DOCSLIB.ORG

Pdf Monetization to the Benefit of Attackers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

SIDN Labs https://sidnlabs.nl February 13, 2017 Peer-reviewed Publication Title: Domain names abuse and TLDs: from monetization towards mitigation Authors: Giovane C. M. Moura, Moritz M¨uller,Marco Davids, Maarten Wullink, and Cristian Hesselman Venue: 3rd IEEE/IFIP Workshop on Security for Emerging Dis- tributed Network Technologies (DISSECT 2017), co-located with IFIP/IEEE International Symposium on Integrated Network Man- agement (IM 2017), Lisbon, Portugal. Conference dates: May 8th to 12th, 2017. Citation: • Moura, G.C. M., M¨uller,M., Davids, M., Wullink, M, Hesselman, C.: Do- main names abuse and TLDs: from monetization towards mitigation. 3rd IEEE/IFIP Workshop on Security for Emerging Distributed Network Technolo- gies (DISSECT 2017), co-located with IFIP/IEEE International Symposium on Integrated Network Management (IM 2017). Lisbon, Portugal, May 2017 (to appear) • Bibtex: @inproceedings{sidn-dissect-2017, author = {{Giovane C. M. Moura, Moritz Muller, Marco Davids, Maarten Wullink, and Cristian Hesselman}}, booktitle={{ 3rd IEEE/IFIP Workshop on Security for Emerging Distributed Network Technologies (DISSECT 2017), co-located with IFIP/IEEE International Symposium on Integrated Network Management (IM 2017)}}, title={Domain names abuse and TLDs: from monetization towards mitigation}}, year={2017}, month={May}, } 1 Domain names abuse and TLDs: from monetization towards mitigation Giovane C. M. Moura, Moritz Muller,¨ Marco Davids, Maarten Wullink, and Cristian Hesselman SIDN Labs Stichting Internet Domeinregistratie Nederland (SIDN) Arnhem, The Netherlands Email: ffi[email protected] Abstract—Hidden behind domain names, there are lucrative Domain Registration Domain Resolution (and ingenious) business models that misuse/abuse the DNS Authori- Registrar Zone tative DNS namespace and employ a diversified form of monetization. To Registrant Registry User / Reseller File Name Resolvers curb some of those abuses, many research works have been pro- Servers posed. However, while having a clear contribution and advancing the state-of-the-art, these works are constrained by their limited Active Scans datasets and none of them present a survey on the forms of DNS abuse. In this paper, we address these limitations by presenting a case study in one top-level domain (TLD) operator (.nl) with RegDB Records AuthDNS diverse longitudinal datasets. We then cover eight business models Datasets that DNS abusers employ and their respective monetization form, and discuss how TLD operators can employ these datasets to Fig. 1. TLD Operations: registration (left), domain name resolution (right), detect these forms of abuse. and derived datasets. I. INTRODUCTION Domain names have long been misused for different types of curb each form of abuse. The main contribution of this paper abuse: phishing, malware distribution, spamming, and botnet is, therefore, a survey of domain related abuses including their command-and-control (C&C) are just some of them. Underly- underlying business models, and a discussion on how TLD ing each of these forms of abuse, we find profitable business operators can use their datasets to mitigate them. models, which provide the incentives for these abusers to The remainder of this paper is divided as follows: we cover continue with such activities. the two basic services provided by TLDs (domain registration To curb such practices, the research community has been and name resolution) in xII. Then, we introduce in xIII the active in proposing various solutions, such as [1], [2], [3], datasets we used . Following that, we present in xIV a survey [4], [5], [6]. While these works advance the state-of-the art on the types of DNS abuse and their underlying business and have a clear contribution, they are faced with two main models and their respective implications on the datasets. shortcomings: (i) they are constrained by type and/or duration Finally, conclusions and future work are discussed in xV. of their respectively available datasets (due to the difficulty in obtaining such datasets) and (ii) while these solutions cover II. BACKGROUND different sorts of abuse, we lack a survey on domain-related A. Domain Registration abuses, which leaves the question of how much ground has Domain registration consists of creating a unique domain not been covered yet unanswered. name that ultimately is added to the zone file of a DNS This paper addresses both issues: by carrying out a case zone. Typically, it involves the so-called triple-R: registrant, study on the top-level domain (TLD) of the Netherlands (.nl), registrar (or reseller), and registry (or TLD operator). Figure 1 we address the first issue by analyzing three longitudinal summarizes the process (left part). To register a domain in a datasets readily available to TLD operators (xIII): historical specific TLD, first a registrant (a user) choses a registrar (e.g: registration database (as opposed to hard-to-parse [7] and GoDaddy) that is accredited by the TLD of his/her choice. yet incomplete whois records), traffic to authoritative name Once the requirements of the registrar are fulfilled (personal servers (centralized view instead of DNS resolvers traffic), and data, payment), it contacts the registry and registers the the infrastructure used by the domains (obtained using DNS requested domain on behalf of the user1. Different registrars scans). have different registration interfaces, but the communications We address the second issue by presenting a survey on between the registrar and registry are typically performed domain abuses (xIV) and discuss their underlying business using the Extensible Provisioning Protocol (EPP, RFC 5730). models and respective monetization methods. We demonstrate how they create patterns in our datasets, and discuss how TLD 1Some registries allow domain tasting, in which a user may try a domain operators [8] can leverage these to develop methods tailored to for a few days for free (domain tasting), but is not the case for .nl. Business Spam RegDB AuthDNS Records Lit Domains are registered for a certain period of time (de- Phishing(0-day) Yes Weak Strong Weak [3], [6] pending on the registry), and after expiration, they can enter Phishing(comp.) Yes None Strong Weak [17] Parking (Ads) No Strong Weak Strong [18], [19] a Redemption Grade Period (RGP), in which the former Parking (Mal) No Strong Weak Strong [18], [19] registrant can still renew the domain. After this period has Fake Goods Yes Weak Weak Medium [6], [20] expired, the domain is deleted and other registrants can register Drop-Catch No Medium Medium Weak [21] Botnet C&C No Medium Strong ? [22] it (this depends on the policy of the registry and .nl domains Blackhat SEO No Medium Medium Strong [23], [24] are made available after 40 days of the expiration date). TABLE I Each registry, in turn, maintains its own registration BUSINESS MODELS AND DATASETS/SIGNAL “STRENGTH”, AND database, which then is used to generate a Zone File (Figure 1) RESEARCH WORKS THAT COVER THOSE. that contains the list of all active and delegated domains sampled view (due to caching on the resolvers [13]) of all under the respective TLD and their respective DNS records. queries issued to .nl. Similarly to the registration database, Ultimately, the zone files are used as input files on the 2 researchers usually do not have access to this type of data – authoritative name servers for the particular TLD . These when they have it typically covers a snapshot of it. We, on the zone files are also frequently updated, and each TLD operator other hand, have been continuously storing this data since May chooses how often–.nl updates its zone files every hour. 2014. We use our open-source Hadoop-based ENTRADA [14] B. Domain Resolution to store and process this dataset. Records: last, .nl zone files contains information about all Domain name resolution consists of resolving a domain active domains, but not all the DNS records [11]. To obtain name into, ultimately, its IP addresses or other specific types such information and types of records, we utilize the daily of DNS records [11]. We summarize this process on the right scans (Figure 1) to our zone [15]. side of Figure 1. First a user attempts to access a web site Access to these datasets is regulated by our publicly avail- (e.g,: example.nl). The stub DNS resolver on his/her computer able data privacy framework that conforms to both EU and sends a DNS request to its DNS resolver, typically provided Dutch legislation [16]. We refer the interested reader to [8] for by the ISP. The DNS resolver, in turn, contacts one of the a discussion on a security and stability role of TLDs, including root.hints Root DNS servers [12] (as provided by file) to privacy management. obtain the authoritative name server for .nl. Then, it will send another request to one of the authoritative servers of .nl, which IV. MONETIZATION METHODS AND MITIGATION respond for example.nl. Caching on DNS resolvers [13] may eliminate some of these steps. Finally, the resolver responds How can one monetize using domain names? Answering to the user with the required DNS record. this question allows us to understand the underlying business models employed by domain name abusers. These business III. DATASETS AND TLDS VANTAGE POINT models vary significantly, leaving an, often distinctive, “trace” RegDB: at domain registration side (Figure 1), we have ac- on different types of data sets we discussed in xIII, which can, cess to the historical database of .nl, which contains historical in turn, be used to mitigate such abuses. Table I summarizes information about registration and removal of domains from the relationship between commonly observed business models its respective zone files. We refer to this dataset as RegDB. and the three datasets we covered in xIII, and whether they This dataset contains complete information about registrant use spam to advertise their domains. and registrar (and resellers, if applicable), as well as some There are, however, other business models that can be used of the DNS records of the respective domain (NS, DS, and to monetize on DNS – such as compromising a registrar or DNS glue [11]) for a period of 20+ years.
Recommended publications
  • Proactive Cyberfraud Detection Through Infrastructure Analysis

    Proactive Cyberfraud Detection Through Infrastructure Analysis

    PROACTIVE CYBERFRAUD DETECTION THROUGH INFRASTRUCTURE ANALYSIS Andrew J. Kalafut Submitted to the faculty of the Graduate School in partial fulfillment of the requirements for the degree Doctor of Philosophy in Computer Science Indiana University July 2010 Accepted by the Graduate Faculty, Indiana University, in partial fulfillment of the requirements of the degree of Doctor of Philosophy. Doctoral Minaxi Gupta, Ph.D. Committee (Principal Advisor) Steven Myers, Ph.D. Randall Bramley, Ph.D. July 19, 2010 Raquel Hill, Ph.D. ii Copyright c 2010 Andrew J. Kalafut ALL RIGHTS RESERVED iii To my family iv Acknowledgements I would first like to thank my advisor, Minaxi Gupta. Minaxi’s feedback on my research and writing have invariably resulted in improvements. Minaxi has always been supportive, encouraged me to do the best I possibly could, and has provided me many valuable opportunities to gain experience in areas of academic life beyond simply doing research. I would also like to thank the rest of my committee members, Raquel Hill, Steve Myers, and Randall Bramley, for their comments and advice on my research and writing, especially during my dissertation proposal. Much of the work in this dissertation could not have been done without the help of Rob Henderson and the rest of the systems staff. Rob has provided valuable data, and assisted in several other ways which have ensured my experiments have run as smoothly as possible. Several members of the departmental staff have been very helpful in many ways. Specifically, I would like to thank Debbie Canada, Sherry Kay, Ann Oxby, and Lucy Battersby.
  • I Wish to Thank the United States Department of Commerce's

    I Wish to Thank the United States Department of Commerce's

    Comments from Danny Younger Introduction: I wish to thank the United States Department of Commerce’s National Telecommunications and Information Administration for this opportunity to comment on the continuation of the transition of the technical coordination and management of the Internet’s domain name and addressing system to the private sector. As a member of the public that has had the honor of serving as an elected Chair of the General Assembly of the Domain Name Supporting Organization of the Internet Corporation for Assigned Names and Numbers, I sincerely appreciate your posting of a Notice of Inquiry and wish to share with you my thoughts on the transition process as an individual that has tracked ICANN-related matters on a regular basis for the last six years. It has been said that “ICANN may not be the world’s most unpopular organization, but if it had consciously set out to make itself loathed it could hardly have been more successful.”1 I share that assessment. ICANN, the organization selected to embody the principles set forth in the White Paper2 is almost universally reviled. From my vantage point as a long-time ICANN participant, I have come to conclude that this passionate loathing has a single root cause: we detest ICANN because it has not remained true to the White Paper’s noble vision – rather than striving to become an organization committed to private, bottom-up coordination operating for the benefit of the Internet community as a whole, ICANN has chosen instead to focus its attention exclusively upon that select stakeholder community that feeds its coffers – it has become primarily a registry-registrar Guild Manager.
  • Outcomes Report of the GNSO Ad Hoc Group on Domain Tasting

    Outcomes Report of the GNSO Ad Hoc Group on Domain Tasting

    GNSO Outcomes Report on Domain Tasting Doc. No.: Date: 2007/02/04 4 October, 2007 OUTCOMES REPORT OF THE GNSO AD HOC GROUP ON DOMAIN NAME TASTING 4 October 2007 Group Chair: Mike Rodenbaugh ICANN Staff: Olof Nordling, Patrick Jones STATUS OF THIS DOCUMENT This is the final version of the Outcomes Report from the GNSO ad hoc group on Domain Name Tasting, submitted to the GNSO Council on 4 October, 2007. GNSO Outcomes Report on Domain Tasting v1.6 Authors: Mike Rodenbaugh, [email protected] , Olof Nordling, [email protected] , Patrick Jones, [email protected], Page 1 of 144 GNSO Outcomes Report on Domain Tasting Doc. No.: Date: 2007/02/04 4 October, 2007 TABLE OF CONTENTS 1 EXECUTIVE SUMMARY 3 2 OBJECTIVE 5 3 BACKGROUND 7 4 OUTCOMES 10 5 NEXT STEPS 32 ANNEX 1 - SUBSCRIBERS TO THE DT LIST 33 ANNEX 2 - RFI RESPONSES 34 ANNEX 3 - EXPERIENCES FROM CCTLDS 97 ANNEX 4 - COMMENTS FROM UDRP PROVIDERS 104 ANNEX 5 – IPC CONSTITUENCY SUPPLEMENTAL RFI116 ANNEX 6 – REQUEST TO VERISIGN 144 GNSO Outcomes Report on Domain Tasting v1.6 Authors: Mike Rodenbaugh, [email protected] , Olof Nordling, [email protected] , Patrick Jones, [email protected], Page 2 of 144 GNSO Outcomes Report on Domain Tasting Doc. No.: Date: 2007/02/04 4 October, 2007 1 Executive summary 1.1 Background Following a request from the At-Large Advisory Committee in spring 2007, the GNSO Council called for an Issues Report on Domain Tasting from ICANN Staff in May 2007. This Issues Report, available at http://gnso.icann.org/issues/domain- tasting/gnso-domain-tasting-report-14jun07.pdf was discussed at the ICANN San Juan meeting, where the GNSO Council on 27 June 2007 (minutes at http://gnso.icann.org/meetings/minutes-gnso-27jun07.shtml) resolved to establish an ad hoc group for further fact-finding on the practice of domain tasting.
  • The Secondary Market for Domain Names”, OECD Digital Economy Papers, No

    The Secondary Market for Domain Names”, OECD Digital Economy Papers, No

    Please cite this paper as: OECD (2006-04-12), “The Secondary Market for Domain Names”, OECD Digital Economy Papers, No. 111, OECD Publishing, Paris. http://dx.doi.org/10.1787/231550251200 OECD Digital Economy Papers No. 111 The Secondary Market for Domain Names OECD Unclassified DSTI/ICCP/TISP(2005)9/FINAL Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development 12-Apr-2006 ___________________________________________________________________________________________ _____________ English - Or. English DIRECTORATE FOR SCIENCE, TECHNOLOGY AND INDUSTRY COMMITTEE FOR INFORMATION, COMPUTER AND COMMUNICATIONS POLICY Unclassified DSTI/ICCP/TISP(2005)9/FINAL Working Party on Telecommunication and Information Services Policies THE SECONDARY MARKET FOR DOMAIN NAMES English - Or. English JT03207431 Document complet disponible sur OLIS dans son format d'origine Complete document available on OLIS in its original format DSTI/ICCP(2005)9/FINAL FOREWORD This report was presented to the Working Party on Telecommunications and Information Services Policies (TISP) in December 2005 and was declassified by the Committee for Information, Computer and Communications Policies (ICCP) in March 2006. This report was prepared by Ms. Karine Perset, with the participation of Mr. Dimitri Ypsilanti, both of the OECD's Directorate for Science, Technology and Industry. This report is published on the responsibility of the Secretary-General of the OECD. 2 DSTI/ICCP(2005)9/FINAL © OECD/OCDE 2006 3 DSTI/ICCP(2005)9/FINAL
  • From WHOIS to WHOWAS: a Large-Scale Measurement Study of Domain Registration Privacy Under the GDPR

    From WHOIS to WHOWAS: a Large-Scale Measurement Study of Domain Registration Privacy Under the GDPR

    From WHOIS to WHOWAS: A Large-Scale Measurement Study of Domain Registration Privacy under the GDPR Chaoyi Lu∗†, Baojun Liu∗†¶B, Yiming Zhang∗†, Zhou Li§, Fenglu Zhang∗, Haixin Duan∗¶B, Ying Liu∗, Joann Qiongna Chen§, Jinjin LiangY, Zaifeng ZhangY, Shuang Hao∗∗ and Min Yang†† ∗Tsinghua University, †Beijing National Research Center for Information Science and Technology, flcy17, zhangyim17, zfl[email protected], flbj, [email protected], [email protected] §University of California, Irvine, fzhou.li, [email protected], ¶Qi An Xin Group, Y360 Netlab, fliangjinjin, [email protected], ∗∗University of Texas at Dallas, [email protected], ††Fudan University, m [email protected] Abstract—When a domain is registered, information about the [39], online advertising [55], [96], [103], [102] and usability registrants and other related personnel is recorded by WHOIS of privacy notices [104], [78], [79], [90], [50], [49], [27], [72]. databases owned by registrars or registries (called WHOIS providers jointly), which are open to public inquiries. However, Due to its broad scope, not only does the GDPR protect due to the enforcement of the European Union’s General Data normal users browsing websites, users setting up websites and Protection Regulation (GDPR), certain WHOIS data (i.e., the the associated infrastructure are also protected. One example records about EEA, or the European Economic Area, registrants) is domain registration. After a user registers a domain name, needs to be redacted before being released to the public. Anec- e.g., example.com, its sponsoring registrar and upper-stream dotally, it was reported that actions have been taken by some registry will store his/her personal information like name and WHOIS providers.
  • GNSO Final Report on Domain Tasting Date

    GNSO Final Report on Domain Tasting Date

    GNSO Final Report on Domain Tasting Date: 4 April 2008 GNSO Final Report on Domain Tasting STATUS OF THIS DOCUMENT This is the Final Report on the pending Domain Tasting Policy Development Process, prepared by ICANN staff for submission to the GNSO Council following public comments on the Initial Report of 7 January 2008 and draft Final Report of 8 February 2008. SUMMARY This report is submitted to the GNSO Council following public comments to the Initial Report and draft Final Report, as a required step in this GNSO Policy Development Process on Domain Tasting. Final Report on Domain Tasting Author:, Liz Gasster, [email protected] Page 1 of 83 GNSO Final Report on Domain Tasting Date: 4 April 2008 TABLE OF CONTENTS 1 EXECUTIVE SUMMARY 3 2 OBJECTIVE AND NEXT STEPS 9 3 BACKGROUND 10 4 DISCUSSION OF ISSUES 18 5 CONCLUSION 38 ANNEX 1 - CONSTITUENCY STATEMENTS 39 ANNEX 2 - UPDATED CONSTITUENCY STATEMENTS 72 Final Report on Domain Tasting Author:, Liz Gasster, [email protected] Page 2 of 83 GNSO Final Report on Domain Tasting Date: 4 April 2008 1 Executive summary The practice of domain tasting (using the add grace period to register domain names in order to test their profitability) has escalated significantly in the last two years. ICANN community stakeholders are increasingly concerned about the negative effects of domain tasting and in the spring of 2007 the At Large Advisory Committee (ALAC) asked that the domain tasting issue be studied further by the GNSO Council. The ALAC request enumerated five areas of potential concern for Internet users: 1.
  • Intellectual Property Interests Constituency Constituency Statement on Domain Name Tasting December 5, 2007

    Intellectual Property Interests Constituency Constituency Statement on Domain Name Tasting December 5, 2007

    Intellectual Property Interests Constituency Constituency Statement on Domain Name Tasting December 5, 2007 Pursuant to GNSO Council Resolution 20071031-2, the Intellectual Property Interests Constituency (“IPC”) submits this Constituency Statement on Domain Tasting. The IPC arrived at the positions below in accordance with the requirements of the GNSO Policy Development Process as outlined in the ICANN bylaws. These positions incorporate by reference Section 4.3 of the Outcomes Report of the GNSO Ad Hoc Group on Domain Tasting, October 4, 2007 (hereinafter “Outcomes Report”), and Annex 5 thereto. I. Constituency Position A. Domain Tasting Harms Intellectual Property Rights Holders 1. Domain tasting harms holders of intellectual property (“IP”) rights (“IPR”) when, as is often the case, the tasted domain names (“tasted names”) are anticipated typographical errors of trademarks. A recent report by McAfee, Inc. characterizes domain tasting as one of the most significant factors in the recent growth in typosquatting. What’s In a Name: The State of Typosquatting 2007, available at http://us.mcafee.com/root/identitytheft.asp?id=safe_typo&cid=38296#WhatIsDriving. Domain tasting that is also typosquatting causes consumer confusion, erodes brands, and harms the goodwill represented by those brands. See Outcomes Report, page 14 and Annex 2. 2. Domain tasting prevents IPR holders from registering and using for legitimate purposes the tasted domain names ("tasted names"). Outcomes Report, pages 18-19. 3. Large IPR holders and those that own famous or well-known brands are more likely to have their brands/marks be the subject of tasted names. Consequently, they are more likely to incur the greatest costs in preventing and taking action against domain tasting involving typosquatting.
  • PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration

    PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration

    PREDATOR: Proactive Recognition and Elimination of Domain Abuse at Time-Of-Registration Shuang Hao∗ Alex Kantcheliany Brad Millerx Vern Paxson† Nick Feamsterz ∗ y University of California, Santa Barbara University of California, Berkeley x z Google, Inc. International Computer Science Institute Princeton University [email protected] {akant,vern}@cs.berkeley.edu [email protected] [email protected] ABSTRACT content [18, 53]. To mitigate these threats, operators routinely build Miscreants register thousands of new domains every day to launch reputation systems for domain names to indicate whether they are Internet-scale attacks, such as spam, phishing, and drive-by down- associated with malicious activity. A common mode for developing loads. Quickly and accurately determining a domain’s reputation reputation for DNS domain names is to develop a blacklist that curates (association with malicious activity) provides a powerful tool for mit- “bad domains”. A network operator who wishes to defend against an igating threats and protecting users. Yet, existing domain reputation attack may use a domain blacklist to help determine whether certain systems work by observing domain use (e.g., lookup patterns, content traffic or infrastructure is associated with malicious activity. hosted)—often too late to prevent miscreants from reaping benefits of Unfortunately, curating a DNS blacklist is difficult because of the attacks that they launch. the high rate of domain registrations and the variety of attacks. For As a complement to these systems, we explore the extent to which example, every day around 80,000 new domains are registered in features evident at domain registration indicate a domain’s subsequent the .com zone, with a peak rate of over 1,800 registrations in a sin- use for malicious activity.
  • The Brave New World of Policing Trademarks by Patrick M

    The Brave New World of Policing Trademarks by Patrick M

    The Brave New World of Policing Trademarks By Patrick M. Fahey and Susan S. Murphy t’s a brave new world for trademark when the entity tasked with coordination ber of registrars and individuals register owners. By some accounts, “virtu- of the Internet domain name system, the millions of domain names on a daily basis Ially every typographical error and Internet Corporation for Assigned Names that often include brands and typographi- misspelling of a word is monetized by and Numbers (ICANN), implemented the cal errors of brands en masse and free of someone, whether a domain name regis- “Add Grace Period” (AGP), a five-day charge by exploiting the five-day AGP.”8 trar, a domain investor, [or] an ISP. .”1 grace period during which Whether viewed as legitimate or nefar- Trademark owners spend millions of dol- ious, the instances of domain tasting have lars in promoting their marks and taking all the new owner [of a domain name] increased exponentially over the course of reasonable steps to protect that investment. can make full use of the chosen the past three years.9 Several factors are On any given day, however, hundreds or domain name, and no one else can responsible for this. First, the ease with even thousands of permutations of those use that domain name as the address which available domain names can be marks are popping up in domain names on for a website. However, during the identified and registered using automated the Internet, leading customers to websites AGP, the new owner can drop the processes, sometimes referred to as “drop- populated with links to the legitimate mark domain name for any reason, with- catching,” allows for the bulk registration holder’s competitors.
  • Unclassified DSTI/ICCP/TISP(2005)9/FINAL

    Unclassified DSTI/ICCP/TISP(2005)9/FINAL

    Unclassified DSTI/ICCP/TISP(2005)9/FINAL Organisation de Coopération et de Développement Economiques Organisation for Economic Co-operation and Development 12-Apr-2006 ___________________________________________________________________________________________ _____________ English - Or. English DIRECTORATE FOR SCIENCE, TECHNOLOGY AND INDUSTRY COMMITTEE FOR INFORMATION, COMPUTER AND COMMUNICATIONS POLICY Unclassified DSTI/ICCP/TISP(2005)9/FINAL Working Party on Telecommunication and Information Services Policies THE SECONDARY MARKET FOR DOMAIN NAMES English - Or. English JT03207431 Document complet disponible sur OLIS dans son format d'origine Complete document available on OLIS in its original format DSTI/ICCP(2005)9/FINAL FOREWORD This report was presented to the Working Party on Telecommunications and Information Services Policies (TISP) in December 2005 and was declassified by the Committee for Information, Computer and Communications Policies (ICCP) in March 2006. This report was prepared by Ms. Karine Perset, with the participation of Mr. Dimitri Ypsilanti, both of the OECD's Directorate for Science, Technology and Industry. This report is published on the responsibility of the Secretary-General of the OECD. 2 DSTI/ICCP(2005)9/FINAL © OECD/OCDE 2006 3 DSTI/ICCP(2005)9/FINAL TABLE OF CONTENTS MAIN POINTS ...............................................................................................................................................5 INTRODUCTION...........................................................................................................................................7
  • New Gtlds & the Domain Name Industry

    New Gtlds & the Domain Name Industry

    New gTLDs & The Domain Name Industry Cyrus Jamnejad Account Manager, Global Domains Division LAC DNS Week – 24 November 2020 The Expansion of Top-Level Domains & The New gTLD Program | 2 What is the New gTLD Program? The New gTLD Program is a community-driven, multistakeholder- developed initiative, implemented by the ICANN org, that allows for an increased number of generic Top Level Domains. Goals of the New gTLD Program: Competition Innovation Choice The Program was initiated in 2012 with a closed application round. Subsequent New gTLD procedures are currently in development. | 3 Expansion of the Top Level Before the 2012 .com .cat .coop .biz Application Round, there .edu .aero were only 22 generic top- .gov level domains in the .info Domain Name System. .int 22 gTLDs .jobs .mil .museum .travel .name .tel .net .pro .post .org | 4 Expansion of the Top Level Now: .com .cat .coop • 1,200+ New gTLDs .biz .edu .aero • 500+ are Brand TLDs .gov .ceo • 25 Million+ Domains in .info New gTLDs .int .futbol 1200 gTLDs .jobs .mil .みんな .онлайн .menu .brand .museum .travel .name .tel .net .pro .org .cab .paris .post .公益 | 5 The DNS Industry | 6 DNS Industry – Contractual Landscape | 7 Distribution of ICANN Contracted Parties 4 Europe 757 gTLDs 1,975 262 gTLDs Registrars 156 Registrars 165 gTLDs NortH America 294 17 gTLDs 6 gTLDs Registrars Asia/ Australia/ 12 12 Pacific Registrars Registrars Latin America/ Africa Caribbean islands Total Worldwide Domain Names Count | 8 Domain Name Marketplace Indicators ProJect ICANN Strategic Objective 2.3: Support tHe evolution of tHe domain name marketplace to be robust, stable and trusted.
  • DOMAIN NAME SPECULATION: ARE WE PLAYING WHAC-A-MOLE? Sara D

    DOMAIN NAME SPECULATION: ARE WE PLAYING WHAC-A-MOLE? Sara D

    DOMAIN NAME SPECULATION: ARE WE PLAYING WHAC-A-MOLE? Sara D. Sunderland Since the inception of the Internet, speculators have sought to monetize web pages, often by selling space to advertisers. Monetized domain parking has emerged as a multi-million-dollar business over the last several years,' evolving from simple cybersquatting to a sophisticated and mostly automated method of delivering pay-per-click advertising on thousands of domains. Similar to the game of Whac-A-Mole,2 whenever the state introduces new legal tools to curb domain speculation abuse, domain name speculators alter their business models to survive. Although federal trademark law has a part to play in the battle against domain name speculation, some academics are concerned about expanding the law for this purpose.3 Additionally, the legal tools currently used most frequently to battle domain name speculation, the Uniform Domain-Name Dispute-Resolution Policy (UDRP) 4 and the Anticybersquatting Consumer Protection Act (ACPA), have been in use for ten years, yet the problem persists.' This Note examines the evolution of the domain name speculation business model and the tools used to fight it, outlines the scope of the problem and the barriers to solutions, and concludes that due to the difficulties of policing domain name speculation using trademark law, a combination of policy changes, technological solutions, and social C 2010 Sara D. Sunderland. 1. David Kesmodel, Thanks to Web Ads, Some Find New Money in Domain Names, WALL ST. J. ONLINE, November 17, 2005, http://online.wsj.com/public/article/SB113 200310765396752-FYV6dsilRSON1fsiVubLf_5nl8_20061116.html?mod=rss-free. 2.