[CPWG] DRAFT Response to GNSO Domain Abuse Letter
John McCormac
jmcc at hosterstats.com
Tue Mar 29 09:05:40 UTC 2022
On 29/03/2022 05:14, Alan Greenberg via CPWG wrote:
> The draft response can be found at
> https://docs.google.com/document/d/1z8JPTXIQHDBGveCIsw_gxQQG_4ZwC5KnLStNBSj66x0/edit
> <https://docs.google.com/document/d/1z8JPTXIQHDBGveCIsw_gxQQG_4ZwC5KnLStNBSj66x0/edit>
> . I am also attaching a PDF version for those who cannot readily access
> the Google Doc. Also attached for your convenience is the full GNSO
> letter. I also note that similar letters went to the GAC, SSAC and the
> DNS Abuse Institute.
On Section 1 of the reponse:
Bulk Registration is part of the business model of some gTLDs. From the
registry side, it is a kind of speculative registration system where a
large number of domain names are registered with most being deleted
without being renewed and a small percentage (often below 5%) being
renewed at full renewal fee. These are, in reality, heavily discounted
registrations.
As part of a business model, this use of discounting has a long history.
The problem is that in addition to speculative/brand protection
registrations that may never be developed into working websites or used,
these discounted registrations attract bad actors who will register
large numbers of domain names for spam and abuse purposes. This is the
activity that needs to be identified.
Some gTLDs may not be financially viable without discounting as they
cannot compete with either .COM or local ccTLDs. The economics of the
markets that they are targeting may also require a registration fee
below that of .COM but the discounting means that the gTLD will be
affected by DA activity as DA is mobile and often follows the
discounting offers.
The suggestion of ICANN developing and deploying predictive algorithms
is worrying in that there is a fundamental difference between ccTLDs
(typically geographically and linguistically concentrated) and gTLDs
(often global and containing a large set of languages). Such tools also
have to be continually maintained and updated as the threat model of DA
changes.
On the background/sources section:
Interisle's study from 2019 is far superior to the EC report in terms of
expertise, understanding, analysis and examples of DA. The problem with
the EC report is that it has a very poor and extremely inaccurate
definition of DA and is not reliable especially in terms of methodology.
It misses one of the most common abuses of compromised websites and
treats the problem of compromised sites as a simple binary one between
the distribution of malware or phishing. The reality is more complex.
https://interisle.net/sub/CriminalDomainAbuse.pdf
It might be fair to mention the EC report in passing but it should not
be relied upon for anything substantial. The timeframe used in the
report is too narrow. The Interisle report is far more substantial and
is accurate. The people who did it know and understand the problems of
Domain Abuse.
The EC report has been criticised on CircleID for its methodology and
findings so relying upon it would cause problems.
https://circleid.com/posts/20220305-the-ever-evolving-problem-of-dns-abuse
The ICANN 4 Year retrospective review of DNS Abuse trends is also a good
reference. The correlation between spam/abuse trends and the spikes in
bulk registrations may be worth following up. It is also worth including
it as a reference document in the letter.
https://www.icann.org/en/blogs/details/icann-publishes-dns-abuse-trends-22-03-2022-en
https://www.icann.org/en/system/files/files/last-four-years-retrospect-brief-review-dns-abuse-trends-22mar22-en.pdf
Domain Abuse is a continually evolving problem and the span of the
ICANN/DAAR data (4 years) is quite useful. It might be a good thing to
compares the ICANN graphs with the historical gTLD registration numbers
to see if the bulk discounting offers coincide. It may be possible to
use ICANN's registry reports to do this.
Regards...jmcc
>
> We will be reviewing the document at the CPWG meeting on Wednesday.
>
> This is just a draft, but hopefully covers the main points. For those
> who have a strong knowledge of the subject, we need specific references
> to prior research and reports on the subject.
>
> Comments. Please make suggestions via comments and not changes to the
> text. This will allow others to easily see the original text and your
> suggestions. I will try to update the document to incorporate feedback
> prior to the meeting.
>
> *ALAC Members: Note that this is the last CPWG meeting prior to the
> submission deadline and we will be asking for a approval to proceed
> during the CPWG meeting.
>
> **Alan
>
> *
>
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
> Virus-free. www.avg.com
> <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient>
>
>
> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
>
> _______________________________________________
> CPWG mailing list
> CPWG at icann.org
> https://mm.icann.org/mailman/listinfo/cpwg
>
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
--
**********************************************************
John McCormac * e-mail: jmcc at hosterstats.com
MC2 * web: http://www.hosterstats.com/
22 Viewmount * Domain Registrations Statistics
Waterford * Domnomics - the business of domain names
Ireland * https://amzn.to/2OPtEIO
IE * Skype: hosterstats.com
**********************************************************
--
This email has been checked for viruses by AVG.
https://www.avg.com
More information about the CPWG
mailing list