[CPWG] The Bulk Registrations issue and why it is complex

Amrita CCAOI amritachoudhury at ccaoi.in
Wed Apr 6 07:21:14 UTC 2022 

Yes Theo, NIXI revoked the restrictions. This is the link to the new kyc process NIXI has adopted: https://www.registry.in/registry/images/page/e_KYC.pdf

 

Regards,

 

Amrita

From: CPWG <cpwg-bounces at icann.org> On Behalf Of Theo Geurts via CPWG
Sent: 05 April 2022 19:01
To: gopal at annauniv.edu; Bill Jouris via CPWG <cpwg at icann.org>
Subject: Re: [CPWG] The Bulk Registrations issue and why it is complex

 

As far as my current intel on this goes is that NIXI replaced this with another requirement a few weeks ago. 

 

Theo

 

On Tue, Apr 5, 2022, at 1:20 PM, gopal at annauniv.edu <mailto:gopal at annauniv.edu>  wrote:

Dear All,

 

The National Internet Exchange of India (NIXI) placed restrictions on 

bulk registering

of .in domains due to “national security” reasons.

 

NIXI is the government-appointed authority responsible for managing .in 

domains.

 

Explicit approval from NIXI for:

 

Individual registrants looking to register more than two domains

Registered accredited company looking to register more than a hundred 

domains

 

It opens a debate on the other end of the spectrum i.e "Red Tape".

 

Your thoughts...

 

Sincerely,

 

 

 

 

Gopal T V

0 9840121302

https://vidwan.inflibnet.ac.in/profile/57545

https://www.facebook.com/gopal.tadepalli

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Dr. T V Gopal

Professor

Department of Computer Science and Engineering

College of Engineering

Anna University

Chennai - 600 025, INDIA

Ph : (Off) 22351723 Extn. 3340

       (Res) 24454753

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

On 2022-04-05 18:40, Theo Geurts via CPWG wrote:

> Let's say bulk means 50 registrations before alarms start to sound.

> 

> Then the criminals will simply start pulling data from fake ID

> generator APIs and connect those to the registrar/reseller APIs and

> generate new unique RNH data/contacts.  If that sounds out of the

> realm of possibilities, consider I have already seen criminals doing

> this to avoid detection in 2018. Every BEC fraud domain had a unique

> registrant and they had registered 200 domains total. Their OPSEC was

> pretty good on the registrant side of things, on the technical

> infrastructure side, it was an absolute mess and very easy to track

> down and shut down such domain names.

> 

> Best,

> 

> Theo

> 

> On Tue, Apr 5, 2022, at 12:40 PM, John McCormac via CPWG wrote:

> 

>> On 05/04/2022 12:25, Michele Neylon - Blacknight wrote:

>> 

>>> John

>> 

>>> 

>> 

>>> But what is your definition of “bulk”?

>> 

>>> 

>> 

>> It is a very tricky question, Michele,

>> 

>> I don't have an exact definition yet.

>> 

>> There can be a lot of activity going on with a gTLD that might

>> appear to

>> 

>> be bulk registrations but without WHOIS data to measure the

>> 

>> concentration of registrations, a spike due to a registry or

>> registrar

>> 

>> promotion might be considered "bulk". The concentration (new domain

>> 

>> names to registrants) might help.

>> 

>>> How many domains registered at once constitute “bulk”?

>> 

>>> 

>> 

>>> 10?

>> 

>> I've definitely registered this many at a time across TLDs for brand

>> 

>> 

>> protection purposes.

>> 

>>> 

>> 

>>> 100?

>> 

>>> 

>> 

>>> 1000?

>> 

>>> 

>> 

>>> Over what period of time?

>> 

>>> 

>> 

>>> Minutes?

>> 

>>> 

>> 

>>> Hours?

>> 

>>> 

>> 

>>> Days?

>> 

>> It would have to be over a few months at least. Otherwise celebrity

>> and

>> 

>> event driven registrations and speculative bubbles will get lumped

>> into

>> 

>> the set.

>> 

>>> Can the “definition” be applied to all TLDs?

>> 

>> Not unless there is a data element. It would be better to approach

>> it on

>> 

>> a TLD-specific basis that takes the performance of the TLD into

>> account.

>> 

>> Some TLDs may not have bulk registration issues.

>> 

>>> I’d argue that there’s a massive difference between say 100

>> domains

>> 

>>> being registered in .bank vs in .store (as a silly example)

>> 

>> Agreed. Heavy discounting is now an established feature of many

>> gTLDs.

>> 

>> The problem is that the absence of WHOIS data and registration

>> patterns

>> 

>> makes it a lot more difficult to identify abusive registrations.

>> Without

>> 

>> heavy discounting, some new gTLDs would have to spend a lot more

>> money

>> 

>> on marketing their gTLD in a highly competitive market and would end

>> up

>> 

>> with far fewer registrations than they have now.

>> 

>> There was a recommendation in the CCT report that ICANN track

>> pricing

>> 

>> data. If ICANN had this kind of data to hand then it would be very

>> 

>> helpful in defining bulk registrations and identifying trends that

>> are

>> 

>> direct results of heavy discounting. It still gets back to the

>> problem

>> 

>> of identifying what registrations are registered for malicious

>> purposes

>> 

>> and that's getting into Precog/Minority Report territory where the

>> 

>> software and technology is just not good enough to guess the intent

>> of

>> 

>> all registrants.

>> 

>> Regards...jmcc

>> 

>>> 

>> 

>>> Regards

>> 

>>> 

>> 

>>> Michele

>> 

>>> 

>> 

>>> --

>> 

>>> 

>> 

>>> Mr Michele Neylon

>> 

>>> 

>> 

>>> Blacknight Solutions

>> 

>>> 

>> 

>>> Hosting, Colocation & Domains

>> 

>>> 

>> 

>>> https://www.blacknight.com/ <https://www.blacknight.com/>

>> 

>>> 

>> 

>>> https://blacknight.blog/ <https://blacknight.blog/>

>> 

>>> 

>> 

>>> Intl. +353 (0) 59  9183072

>> 

>>> 

>> 

>>> Direct Dial: +353 (0)59 9183090

>> 

>>> 

>> 

>>> Personal blog: https://michele.blog/ <https://michele.blog/>

>> 

>>> 

>> 

>>> Some thoughts: https://ceo.hosting/ <https://ceo.hosting/>

>> 

>>> 

>> 

>>> -------------------------------

>> 

>>> 

>> 

>>> Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business

>> Park,Sleaty

>> 

>>> 

>> 

>>> Road,Graiguecullen,Carlow,R93 X265,Ireland  Company No.: 370845

>> 

>>> 

>> 

>>> 

>> 

>>> 

>> 

> <http://www.avg.com/email-signature?utm_medium=email <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> &utm_source=link&utm_campaign=sig-email&utm_content=emailclient>

>> 

>> 

>>> Virus-free. www.avg.com <http://www.avg.com>  [1]

>> 

>>> 

>> 

> <http://www.avg.com/email-signature?utm_medium=email <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient> &utm_source=link&utm_campaign=sig-email&utm_content=emailclient>

>> 

>> 

>>> 

>> 

>>> 

>> 

>>> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

>> 

>> --

>> 

>> **********************************************************

>> 

>> John McCormac  *  e-mail: jmcc at hosterstats.com <mailto:jmcc at hosterstats.com> 

>> 

>> MC2            *  web: http://www.hosterstats.com/

>> 

>> 22 Viewmount   *  Domain Registrations Statistics

>> 

>> Waterford      *  Domnomics - the business of domain names

>> 

>> Ireland        *  https://amzn.to/2OPtEIO

>> 

>> IE             *  Skype: hosterstats.com

>> 

>> **********************************************************

>> 

>> --

>> 

>> This email has been checked for viruses by AVG.

>> 

>> https://www.avg.com

>> 

>> _______________________________________________

>> 

>> CPWG mailing list

>> 

>> CPWG at icann.org <mailto:CPWG at icann.org> 

>> 

>> https://mm.icann.org/mailman/listinfo/cpwg

>> 

>> _______________________________________________

>> 

>> By submitting your personal data, you consent to the processing of

>> your personal data for purposes of subscribing to this mailing list

>> accordance with the ICANN Privacy Policy

>> (https://www.icann.org/privacy/policy) and the website Terms of

>> Service (https://www.icann.org/privacy/tos). You can visit the

>> Mailman link above to change your membership status or

>> configuration, including unsubscribing, setting digest-style

>> delivery or disabling delivery altogether (e.g., for a vacation),

>> and so on.

> 

> 

> 

> Links:

> ------

> [1] http://www.avg.com

> _______________________________________________

> CPWG mailing list

> CPWG at icann.org <mailto:CPWG at icann.org> 

> https://mm.icann.org/mailman/listinfo/cpwg

> 

> _______________________________________________

> By submitting your personal data, you consent to the processing of

> your personal data for purposes of subscribing to this mailing list

> accordance with the ICANN Privacy Policy

> (https://www.icann.org/privacy/policy) and the website Terms of

> Service (https://www.icann.org/privacy/tos). You can visit the Mailman

> link above to change your membership status or configuration,

> including unsubscribing, setting digest-style delivery or disabling

> delivery altogether (e.g., for a vacation), and so on.

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/cpwg/attachments/20220406/550cedf3/attachment-0001.html>

More information about the CPWG mailing list