The so-called landrush for the latest domain name suffix – .asia – has begun.
DotAsia, the organisation overseeing the registration, is expecting huge demand for the first domain name extension for the Asia Pacific region.
But some in the industry are concerned about the proliferation of domain name suffixes in recent years.
While others think that the business of buying domain names has become more about protecting brands than promoting them.
Cybersquatting
Work to create the .asia domain began in 2000 with the DotAsia Organisation winning official approval to set up the domain in 2006.
A so-called sunrise period, where companies can reserve domains to match their trademarks, has been ongoing since October.
Now the process has been opened up for anyone to register and the first .asia domains will go live on the internet in March.
Thomas Herbert, a product manager from UK hosting firm and registrar Hostway, believes the nature of buying domain names has changed, largely due to the lucrative businesses of cybersquatting.
“People are willing to pay big money for a domain and with domain name reselling on the increase, it has become a matter of protecting your trademark,” he said.
As well as cybersquatting there can be legitimate battles over suffixes.
For example, in the sunrise period for the .eu domain, there were some 95,000 conflicting claims for domains.
The www.polo.eu domain was applied for by car maker Volkswagen, fashion house Ralph Lauren and sweet manufacturer Nestle.
To limit squabbles and cybersquatting this time around, the DotAsia Organisation, has put in place certain rules.
Companies must be already registered in the Asia/Pacific region to qualify and if there are any conflicts of interest, the domain will be auctioned off to the highest bidder.
Such restrictions are likely to increase as more domain names come online, thinks Mr Herbert.
Leona Chen, spokeswoman for the DotAsia Organisation, anticipated plenty of interest and hoped the suffix could have as significant an impact in Asia as .com has globally.
“We are ready for something big. All of our people and systems are in place and we look forward to the commencement of the .asia landrush,” she said.
Too many?
UK domain name registrar NetNames pointed out that the number of firms registering interest is considerably lower than for the sell-off of the eu domain in April 2006.
“Only 30,780 applications have been filed for .asia domain names so far compared with 330,000 at the same point in the launch of the .eu domain name,” said Jonathan Robinson, chief operating officer of NetNames.
He advised firms to get onboard quickly.
“Once it starts, there’s far less protection for companies’ trademarks and its open season on the .asia domain name for cybersquatters, online speculators and competitors,” he said.
According to a report from Nominet, the overseer of the .uk registry, there is an active market in buying, selling and storing domain names, with sales regularly exceeding £100,000 and peak values reaching more than £1m.
While some of these resales are legitimate there was also a big market for speculators, said Nominet chief executive Lesley Cowley.
She was concerned that a sudden leap in the number of domain names could leave companies confused as to which ones they need to register for.
“The current process being developed by Icann (the Internet Corporation for Assigned Names and Numbers) means there could be a couple of hundred or even thousands of new suffixes to bid for by the end of the year,” she said.
The .asia domain name extends to some 70 countries, from the Middle East to Australia. 60% of the world’s population lives within the Asia-Pacific region and there are 400 million internet users.
Other regional suffixes for Africa and Latin America are expected to follow.
Read the rest of this entry »
Posted in Domains, Internet | No Comments »
The company that controls the .name registry is charging for access to domain registration information, a step that security researchers say frustrates their ability to police the internet and creates a haven for hackers who run internet scams.
When security researchers investigate spam and phishing activity on the internet, they rely on special Whois directories, which list the owner of a domain name, their hosting service and their contact information.
They can use the information to track down who is responsible for a particular scam and to notify innocent webmasters if a portion of their site has been hijacked by black-hat hackers.
ICANN, which sets the rules for the internet’s top-level domain names such as .com and .net, has traditionally required registrars to make Whois data publicly searchable as a condition of the companies’ right to sell domain names.
But Global Name Registry, or GNR, which administers domain names ending in .name (that are intended for use by individuals e.g., johndoe.name), won the right to create tiered levels of Whois access, where public searches show very little information beyond what registrar sold the name and what name servers the site uses.
The site sells five passwords, good for 24 hours only, for $2.
That’s $2 too much for security researcher Gadi Evron, one of the leading authorities on zombie computer networks. “What they have done is made sure the .name TLD is free haven for bad guys to lurk on,” Evron said. “If I need to report 1,000 domains, I’m not going pay $2,000.”
Paul Ferguson, a network architect at the security giant Trend Micro, said just this week he’s seen black hats finding ways to spread malware through name computers.
Swa Frantzen, a Belgian volunteer handler at the SANS Internet Storm Center, which monitors the net for threats, brought the policy to light on Saturday, after he was looking into some odd JavaScript reported to the center.
The domain name indicated that a legitimate .name site might have been hacked, but the .name portion of the domain name didn’t feel right, Frantzen said. The Whois information might have let him figure it out.
But Frantzen refused to pay.
“It feels like extortion,” Frantzen said. “No matter the small amounts involved, it becomes a problem as it means spending money, authorizations, purchases orders and having authorized users for credit cards. All sorts of things that slow it down dramatically.”
Whois data typically includes the name of the purchaser, a physical and e-mail address, as well as information about who hosts the site and what its name server is.
In recent years, registrars have been allowing veiled registrations so that domain-name owners can hide their identity, but still be contacted in case of an emergency or if they are served with legal papers.
Karen Lentz, ICANN’s domain registrar liaison, says that GNR is allowed to keep the data behind a paid firewall as part of its contract with ICANN, and to comply with British privacy laws.
“There is certain data that is minimal data that is free, and there is tiered access to more detailed information,” Lentz said. “One level involves paying a fee to get you access to more data for a limited period of time.”
“The whole point of having this service is to make it efficient,” Lentz said.
Another ICANN employee dismissed security researchers’ concerns about paying for the data.
“I don’t know why that matters,” she said. “Is this (reporter phone call) really worth $2 of your life?”
GNR did not reply to a request for comment by deadline.
But security researcher Evron says the move to a pay system demonstrates a larger truth about names and the internet.
“The domain name system has grown bigger than it was ever planned to be, is doing more than it was ever intended to do and does it proudly,” Evron said. “But the governance around it has become profit-based, and we have no fallback system to handle criminal organizations and countries that abuse domain names.”
Storm center volunteer Frantzen suggests that most domain name owners would benefit from making e-mail address available through the Whois system.
“Just imagine you get a call from us telling you about a problem and offering help to fix it, versus you getting a call from your ISP informing you they shut down your server due to a breach of policy,” Frantzen said.
Read the rest of this entry »
Posted in Domains, Internet, Security | No Comments »
