[CPWG] .zip and similar gTLDs from the perspective of DNS Abuse

Justine Chew justine.chew.icann at gmail.com
Wed Jun 28 04:02:38 UTC 2023 

https://circleid.com/posts/20230627-alleviating-the-risks-.zip-and-similar-domain-extensions-could-pose-via-dns-intelligence

An interesting article on .zip and other similarly confusing gTLDs .(app,
.cab, .cam, .mobi, .mov, .pub, .rip, and .win cited) from a DNS Abuse point
of view.

Kind regards,
Justine



On Wed, 31 May 2023 at 13:56, Greg Shatan [NARALO] <gregshatanalac at gmail.com>
wrote:

> There are not many ICANN-related issues that break through to the general
> consciousness and mainstream media.  The attempted sale of .ORG was one
> such issue.
>
> .ZIP (specifically) is another such issue.  I have seen it now mentioned
> on TV news.  I have also seen a large global financial institution issue a
> warning about .zip to employees and vendors, even while noting the gTLD's
> existence is "above board."
>
> It is true that .zip is not unique in the type of risk it might pose.
>
> However, I think it is fair to consider .zip a highly malignant variation
> on this type of risk, with some special features. "Zip files" are sent by
> email all day every day by general business and non-business users. Indeed,
> they exist to be sent by email. ".io files" do not fit the same profile
> (and .io is a ccTLD, which changes the analysis as well).
>
> While this might be an opportunity to educate end-users about the
> existence of the larger problem, the .zip problem cannot be treated as
> merely one of many.
>
> Greg
>
>
> On Tue, May 30, 2023 at 9:21 PM Justine Chew via CPWG <cpwg at icann.org>
> wrote:
>
>> Maria,
>>
>> Carlton is correct. In the 2012 round, there was a Top-Level Reserved
>> Names List which contained strings that were not allowed, these were mainly
>> associated with ICANN-related entities and functions as well as some
>> "well-known technical words":
>>
>> AFRINIC  ALAC  APNIC  ARIN  ASO  CCNSO  EXAMPLE  GAC  GNSO  GTLD-SERVERS
>> IAB  IANA  IANA-SERVERS ICANN IESG IETF
>> INTERNIC  INVALID  IRTF ISTF  LACNIC  LOCAL LOCALHOST NIC  NRO
>> RFC-EDITOR  RIPE  ROOT-SERVERS  RSSAC  SSAC  TEST
>> TLD  WHOIS  WWW
>>
>> For the next round, the ICANN Board has already approved a SubPro PDP
>> recommendation to add PTI to the above list.
>>
>> Justine
>>
>>
>>
>> On Wed, 31 May 2023 at 07:18, Carlton Samuels via CPWG <cpwg at icann.org>
>> wrote:
>>
>>> Hi Maria,
>>> Not sure if forbidden is the right label here but in the old rules -
>>> this would be like the 2012 round of gTLD - each TLD had a list of reserved
>>> names, meaning those that could not be in the trade.  If memory serves,
>>> those were listed in the RA.
>>>
>>> At the top level, there are reserved strings that may not be delegated
>>> and those were listed. Well, almost all of them anyways; .internet itself
>>> was an outlier.
>>>
>>> Carlton
>>>
>>> ==============================
>>> *Carlton A Samuels*
>>>
>>> *Mobile: 876-818-1799Strategy, Process, Governance, Assessment &
>>> Turnaround*
>>> =============================
>>>
>>>
>>> On Tue, 30 May 2023 at 17:53, Maria A via CPWG <cpwg at icann.org> wrote:
>>>
>>>> Hi everyone,
>>>>
>>>> Sorry my view might not be too informed - but what is even Google's
>>>> rationale to pushing these?
>>>>
>>>> Also isn't there some sort of black list of forbidden domains?
>>>>
>>>> Thank you,
>>>> Maria
>>>>
>>>> On Tue, May 30, 2023, 11:09 PM Jonathan Zuck via CPWG <cpwg at icann.org>
>>>> wrote:
>>>>
>>>>> Chantelle,
>>>>>
>>>>> Let’s find some time on the next CPWG call to discuss this situation.
>>>>> This might result in a discussion of advice or in a discussion of
>>>>> correspondence to the SSAC. Let’s get it on the agenda. Thanks.
>>>>>
>>>>> Jonathan
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *From: *CPWG <cpwg-bounces at icann.org> on behalf of Bill Jouris via
>>>>> CPWG <cpwg at icann.org>
>>>>> *Date: *Tuesday, May 30, 2023 at 4:26 PM
>>>>> *To: *cpwg at icann.org <cpwg at icann.org>
>>>>> *Subject: *Re: [CPWG] Google pushes .zip and .mov domains onto the
>>>>> Internet, and the Internet pushes back
>>>>>
>>>>> I apologize for misunderstanding your point.  Indeed we should look at
>>>>> other existing gTLDs as well.
>>>>>
>>>>>
>>>>>
>>>>> But .ZIP is something that we already know about, and thus can act on
>>>>> immediately.  Plus, as we do so, we create a process for dealing with other
>>>>> problematic existing gTLDs as we discover them.
>>>>>
>>>>>
>>>>>
>>>>> Bill Jouris
>>>>>
>>>>> Sent from Yahoo Mail on Android
>>>>> <https://mail.onelink.me/107872968?pid=nativeplacement&c=Global_Acquisition_YMktg_315_Internal_EmailSignature&af_sub1=Acquisition&af_sub2=Global_YMktg&af_sub3=&af_sub4=100000604&af_sub5=EmailSignature__Static_>
>>>>>
>>>>>
>>>>>
>>>>> On Tue, May 30, 2023 at 12:25 PM, Khaled Koubaa via CPWG
>>>>>
>>>>> <cpwg at icann.org> wrote:
>>>>>
>>>>> _______________________________________________
>>>>> CPWG mailing list
>>>>> CPWG at icann.org
>>>>> https://mm.icann.org/mailman/listinfo/cpwg
>>>>>
>>>>> _______________________________________________
>>>>> By submitting your personal data, you consent to the processing of
>>>>> your personal data for purposes of subscribing to this mailing list
>>>>> accordance with the ICANN Privacy Policy (
>>>>> https://www.icann.org/privacy/policy) and the website Terms of
>>>>> Service (https://www.icann.org/privacy/tos). You can visit the
>>>>> Mailman link above to change your membership status or configuration,
>>>>> including unsubscribing, setting digest-style delivery or disabling
>>>>> delivery altogether (e.g., for a vacation), and so on.
>>>>> _______________________________________________
>>>>> CPWG mailing list
>>>>> CPWG at icann.org
>>>>> https://mm.icann.org/mailman/listinfo/cpwg
>>>>>
>>>>> _______________________________________________
>>>>> By submitting your personal data, you consent to the processing of
>>>>> your personal data for purposes of subscribing to this mailing list
>>>>> accordance with the ICANN Privacy Policy (
>>>>> https://www.icann.org/privacy/policy) and the website Terms of
>>>>> Service (https://www.icann.org/privacy/tos). You can visit the
>>>>> Mailman link above to change your membership status or configuration,
>>>>> including unsubscribing, setting digest-style delivery or disabling
>>>>> delivery altogether (e.g., for a vacation), and so on.
>>>>
>>>> _______________________________________________
>>>> CPWG mailing list
>>>> CPWG at icann.org
>>>> https://mm.icann.org/mailman/listinfo/cpwg
>>>>
>>>> _______________________________________________
>>>> By submitting your personal data, you consent to the processing of your
>>>> personal data for purposes of subscribing to this mailing list accordance
>>>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy)
>>>> and the website Terms of Service (https://www.icann.org/privacy/tos).
>>>> You can visit the Mailman link above to change your membership status or
>>>> configuration, including unsubscribing, setting digest-style delivery or
>>>> disabling delivery altogether (e.g., for a vacation), and so on.
>>>
>>> _______________________________________________
>>> CPWG mailing list
>>> CPWG at icann.org
>>> https://mm.icann.org/mailman/listinfo/cpwg
>>>
>>> _______________________________________________
>>> By submitting your personal data, you consent to the processing of your
>>> personal data for purposes of subscribing to this mailing list accordance
>>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy)
>>> and the website Terms of Service (https://www.icann.org/privacy/tos).
>>> You can visit the Mailman link above to change your membership status or
>>> configuration, including unsubscribing, setting digest-style delivery or
>>> disabling delivery altogether (e.g., for a vacation), and so on.
>>
>> _______________________________________________
>> CPWG mailing list
>> CPWG at icann.org
>> https://mm.icann.org/mailman/listinfo/cpwg
>>
>> _______________________________________________
>> By submitting your personal data, you consent to the processing of your
>> personal data for purposes of subscribing to this mailing list accordance
>> with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and
>> the website Terms of Service (https://www.icann.org/privacy/tos). You
>> can visit the Mailman link above to change your membership status or
>> configuration, including unsubscribing, setting digest-style delivery or
>> disabling delivery altogether (e.g., for a vacation), and so on.
>
>
>
> --
> *Greg Shatan*
> *Chair, NARALO*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mm.icann.org/pipermail/cpwg/attachments/20230628/7e49217e/attachment-0001.html>

More information about the CPWG mailing list