[CPWG] The Bulk Registrations issue and why it is complex
gopal at annauniv.edu
gopal at annauniv.edu
Tue Apr 5 15:32:38 UTC 2022
Yes. thanks. I should have mentioned as on 11 March 2022 in the context
of NIXI Regulations included in my mail.
I am sorry, I could check only until this date.
I will be happy to look at any further developments in this direction
from NIXI?
Gopal T V
0 9840121302
https://vidwan.inflibnet.ac.in/profile/57545
https://www.facebook.com/gopal.tadepalli
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Dr. T V Gopal
Professor
Department of Computer Science and Engineering
College of Engineering
Anna University
Chennai - 600 025, INDIA
Ph : (Off) 22351723 Extn. 3340
(Res) 24454753
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
On 2022-04-05 19:01, Theo Geurts wrote:
> As far as my current intel on this goes is that NIXI replaced this
> with another requirement a few weeks ago.
>
> Theo
>
> On Tue, Apr 5, 2022, at 1:20 PM, gopal at annauniv.edu wrote:
>
>> Dear All,
>>
>> The National Internet Exchange of India (NIXI) placed restrictions
>> on
>>
>> bulk registering
>>
>> of .in domains due to “national security” reasons.
>>
>> NIXI is the government-appointed authority responsible for managing
>> .in
>>
>> domains.
>>
>> Explicit approval from NIXI for:
>>
>> Individual registrants looking to register more than two domains
>>
>> Registered accredited company looking to register more than a
>> hundred
>>
>> domains
>>
>> It opens a debate on the other end of the spectrum i.e "Red Tape".
>>
>> Your thoughts...
>>
>> Sincerely,
>>
>> Gopal T V
>>
>> 0 9840121302
>>
>> https://vidwan.inflibnet.ac.in/profile/57545
>>
>> https://www.facebook.com/gopal.tadepalli
>>
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>> Dr. T V Gopal
>>
>> Professor
>>
>> Department of Computer Science and Engineering
>>
>> College of Engineering
>>
>> Anna University
>>
>> Chennai - 600 025, INDIA
>>
>> Ph : (Off) 22351723 Extn. 3340
>>
>> (Res) 24454753
>>
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>> On 2022-04-05 18:40, Theo Geurts via CPWG wrote:
>>
>>> Let's say bulk means 50 registrations before alarms start to
>> sound.
>>
>>>
>>
>>> Then the criminals will simply start pulling data from fake ID
>>
>>> generator APIs and connect those to the registrar/reseller APIs
>> and
>>
>>> generate new unique RNH data/contacts. If that sounds out of the
>>
>>> realm of possibilities, consider I have already seen criminals
>> doing
>>
>>> this to avoid detection in 2018. Every BEC fraud domain had a
>> unique
>>
>>> registrant and they had registered 200 domains total. Their OPSEC
>> was
>>
>>> pretty good on the registrant side of things, on the technical
>>
>>> infrastructure side, it was an absolute mess and very easy to
>> track
>>
>>> down and shut down such domain names.
>>
>>>
>>
>>> Best,
>>
>>>
>>
>>> Theo
>>
>>>
>>
>>> On Tue, Apr 5, 2022, at 12:40 PM, John McCormac via CPWG wrote:
>>
>>>
>>
>>>> On 05/04/2022 12:25, Michele Neylon - Blacknight wrote:
>>
>>>>
>>
>>>>> John
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> But what is your definition of “bulk”?
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>> It is a very tricky question, Michele,
>>
>>>>
>>
>>>> I don't have an exact definition yet.
>>
>>>>
>>
>>>> There can be a lot of activity going on with a gTLD that might
>>
>>>> appear to
>>
>>>>
>>
>>>> be bulk registrations but without WHOIS data to measure the
>>
>>>>
>>
>>>> concentration of registrations, a spike due to a registry or
>>
>>>> registrar
>>
>>>>
>>
>>>> promotion might be considered "bulk". The concentration (new
>> domain
>>
>>>>
>>
>>>> names to registrants) might help.
>>
>>>>
>>
>>>>> How many domains registered at once constitute “bulk”?
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> 10?
>>
>>>>
>>
>>>> I've definitely registered this many at a time across TLDs for
>> brand
>>
>>>>
>>
>>>>
>>
>>>> protection purposes.
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> 100?
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> 1000?
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Over what period of time?
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Minutes?
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Hours?
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Days?
>>
>>>>
>>
>>>> It would have to be over a few months at least. Otherwise
>> celebrity
>>
>>>> and
>>
>>>>
>>
>>>> event driven registrations and speculative bubbles will get
>> lumped
>>
>>>> into
>>
>>>>
>>
>>>> the set.
>>
>>>>
>>
>>>>> Can the “definition” be applied to all TLDs?
>>
>>>>
>>
>>>> Not unless there is a data element. It would be better to
>> approach
>>
>>>> it on
>>
>>>>
>>
>>>> a TLD-specific basis that takes the performance of the TLD into
>>
>>>> account.
>>
>>>>
>>
>>>> Some TLDs may not have bulk registration issues.
>>
>>>>
>>
>>>>> I’d argue that there’s a massive difference between say 100
>>
>>>> domains
>>
>>>>
>>
>>>>> being registered in .bank vs in .store (as a silly example)
>>
>>>>
>>
>>>> Agreed. Heavy discounting is now an established feature of many
>>
>>>> gTLDs.
>>
>>>>
>>
>>>> The problem is that the absence of WHOIS data and registration
>>
>>>> patterns
>>
>>>>
>>
>>>> makes it a lot more difficult to identify abusive registrations.
>>
>>>> Without
>>
>>>>
>>
>>>> heavy discounting, some new gTLDs would have to spend a lot more
>>
>>>> money
>>
>>>>
>>
>>>> on marketing their gTLD in a highly competitive market and would
>> end
>>
>>>> up
>>
>>>>
>>
>>>> with far fewer registrations than they have now.
>>
>>>>
>>
>>>> There was a recommendation in the CCT report that ICANN track
>>
>>>> pricing
>>
>>>>
>>
>>>> data. If ICANN had this kind of data to hand then it would be
>> very
>>
>>>>
>>
>>>> helpful in defining bulk registrations and identifying trends
>> that
>>
>>>> are
>>
>>>>
>>
>>>> direct results of heavy discounting. It still gets back to the
>>
>>>> problem
>>
>>>>
>>
>>>> of identifying what registrations are registered for malicious
>>
>>>> purposes
>>
>>>>
>>
>>>> and that's getting into Precog/Minority Report territory where
>> the
>>
>>>>
>>
>>>> software and technology is just not good enough to guess the
>> intent
>>
>>>> of
>>
>>>>
>>
>>>> all registrants.
>>
>>>>
>>
>>>> Regards...jmcc
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Regards
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Michele
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> --
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Mr Michele Neylon
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Blacknight Solutions
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Hosting, Colocation & Domains
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> https://www.blacknight.com/ <https://www.blacknight.com/>
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> https://blacknight.blog/ <https://blacknight.blog/>
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Intl. +353 (0) 59 9183072
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Direct Dial: +353 (0)59 9183090
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Personal blog: https://michele.blog/ <https://michele.blog/>
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Some thoughts: https://ceo.hosting/ <https://ceo.hosting/>
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> -------------------------------
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business
>>
>>>> Park,Sleaty
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> Road,Graiguecullen,Carlow,R93 X265,Ireland Company No.: 370845
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>
>>
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>>
>>>>
>>
>>>>
>>
>>>>> Virus-free. www.avg.com [1] [1]
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>
>>
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>>
>>>>
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>>
>>
>>>>
>>
>>>>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>>
>>>>
>>
>>>> --
>>
>>>>
>>
>>>> **********************************************************
>>
>>>>
>>
>>>> John McCormac * e-mail: jmcc at hosterstats.com
>>
>>>>
>>
>>>> MC2 * web: http://www.hosterstats.com/
>>
>>>>
>>
>>>> 22 Viewmount * Domain Registrations Statistics
>>
>>>>
>>
>>>> Waterford * Domnomics - the business of domain names
>>
>>>>
>>
>>>> Ireland * https://amzn.to/2OPtEIO
>>
>>>>
>>
>>>> IE * Skype: hosterstats.com
>>
>>>>
>>
>>>> **********************************************************
>>
>>>>
>>
>>>> --
>>
>>>>
>>
>>>> This email has been checked for viruses by AVG.
>>
>>>>
>>
>>>> https://www.avg.com
>>
>>>>
>>
>>>> _______________________________________________
>>
>>>>
>>
>>>> CPWG mailing list
>>
>>>>
>>
>>>> CPWG at icann.org
>>
>>>>
>>
>>>> https://mm.icann.org/mailman/listinfo/cpwg
>>
>>>>
>>
>>>> _______________________________________________
>>
>>>>
>>
>>>> By submitting your personal data, you consent to the processing
>> of
>>
>>>> your personal data for purposes of subscribing to this mailing
>> list
>>
>>>> accordance with the ICANN Privacy Policy
>>
>>>> (https://www.icann.org/privacy/policy) and the website Terms of
>>
>>>> Service (https://www.icann.org/privacy/tos). You can visit the
>>
>>>> Mailman link above to change your membership status or
>>
>>>> configuration, including unsubscribing, setting digest-style
>>
>>>> delivery or disabling delivery altogether (e.g., for a vacation),
>>
>>>> and so on.
>>
>>>
>>
>>>
>>
>>>
>>
>>> Links:
>>
>>> ------
>>
>>> [1] http://www.avg.com
>>
>>> _______________________________________________
>>
>>> CPWG mailing list
>>
>>> CPWG at icann.org
>>
>>> https://mm.icann.org/mailman/listinfo/cpwg
>>
>>>
>>
>>> _______________________________________________
>>
>>> By submitting your personal data, you consent to the processing of
>>
>>> your personal data for purposes of subscribing to this mailing
>> list
>>
>>> accordance with the ICANN Privacy Policy
>>
>>> (https://www.icann.org/privacy/policy) and the website Terms of
>>
>>> Service (https://www.icann.org/privacy/tos). You can visit the
>> Mailman
>>
>>> link above to change your membership status or configuration,
>>
>>> including unsubscribing, setting digest-style delivery or
>> disabling
>>
>>> delivery altogether (e.g., for a vacation), and so on.
>
>
>
> Links:
> ------
> [1] http://www.avg.com
More information about the CPWG
mailing list