[CPWG] Verisign

[Laurin B Weissinger]

Dear Bill and Jonathan, dear all,

I should have added more detail, apologies.

It seems that names are so cheap that “touching them”, to quote Graham, puts you in the red. As Jonathan, I see little reason to question that; it might not be quite that bad but unlikely to be far off. Thus, I am wondering, wouldn’t it be better for end users to have registrants pay a little more and not having to worry about these issues.

> I'm not sure it is accurate to characterize the situation as the registries as "not having their houses in order."  As for-profit companies, their duty is to their owners.

Absolutely, and as there is no requirement contractually to do much about abuse… Lots of parties do care and try, don’t get me wrong — but as long as it is not a “must”, the ones who care have to somehow make it happen, slimming their profits vs those who do the bare minimum, which isn't much.

> So it’s a wee bit disingenuous to suggest that they WANT all the conflicts as they end up getting wrapped up in complaints about them all the time and I suspect they wish they weren’t there because they lose money, not make money, on them

I agree. Maybe making the playing field more equal by requiring some anti-abuse measures (and potentially allowing higher prices per registration that is then a “better” one) would actually help those who are trying and are undercut by those who choose to maximize profit by not doing as much anti abuse. (Another SSR2 teaser, there will likely be a rec on anti-abuse reqs in contracts).

All in all, it is about how the operating environment looks like, and this is where ICANN policy and contracts can change things considerably. From an end user perspective, I tend to think that slightly (!) pricier registrations in return for fewer “shenanigans" will be preferable overall.

All the best
Laurin

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Monday, January 6, 2020 6:21 PM, Jonathan Zuck <JZuck at innovatorsnetwork.org> wrote:

> In fairness, Bill, the contracted parties spend tons of cash to combat DNS abuse. Of course, we’ve just issued advice to the board suggesting they could do more, such as implementing the AI based solution used by .UK and .EU which look really promising. So it’s a wee bit disingenuous to suggest that they WANT all the conflicts as they end up getting wrapped up in complaints about them all the time and I suspect they wish they weren’t there because they lose money, not make money, on them. That we heard from Graham from Twocows and it makes sense. Once they “touch a domain” they’re losing money, he suggested, and I don’t have any reason to question him. I’d much rather work with them to find a better way to go after the bad guys.
>
> From: [Bill Jouris via CPWG](mailto:cpwg at icann.org)
> Sent: Monday, January 6, 2020 12:15 PM
> To: [Laurin B Weissinger](mailto:lbweissinger at protonmail.com)
> Cc: cpwg at icann.org
> Subject: Re: [CPWG] Verisign
>
> Laurin,
>
> I'm not sure it is accurate to characterize the situation as the registries as "not having their houses in order."  As for-profit companies, their duty is to their owners.  And the technical term of a situation requiring lots of defensive registrations is "gold mine" -- multiple sales, with only a single customer to deal with.  And, for the most part, you can probably sell hosting services for the re-direct to the real website as well.
>
> From the point of view of the users, and of the Internet generally, simply blocking those potential abusive registrations is clearly the way to go.  But for the registries?  All their incentive is to have as many potential conflicts as possible.  Easy sales.
>
> Bill Jouris
>
> [Sent from Yahoo Mail on Android](https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature)
>
>> On Mon, Jan 6, 2020 at 8:50 AM, Laurin B Weissinger
>>
>> <lbweissinger at protonmail.com> wrote:
>>
>> Dear all,
>>
>>> The only obvious defense, for registrants who want their customers to arrive reliably at their website, will be defensive registrations.  Lots of defensive registrations.  (I did a quick calculation for Citi Bank.  4 letter domain name.  Close to 300 readily confusable variations.  Longer names would have more, of course.)
>>
>> It might very well be that this is an issue to start with? SSR2 will likely recommend measures to be taken here.
>>
>> In general though, it is quite ridiculous if you think about it — I have to pay for multiple domains to protect myself because contracted parties do not have their house in order… (Obviously, I am overstating slightly, on purpose)
>>
>> All the best
>> Laurin
>
>> On Jan 6, 2020, at 17:45, Jonathan Zuck <JZuck at innovatorsnetwork.org> wrote:
>>
>> Bill,
>> That's certainly an interesting take that I hadn't thought about. The reasoning from Evan, that make sense to me, is that higher prices would make it less likely that people would register the fraudulent names in the first place, making defensive registrations less necessary. Of course, for truly premium names a small price hike will NOT make a difference but at volume it might.  I'll noodle that more. My job is facilitator here so my opinion doesn't really matter. I'm just not interested in a knee jerk emotional response from At-Large.
>> Jonathan
>>
>> From: Bill Jouris <b_jouris at yahoo.com>
>> Sent: Monday, January 6, 2020 11:37 AM
>> To: Jonathan Zuck <JZuck at innovatorsnetwork.org>; Nat Cohen <ncohen at telepathy.com>; Alan Greenberg <alan.greenberg at mcgill.ca>
>> Cc: cpwg at icann.org <cpwg at icann.org>
>> Subject: Re: [CPWG] Verisign
>>
>> Jonathan,
>>
>> In your last paragraph, you say:
>> "Individual end users don’t care about the wholesale price of domains. They care about whether they’re getting to the site they intend, that the site won’t infect their machine with malware, that the site won’t commit fraud on them, etc. etc...."
>>
>> But that does give individual end users a stake in domain name prices.  Thanks to the IDN effort, we are about to see a spike in the potential for DNS abuse -- specifically the easy opportunity (thanks to ICANN's approach) to generate quite misleading domain names.
>>
>> The only obvious defense, for registrants who want their customers to arrive reliably at their website, will be defensive registrations.  Lots of defensive registrations.  (I did a quick calculation for Citi Bank.  4 letter domain name.  Close to 300 readily confusable variations.  Longer names would have more, of course.)
>>
>> If the price of registrations goes up, they will do fewer defensive registrations.  Which means end users will have more trouble reliably getting where they want to go.  Which, I submit, we do care about.
>>
>> Bill Jouris
>>
>> Sent from Yahoo Mail on Android
>>
>> On Mon, Jan 6, 2020 at 7:23 AM, Jonathan Zuck
>> <JZuck at innovatorsnetwork.org> wrote:
>> _______________________________________________
>> CPWG mailing list
>> CPWG at icann.org
>> https://mm.icann.org/mailman/listinfo/cpwg
>>
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mm.icann.org/pipermail/cpwg/attachments/20200106/01d72f9c/attachment-0001.html>