[CPWG] The Bulk Registrations issue and why it is complex

Tue Apr 5 13:20:00 UTC 2022

Dear All,

The National Internet Exchange of India (NIXI) placed restrictions on 
bulk registering
of .in domains due to “national security” reasons.

NIXI is the government-appointed authority responsible for managing .in 
domains.

Explicit approval from NIXI for:

Individual registrants looking to register more than two domains
Registered accredited company looking to register more than a hundred 
domains

It opens a debate on the other end of the spectrum i.e "Red Tape".

Your thoughts...

Sincerely,

Gopal T V
0 9840121302
https://vidwan.inflibnet.ac.in/profile/57545
https://www.facebook.com/gopal.tadepalli
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Dr. T V Gopal
Professor
Department of Computer Science and Engineering
College of Engineering
Anna University
Chennai - 600 025, INDIA
Ph : (Off) 22351723 Extn. 3340
       (Res) 24454753
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

On 2022-04-05 18:40, Theo Geurts via CPWG wrote:
> Let's say bulk means 50 registrations before alarms start to sound.
> 
> Then the criminals will simply start pulling data from fake ID
> generator APIs and connect those to the registrar/reseller APIs and
> generate new unique RNH data/contacts.  If that sounds out of the
> realm of possibilities, consider I have already seen criminals doing
> this to avoid detection in 2018. Every BEC fraud domain had a unique
> registrant and they had registered 200 domains total. Their OPSEC was
> pretty good on the registrant side of things, on the technical
> infrastructure side, it was an absolute mess and very easy to track
> down and shut down such domain names.
> 
> Best,
> 
> Theo
> 
> On Tue, Apr 5, 2022, at 12:40 PM, John McCormac via CPWG wrote:
> 
>> On 05/04/2022 12:25, Michele Neylon - Blacknight wrote:
>> 
>>> John
>> 
>>> 
>> 
>>> But what is your definition of “bulk”?
>> 
>>> 
>> 
>> It is a very tricky question, Michele,
>> 
>> I don't have an exact definition yet.
>> 
>> There can be a lot of activity going on with a gTLD that might
>> appear to
>> 
>> be bulk registrations but without WHOIS data to measure the
>> 
>> concentration of registrations, a spike due to a registry or
>> registrar
>> 
>> promotion might be considered "bulk". The concentration (new domain
>> 
>> names to registrants) might help.
>> 
>>> How many domains registered at once constitute “bulk”?
>> 
>>> 
>> 
>>> 10?
>> 
>> I've definitely registered this many at a time across TLDs for brand
>> 
>> 
>> protection purposes.
>> 
>>> 
>> 
>>> 100?
>> 
>>> 
>> 
>>> 1000?
>> 
>>> 
>> 
>>> Over what period of time?
>> 
>>> 
>> 
>>> Minutes?
>> 
>>> 
>> 
>>> Hours?
>> 
>>> 
>> 
>>> Days?
>> 
>> It would have to be over a few months at least. Otherwise celebrity
>> and
>> 
>> event driven registrations and speculative bubbles will get lumped
>> into
>> 
>> the set.
>> 
>>> Can the “definition” be applied to all TLDs?
>> 
>> Not unless there is a data element. It would be better to approach
>> it on
>> 
>> a TLD-specific basis that takes the performance of the TLD into
>> account.
>> 
>> Some TLDs may not have bulk registration issues.
>> 
>>> I’d argue that there’s a massive difference between say 100
>> domains
>> 
>>> being registered in .bank vs in .store (as a silly example)
>> 
>> Agreed. Heavy discounting is now an established feature of many
>> gTLDs.
>> 
>> The problem is that the absence of WHOIS data and registration
>> patterns
>> 
>> makes it a lot more difficult to identify abusive registrations.
>> Without
>> 
>> heavy discounting, some new gTLDs would have to spend a lot more
>> money
>> 
>> on marketing their gTLD in a highly competitive market and would end
>> up
>> 
>> with far fewer registrations than they have now.
>> 
>> There was a recommendation in the CCT report that ICANN track
>> pricing
>> 
>> data. If ICANN had this kind of data to hand then it would be very
>> 
>> helpful in defining bulk registrations and identifying trends that
>> are
>> 
>> direct results of heavy discounting. It still gets back to the
>> problem
>> 
>> of identifying what registrations are registered for malicious
>> purposes
>> 
>> and that's getting into Precog/Minority Report territory where the
>> 
>> software and technology is just not good enough to guess the intent
>> of
>> 
>> all registrants.
>> 
>> Regards...jmcc
>> 
>>> 
>> 
>>> Regards
>> 
>>> 
>> 
>>> Michele
>> 
>>> 
>> 
>>> --
>> 
>>> 
>> 
>>> Mr Michele Neylon
>> 
>>> 
>> 
>>> Blacknight Solutions
>> 
>>> 
>> 
>>> Hosting, Colocation & Domains
>> 
>>> 
>> 
>>> https://www.blacknight.com/ <https://www.blacknight.com/>
>> 
>>> 
>> 
>>> https://blacknight.blog/ <https://blacknight.blog/>
>> 
>>> 
>> 
>>> Intl. +353 (0) 59  9183072
>> 
>>> 
>> 
>>> Direct Dial: +353 (0)59 9183090
>> 
>>> 
>> 
>>> Personal blog: https://michele.blog/ <https://michele.blog/>
>> 
>>> 
>> 
>>> Some thoughts: https://ceo.hosting/ <https://ceo.hosting/>
>> 
>>> 
>> 
>>> -------------------------------
>> 
>>> 
>> 
>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
>> Park,Sleaty
>> 
>>> 
>> 
>>> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845
>> 
>>> 
>> 
>>> 
>> 
>>> 
>> 
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>> 
>> 
>>> Virus-free. www.avg.com [1]
>> 
>>> 
>> 
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>> 
>> 
>>> 
>> 
>>> 
>> 
>>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>> 
>> --
>> 
>> **********************************************************
>> 
>> John McCormac  *  e-mail: jmcc at hosterstats.com
>> 
>> MC2            *  web: http://www.hosterstats.com/
>> 
>> 22 Viewmount   *  Domain Registrations Statistics
>> 
>> Waterford      *  Domnomics - the business of domain names
>> 
>> Ireland        *  https://amzn.to/2OPtEIO
>> 
>> IE             *  Skype: hosterstats.com
>> 
>> **********************************************************
>> 
>> --
>> 
>> This email has been checked for viruses by AVG.
>> 
>> https://www.avg.com
>> 
>> _______________________________________________
>> 
>> CPWG mailing list
>> 
>> CPWG at icann.org
>> 
>> https://mm.icann.org/mailman/listinfo/cpwg
>> 
>> _______________________________________________
>> 
>> By submitting your personal data, you consent to the processing of
>> your personal data for purposes of subscribing to this mailing list
>> accordance with the ICANN Privacy Policy
>> (https://www.icann.org/privacy/policy) and the website Terms of
>> Service (https://www.icann.org/privacy/tos). You can visit the
>> Mailman link above to change your membership status or
>> configuration, including unsubscribing, setting digest-style
>> delivery or disabling delivery altogether (e.g., for a vacation),
>> and so on.
> 
> 
> 
> Links:
> ------
> [1] http://www.avg.com
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
> 
> _______________________________________________
> By submitting your personal data, you consent to the processing of
> your personal data for purposes of subscribing to this mailing list
> accordance with the ICANN Privacy Policy
> (https://www.icann.org/privacy/policy) and the website Terms of
> Service (https://www.icann.org/privacy/tos). You can visit the Mailman
> link above to change your membership status or configuration,
> including unsubscribing, setting digest-style delivery or disabling
> delivery altogether (e.g., for a vacation), and so on.