[dns-operations] the real reason for ICANN's gTLD expansion seems to be...

Paul Vixie paul at redbarn.org
Mon Jan 1 07:37:44 UTC 2018 

joyous occasion of 2018 to all. getting back to stuff buried in my inbox:

Francisco Obispo wrote:
> A couple of years ago, Spamhaus published a list of top 10 most abused
> tlds [1]
>
> ...
>
> It amazes me how the blog article makes assertions that it later softens
> by explaining that the numbers are based on the total number of
> malicious (or thought malicious) seen in /their database/ vs the /total/
> in their DB. It does /not/ take into account the total size of the
> population, thus the numbers pose no significant surprise, because if
> its an /abuse database/, so what do you expect to find?

spamhaus also has a passive dns database, so, they do know about domains 
which have not been reported as abusive.

> ...
>
> I also don’t believe abuse is related to who the backend operator is and
> whether their employees attend dns-oarc or not. The *main* factor
> associated with abuse has to do with registrars not screening their
> customers properly. Those registrars who spend the extra dime on
> checking the customer’s reputation tend to have a far less abuse numbers
> than those who do not.

while i agree, i think you'll find extreme correlation between backend 
operators who attend dns-oarc, and backend operators who screen their 
customers properly. so, this may be misleading, but it might also not be 
wrong.

> The deep discounts that the registries provide was a /business/ strategy
> aimed to obtain TLD awareness, but the ecosystem is not just the
> registries, it is a combination of factors that if not balanced properly
> it causes disruption.

i think that uniregistry, as a backend operator, screens its customers 
for abuse better than the average backend operator. in general i would 
be willing to consider using the statistics on the strings you manage, 
as a baseline against which to measure other backend operators. if 
you're publishing stats, can you share the URL here? if you're willing 
to share your full 2LD list confidentially with spamhaus for research 
purposes, that would be even more informative.

> We have stopped giving deep discounts to registrars based on this
> strategy, and have effectively raised the prices on *all* of the TLDs
> managed by us, and the effects are starting to show positive results in
> terms of a new registration being used for abuse, but we continue to
> monitor and work with our registrar customers to improve the security
> screenings needed to ensure abuse numbers are kept low.

while heartening, this was not unexpected. with several ex-ISC people on 
the uniregistry staff, it was always a given that abuse would not be 
long tolerated there.

> There is a third factor, that whether we like it or not, /exists/, and
> it is related to the marketing campaigns that exists have towards new
> TLDs, so every report that comes out there needs to be read very
> carefully to separate the facts from speculation.

i don't understand why you said this. marketing campaigns of this kind 
either will, or won't, lead to greater abuse of the strings marketed; 
they either will, or won't, put competitive pressure on other backend 
operators to market-in-kind which either will, or won't, cause abuse in 
those other strings. no matter how the marketing occurs or succeeds or 
fails, the abuse stats will show the impact. those of us receiving 
communications that leverage in some way an abused gtld string will not 
care what the prime cause was, only the proximate cause, which is 
lassitude in screening new registrants or in handling abuse complaints.

> On 7 Dec 2017, at 14:39, Paul Vixie wrote:
> RSubject: the real reason for ICANN's gTLD expansion seems to be...
>     ...that spammers just didn't have enough choices.
>
>     https://www.symantec.com/connect/blogs/men-black-and-gray
>
>     i have occasionally criticized ICANN, which is a 501(c)(3) public
>     charity, for acting too often in the interests of their commercial
>     constituency, and not asking often enough, "what are the public's
>     interests here?"
>
>     now symantec has actually quantified that.
>
>     you know who you are, probably.

-- 
P Vixie

More information about the dns-operations mailing list