[CPWG] The Bulk Registrations issue and why it is complex
gopal at annauniv.edu
gopal at annauniv.edu
Tue Apr 5 13:20:00 UTC 2022
Dear All,
The National Internet Exchange of India (NIXI) placed restrictions on
bulk registering
of .in domains due to “national security” reasons.
NIXI is the government-appointed authority responsible for managing .in
domains.
Explicit approval from NIXI for:
Individual registrants looking to register more than two domains
Registered accredited company looking to register more than a hundred
domains
It opens a debate on the other end of the spectrum i.e "Red Tape".
Your thoughts...
Sincerely,
Gopal T V
0 9840121302
https://vidwan.inflibnet.ac.in/profile/57545
https://www.facebook.com/gopal.tadepalli
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Dr. T V Gopal
Professor
Department of Computer Science and Engineering
College of Engineering
Anna University
Chennai - 600 025, INDIA
Ph : (Off) 22351723 Extn. 3340
(Res) 24454753
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
On 2022-04-05 18:40, Theo Geurts via CPWG wrote:
> Let's say bulk means 50 registrations before alarms start to sound.
>
> Then the criminals will simply start pulling data from fake ID
> generator APIs and connect those to the registrar/reseller APIs and
> generate new unique RNH data/contacts. If that sounds out of the
> realm of possibilities, consider I have already seen criminals doing
> this to avoid detection in 2018. Every BEC fraud domain had a unique
> registrant and they had registered 200 domains total. Their OPSEC was
> pretty good on the registrant side of things, on the technical
> infrastructure side, it was an absolute mess and very easy to track
> down and shut down such domain names.
>
> Best,
>
> Theo
>
> On Tue, Apr 5, 2022, at 12:40 PM, John McCormac via CPWG wrote:
>
>> On 05/04/2022 12:25, Michele Neylon - Blacknight wrote:
>>
>>> John
>>
>>>
>>
>>> But what is your definition of “bulk”?
>>
>>>
>>
>> It is a very tricky question, Michele,
>>
>> I don't have an exact definition yet.
>>
>> There can be a lot of activity going on with a gTLD that might
>> appear to
>>
>> be bulk registrations but without WHOIS data to measure the
>>
>> concentration of registrations, a spike due to a registry or
>> registrar
>>
>> promotion might be considered "bulk". The concentration (new domain
>>
>> names to registrants) might help.
>>
>>> How many domains registered at once constitute “bulk”?
>>
>>>
>>
>>> 10?
>>
>> I've definitely registered this many at a time across TLDs for brand
>>
>>
>> protection purposes.
>>
>>>
>>
>>> 100?
>>
>>>
>>
>>> 1000?
>>
>>>
>>
>>> Over what period of time?
>>
>>>
>>
>>> Minutes?
>>
>>>
>>
>>> Hours?
>>
>>>
>>
>>> Days?
>>
>> It would have to be over a few months at least. Otherwise celebrity
>> and
>>
>> event driven registrations and speculative bubbles will get lumped
>> into
>>
>> the set.
>>
>>> Can the “definition” be applied to all TLDs?
>>
>> Not unless there is a data element. It would be better to approach
>> it on
>>
>> a TLD-specific basis that takes the performance of the TLD into
>> account.
>>
>> Some TLDs may not have bulk registration issues.
>>
>>> I’d argue that there’s a massive difference between say 100
>> domains
>>
>>> being registered in .bank vs in .store (as a silly example)
>>
>> Agreed. Heavy discounting is now an established feature of many
>> gTLDs.
>>
>> The problem is that the absence of WHOIS data and registration
>> patterns
>>
>> makes it a lot more difficult to identify abusive registrations.
>> Without
>>
>> heavy discounting, some new gTLDs would have to spend a lot more
>> money
>>
>> on marketing their gTLD in a highly competitive market and would end
>> up
>>
>> with far fewer registrations than they have now.
>>
>> There was a recommendation in the CCT report that ICANN track
>> pricing
>>
>> data. If ICANN had this kind of data to hand then it would be very
>>
>> helpful in defining bulk registrations and identifying trends that
>> are
>>
>> direct results of heavy discounting. It still gets back to the
>> problem
>>
>> of identifying what registrations are registered for malicious
>> purposes
>>
>> and that's getting into Precog/Minority Report territory where the
>>
>> software and technology is just not good enough to guess the intent
>> of
>>
>> all registrants.
>>
>> Regards...jmcc
>>
>>>
>>
>>> Regards
>>
>>>
>>
>>> Michele
>>
>>>
>>
>>> --
>>
>>>
>>
>>> Mr Michele Neylon
>>
>>>
>>
>>> Blacknight Solutions
>>
>>>
>>
>>> Hosting, Colocation & Domains
>>
>>>
>>
>>> https://www.blacknight.com/ <https://www.blacknight.com/>
>>
>>>
>>
>>> https://blacknight.blog/ <https://blacknight.blog/>
>>
>>>
>>
>>> Intl. +353 (0) 59 9183072
>>
>>>
>>
>>> Direct Dial: +353 (0)59 9183090
>>
>>>
>>
>>> Personal blog: https://michele.blog/ <https://michele.blog/>
>>
>>>
>>
>>> Some thoughts: https://ceo.hosting/ <https://ceo.hosting/>
>>
>>>
>>
>>> -------------------------------
>>
>>>
>>
>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
>> Park,Sleaty
>>
>>>
>>
>>> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>>
>>>
>>
>>>
>>
>>>
>>
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>>
>>
>>> Virus-free. www.avg.com [1]
>>
>>>
>>
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>>
>>
>>>
>>
>>>
>>
>>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>
>> --
>>
>> **********************************************************
>>
>> John McCormac * e-mail: jmcc at hosterstats.com
>>
>> MC2 * web: http://www.hosterstats.com/
>>
>> 22 Viewmount * Domain Registrations Statistics
>>
>> Waterford * Domnomics - the business of domain names
>>
>> Ireland * https://amzn.to/2OPtEIO
>>
>> IE * Skype: hosterstats.com
>>
>> **********************************************************
>>
>> --
>>
>> This email has been checked for viruses by AVG.
>>
>> https://www.avg.com
>>
>> _______________________________________________
>>
>> CPWG mailing list
>>
>> CPWG at icann.org
>>
>> https://mm.icann.org/mailman/listinfo/cpwg
>>
>> _______________________________________________
>>
>> By submitting your personal data, you consent to the processing of
>> your personal data for purposes of subscribing to this mailing list
>> accordance with the ICANN Privacy Policy
>> (https://www.icann.org/privacy/policy) and the website Terms of
>> Service (https://www.icann.org/privacy/tos). You can visit the
>> Mailman link above to change your membership status or
>> configuration, including unsubscribing, setting digest-style
>> delivery or disabling delivery altogether (e.g., for a vacation),
>> and so on.
>
>
>
> Links:
> ------
> [1] http://www.avg.com
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of
> your personal data for purposes of subscribing to this mailing list
> accordance with the ICANN Privacy Policy
> (https://www.icann.org/privacy/policy) and the website Terms of
> Service (https://www.icann.org/privacy/tos). You can visit the Mailman
> link above to change your membership status or configuration,
> including unsubscribing, setting digest-style delivery or disabling
> delivery altogether (e.g., for a vacation), and so on.
More information about the CPWG
mailing list