" <<a href="mailto:ua-discuss@icann.org" target="_blank">ua-discuss@icann.org</a>><br><strong>Subject: </strong>Re: [UA-discuss] UASG Response to WordFence IDN Phishing concerns<br><strong>Date:</strong> 25 Apr 2017 06:28:22 PM <o:p></o:p></p><div><div><p class=MsoNormal><o:p> </o:p></p><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt'>Don, my comments enclosed</span><o:p></o:p></p><div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt'>Thanks</span><o:p></o:p></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto'><span style='font-size:11.0pt'>-Dennis</span><o:p></o:p></p><div><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm'><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt'><strong>From: </strong><<a href="mailto:ua-discuss-bounces@icann.org" target="_blank">ua-discuss-bounces@icann.org</a>> on behalf of Don Hollander <<a href="mailto:don.hollander@icann.org" target="_blank">don.hollander@icann.org</a>><br><strong>Date: </strong>Monday, April 24, 2017 at 5:40 PM<br><strong>To: </strong>"<a href="mailto:UA-discuss@icann.org" target="_blank">UA-discuss@icann.org</a>" <<a href="mailto:ua-discuss@icann.org" target="_blank">ua-discuss@icann.org</a>><br><strong>Subject: </strong>[EXTERNAL] [UA-discuss] UASG Response to WordFence IDN Phishing concerns<o:p></o:p></p></div><div><div style='margin-left:36.0pt'><p class=MsoNormal> <o:p></o:p></p></div></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt'><span style='font-size:11.0pt'>Further to recent discussion on this list, we have drafted a document that we plan on posting as a Blog Post to the UASG Web site that can be referenced by others.</span><o:p></o:p></p><div style='margin-left:36.0pt'><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt'><span style='font-size:11.0pt'>We want to get feedback from the community on this document by Thursday UTC.</span><o:p></o:p></p><div style='margin-left:36.0pt'><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt'><span style='font-size:11.0pt'>So, here it is – pasted below and as a word document in case you want to enable tracking and make amendments. If you have comments or suggestions, please share them to this group.</span><o:p></o:p></p><div style='margin-left:36.0pt'><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt'><span style='font-size:11.0pt'>Don</span><o:p></o:p></p><div style='margin-left:36.0pt'><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><div style='margin-left:36.0pt'><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><div style='margin-left:36.0pt'><p class=MsoNormal><span style='font-size:11.0pt'> </span><o:p></o:p></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt'><a name="m_4576729271658896846_m_8042960321159864"><strong><span style='font-size:11.0pt'>IDNs and Phishing: What You Need to Know</span></strong><o:p></o:p></a></p><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt'><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'>By TBD at UASG </span><o:p></o:p></span></p><div style='margin-left:36.0pt'><p class=MsoNormal><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'> </span><o:p></o:p></span></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt'><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'></span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__www.icann.org_resources_pages_idn-2D2012-2D02-2D25-2Den&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&s=JGHMSOqc_3GaqYY6Sf8m9MBfj3dj9vTRIsoi3E_9KRc&e=" target="_blank"><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'>Internationalized Domain Names[icann.org]</span></span><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'></span></a><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'> (IDNs) are growing in popularity, a testament to their role in the expansion of the global Internet and the value they provide in connecting non-English speakers to the Web. However, you may have noticed a renewed focus over the past week of a script mixing technique that phishing scammers could potentially use to trick Internet users into visiting malicious websites. This phishing method takes advantage of the fact that characters from various languages and scripts are sometimes visually similar to each other. For example, the Cyrillic “</span></span><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span lang=RU style='font-size:11.0pt'>а</span></span><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'>” and the </span></span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__en.wikipedia.org_wiki_ASCII&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&s=yfwSeTzAiHcLTq4jEae3TOx116_t2m_mn8vT4UOo7Go&e=" target="_blank"><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'>ASCII[en.wikipedia.org]</span></span><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'></span></a><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'> “a” look virtually identical. This technique is known as a homograph attack. </span><o:p></o:p></span></p><div style='margin-left:36.0pt'><p class=MsoNormal><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'> </span><o:p></o:p></span></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt'><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'>Homographic phishing efforts associated with IDNs are not new. In fact, they date back to the early 2000s. Registries have since implemented policies that preclude mixing scripts<sup>[1]</sup> within a domain name label.</span><o:p></o:p></span></p><div style='margin-left:36.0pt'><p class=MsoNormal><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'> </span><o:p></o:p></span></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt'><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'>While this issue should be taken seriously and serves as an important reminder of consumer safety, various IDN and anti-abuse groups are actively working to mitigate potential threats, and there are already certain browser-set protections in place. In the meantime, Internet users should practice the same basic security hygiene that is always recommended: avoid clicking suspicious links, and use a good password manager that will only enter login credentials on trusted sites. </span><o:p></o:p></span></p><div style='margin-left:36.0pt'><p class=MsoNormal><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'> </span><o:p></o:p></span></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt'><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'>Equally important is to recognize the benefits of IDNs and avoid disabling them, which could lead to an unpredictable user experience and eventually a decrease in adoption. IDNs are essential in bringing non-English speakers – the majority of the world’s population – online, and allowing those users to create their own highly relevant online identities as well as navigate the Internet in their native languages. In addition to the social and cultural benefits of IDNs, they also represent a significant economic opportunity; a recent </span></span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__uasg.tech_whitepaper_&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&s=VMxJkqVb1W-ZyIEhQREIQRg3LsygAashMrgpllm7Qs4&e=" target="_blank"><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'>report[uasg.tech]</span></span><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'></span></a><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'> commissioned by the Universal Acceptance Steering Group (UASG) found that online spending from new IDN users could start at USD 6.2 billion per year. </span><o:p></o:p></span></p><div style='margin-left:36.0pt'><p class=MsoNormal><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'> </span><o:p></o:p></span></p></div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt'><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'>The UASG’s mission is to help software developers and website owners keep pace with the evolving Domain Name System (DNS) – and this includes issues around the adoption and acceptance of IDNs. If you’d like to get involved in helping work toward a solution to this and other IDN-related issues, please visit </span></span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__uasg.tech_&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&s=fHMruCNtXCtlHyAJqUQ0xMY3bJLSKhk8h77uH_2ctvk&e=" target="_blank"><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'>https://uasg.tech/[uasg.tech]</span></span><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'></span></a><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'> or </span></span><a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__uasg.tech_contact_&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&s=YqvahA1bKLAZn3Ywt6hgEEjSlYv9iV1zX3u3qDUzvXE&e=" target="_blank"><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'>get in touch[uasg.tech]</span></span><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'></span></a><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'> to learn more. </span><o:p></o:p></span></p><div style='margin-left:36.0pt'><p class=MsoNormal><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'> </span><o:p></o:p></span></p></div><div style='margin-left:36.0pt'><p class=MsoNormal><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span style='font-size:11.0pt'> </span><o:p></o:p></span></p></div><div><p class=MsoNormal style='mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:36.0pt'><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><br clear=all><o:p></o:p></span></p><div style='margin-left:36.0pt'><div class=MsoNormal><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><hr size=1 width="33%" align=left></span></div></div></div></div><div><p class=MsoNormal><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><br clear=all><o:p></o:p></span></p><div class=MsoNormal><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><hr size=1 width="33%" align=left></span></div><div id="m_4576729271658896846m_8042960321159864960ftn1"><p class=m4576729271658896846m8042960321159864960msofootnotetext><span style='mso-bookmark:m_4576729271658896846_m_8042960321159864'><span class=m4576729271658896846m8042960321159864960msofootnotereference>[1]</span></span> <span lang=EN-SG>Exceptions are practiced for languages with established orthographies and conventions that require the commingled use of multiple scripts, e.g. the Japanese writing system.</span><o:p></o:p></p></div></div><p class=MsoNormal><o:p> </o:p></p></div></div><p class=MsoNormal><span style='font-size:7.5pt;font-family:"Arial",sans-serif;color:white'>Do not Remove:<br>[HID]20170425182821379[-HID]</span><img border=0 id="_x0000_i1028" src="https://data.in/XGenPlusMessageID:14931921150881741a-"> <img border=0 id="_x0000_i1029" src="http://dlr.tbms.in:8077/XET21201:201704.jpg"><o:p></o:p></p></div></blockquote></div><p class=MsoNormal><br><br clear=all><span style='color:#888888'><br><span class=hoenzb>-- <o:p></o:p></span></span></p><div><div><div><div><div><div><div><p class=MsoNormal><span style='color:#888888'>Andrey Kolesnikov</span><o:p></o:p></p></div><div><p class=MsoNormal><span style='color:#888888'><a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__RIPN.NET&d=DwMFaQ&c=FmY1u3PJp6wrcrwll3mSVzgfkbPSS6sJms7xcl4I5cM&r=YI0XKyKCabKQi3GVWLvuoyCWjH9WBgEBxLbMnmhSRwo&m=b2_5n2l3R5eXR7olCx9BY0h-_Kk-odvJXTKIexpQvuM&s=bzXSVwk1DZEFet4B2d2K-x7-PI4e37O64WojUXqaNCM&e=" target="_blank">RIPN.NET[RIPN.NET]</a><o:p></o:p></span></p></div><div><p class=MsoNormal><span style='color:#888888'><o:p> </o:p></span></p></div></div></div></div></div></div></div></div></div></blockquote></div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>Don Hollander<o:p></o:p></p><div><p class=MsoNormal>Universal Acceptance Steering Group<o:p></o:p></p></div><div><p class=MsoNormal>Skype: don_hollander<o:p></o:p></p></div></div><div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div><p class=MsoNormal><o:p> </o:p></p></div></blockquote></div><p class=MsoNormal><br><br clear=all><br>-- <o:p></o:p></p><div><div><div><div><div><div><div><p class=MsoNormal>Andrey Kolesnikov<o:p></o:p></p></div><div><p class=MsoNormal><a href="http://RIPN.NET" target="_blank">RIPN.NET</a><o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div></div></div></div></div></div></div></div></div><div id="DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2"><br />
<table style="border-top: 1px solid #D3D4DE;">
<tr>
<td style="width: 55px; padding-top: 13px;"><a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon" target="_blank"><img src="https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif" width="46" height="29" style="width: 46px; height: 29px;" /></a></td>
<td style="width: 470px; padding-top: 12px; color: #41424e; font-size: 13px; font-family: Arial, Helvetica, sans-serif; line-height: 18px;">Virus-free. <a href="https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link" target="_blank" style="color: #4453ea;">www.avast.com</a>
</td>
</tr>
</table><a href="#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2" width="1" height="1"> </a></div></body></html>