[CPWG] The Bulk Registrations issue and why it is complex
Theo Geurts
atlarge at dcx.nl
Tue Apr 5 13:31:05 UTC 2022
As far as my current intel on this goes is that NIXI replaced this with another requirement a few weeks ago.
Theo
On Tue, Apr 5, 2022, at 1:20 PM, gopal at annauniv.edu wrote:
> Dear All,
>
> The National Internet Exchange of India (NIXI) placed restrictions on
> bulk registering
> of .in domains due to “national security” reasons.
>
> NIXI is the government-appointed authority responsible for managing .in
> domains.
>
> Explicit approval from NIXI for:
>
> Individual registrants looking to register more than two domains
> Registered accredited company looking to register more than a hundred
> domains
>
> It opens a debate on the other end of the spectrum i.e "Red Tape".
>
> Your thoughts...
>
> Sincerely,
>
>
>
>
> Gopal T V
> 0 9840121302
> https://vidwan.inflibnet.ac.in/profile/57545
> https://www.facebook.com/gopal.tadepalli
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Dr. T V Gopal
> Professor
> Department of Computer Science and Engineering
> College of Engineering
> Anna University
> Chennai - 600 025, INDIA
> Ph : (Off) 22351723 Extn. 3340
> (Res) 24454753
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> On 2022-04-05 18:40, Theo Geurts via CPWG wrote:
> > Let's say bulk means 50 registrations before alarms start to sound.
> >
> > Then the criminals will simply start pulling data from fake ID
> > generator APIs and connect those to the registrar/reseller APIs and
> > generate new unique RNH data/contacts. If that sounds out of the
> > realm of possibilities, consider I have already seen criminals doing
> > this to avoid detection in 2018. Every BEC fraud domain had a unique
> > registrant and they had registered 200 domains total. Their OPSEC was
> > pretty good on the registrant side of things, on the technical
> > infrastructure side, it was an absolute mess and very easy to track
> > down and shut down such domain names.
> >
> > Best,
> >
> > Theo
> >
> > On Tue, Apr 5, 2022, at 12:40 PM, John McCormac via CPWG wrote:
> >
> >> On 05/04/2022 12:25, Michele Neylon - Blacknight wrote:
> >>
> >>> John
> >>
> >>>
> >>
> >>> But what is your definition of “bulk”?
> >>
> >>>
> >>
> >> It is a very tricky question, Michele,
> >>
> >> I don't have an exact definition yet.
> >>
> >> There can be a lot of activity going on with a gTLD that might
> >> appear to
> >>
> >> be bulk registrations but without WHOIS data to measure the
> >>
> >> concentration of registrations, a spike due to a registry or
> >> registrar
> >>
> >> promotion might be considered "bulk". The concentration (new domain
> >>
> >> names to registrants) might help.
> >>
> >>> How many domains registered at once constitute “bulk”?
> >>
> >>>
> >>
> >>> 10?
> >>
> >> I've definitely registered this many at a time across TLDs for brand
> >>
> >>
> >> protection purposes.
> >>
> >>>
> >>
> >>> 100?
> >>
> >>>
> >>
> >>> 1000?
> >>
> >>>
> >>
> >>> Over what period of time?
> >>
> >>>
> >>
> >>> Minutes?
> >>
> >>>
> >>
> >>> Hours?
> >>
> >>>
> >>
> >>> Days?
> >>
> >> It would have to be over a few months at least. Otherwise celebrity
> >> and
> >>
> >> event driven registrations and speculative bubbles will get lumped
> >> into
> >>
> >> the set.
> >>
> >>> Can the “definition” be applied to all TLDs?
> >>
> >> Not unless there is a data element. It would be better to approach
> >> it on
> >>
> >> a TLD-specific basis that takes the performance of the TLD into
> >> account.
> >>
> >> Some TLDs may not have bulk registration issues.
> >>
> >>> I’d argue that there’s a massive difference between say 100
> >> domains
> >>
> >>> being registered in .bank vs in .store (as a silly example)
> >>
> >> Agreed. Heavy discounting is now an established feature of many
> >> gTLDs.
> >>
> >> The problem is that the absence of WHOIS data and registration
> >> patterns
> >>
> >> makes it a lot more difficult to identify abusive registrations.
> >> Without
> >>
> >> heavy discounting, some new gTLDs would have to spend a lot more
> >> money
> >>
> >> on marketing their gTLD in a highly competitive market and would end
> >> up
> >>
> >> with far fewer registrations than they have now.
> >>
> >> There was a recommendation in the CCT report that ICANN track
> >> pricing
> >>
> >> data. If ICANN had this kind of data to hand then it would be very
> >>
> >> helpful in defining bulk registrations and identifying trends that
> >> are
> >>
> >> direct results of heavy discounting. It still gets back to the
> >> problem
> >>
> >> of identifying what registrations are registered for malicious
> >> purposes
> >>
> >> and that's getting into Precog/Minority Report territory where the
> >>
> >> software and technology is just not good enough to guess the intent
> >> of
> >>
> >> all registrants.
> >>
> >> Regards...jmcc
> >>
> >>>
> >>
> >>> Regards
> >>
> >>>
> >>
> >>> Michele
> >>
> >>>
> >>
> >>> --
> >>
> >>>
> >>
> >>> Mr Michele Neylon
> >>
> >>>
> >>
> >>> Blacknight Solutions
> >>
> >>>
> >>
> >>> Hosting, Colocation & Domains
> >>
> >>>
> >>
> >>> https://www.blacknight.com/ <https://www.blacknight.com/>
> >>
> >>>
> >>
> >>> https://blacknight.blog/ <https://blacknight.blog/>
> >>
> >>>
> >>
> >>> Intl. +353 (0) 59 9183072
> >>
> >>>
> >>
> >>> Direct Dial: +353 (0)59 9183090
> >>
> >>>
> >>
> >>> Personal blog: https://michele.blog/ <https://michele.blog/>
> >>
> >>>
> >>
> >>> Some thoughts: https://ceo.hosting/ <https://ceo.hosting/>
> >>
> >>>
> >>
> >>> -------------------------------
> >>
> >>>
> >>
> >>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
> >> Park,Sleaty
> >>
> >>>
> >>
> >>> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
> >>
> >>>
> >>
> >>>
> >>
> >>>
> >>
> > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
> >>
> >>
> >>> Virus-free. www.avg.com [1]
> >>
> >>>
> >>
> > <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
> >>
> >>
> >>>
> >>
> >>>
> >>
> >>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
> >>
> >> --
> >>
> >> **********************************************************
> >>
> >> John McCormac * e-mail: jmcc at hosterstats.com
> >>
> >> MC2 * web: http://www.hosterstats.com/
> >>
> >> 22 Viewmount * Domain Registrations Statistics
> >>
> >> Waterford * Domnomics - the business of domain names
> >>
> >> Ireland * https://amzn.to/2OPtEIO
> >>
> >> IE * Skype: hosterstats.com
> >>
> >> **********************************************************
> >>
> >> --
> >>
> >> This email has been checked for viruses by AVG.
> >>
> >> https://www.avg.com
> >>
> >> _______________________________________________
> >>
> >> CPWG mailing list
> >>
> >> CPWG at icann.org
> >>
> >> https://mm.icann.org/mailman/listinfo/cpwg
> >>
> >> _______________________________________________
> >>
> >> By submitting your personal data, you consent to the processing of
> >> your personal data for purposes of subscribing to this mailing list
> >> accordance with the ICANN Privacy Policy
> >> (https://www.icann.org/privacy/policy) and the website Terms of
> >> Service (https://www.icann.org/privacy/tos). You can visit the
> >> Mailman link above to change your membership status or
> >> configuration, including unsubscribing, setting digest-style
> >> delivery or disabling delivery altogether (e.g., for a vacation),
> >> and so on.
> >
> >
> >
> > Links:
> > ------
> > [1] http://www.avg.com
> > _______________________________________________
> > CPWG mailing list
> > CPWG at icann.org
> > https://mm.icann.org/mailman/listinfo/cpwg
> >
> > _______________________________________________
> > By submitting your personal data, you consent to the processing of
> > your personal data for purposes of subscribing to this mailing list
> > accordance with the ICANN Privacy Policy
> > (https://www.icann.org/privacy/policy) and the website Terms of
> > Service (https://www.icann.org/privacy/tos). You can visit the Mailman
> > link above to change your membership status or configuration,
> > including unsubscribing, setting digest-style delivery or disabling
> > delivery altogether (e.g., for a vacation), and so on.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/cpwg/attachments/20220405/a9fd4ddc/attachment-0001.html>
More information about the CPWG
mailing list