Friday, May 26, 2017

New gTLDs: "last week"

Each week, there is an important cover about new generic Top-Level Domains: events, delegations, launchings, innovations, etc...and a lot is said. This post covers what was said yesterday. I strongly suggest to subscribe to this Newsletter to receive all NEWS directly in your email.
  1. Two new gTLDs were just delegated:
    1. .ARAB
    2. .xn--ngbrx (عرب, "Arab", /arab/)
  2. New Gtlds, the series: Read chapter 1;
  3. Event coming: ("the only event dedicated to .brands");
  4. Approval of the Global Amendment to the Base New gTLD Registry Agreement;
  5. Successful Domain Investor Hates New GTLD Domains!
  6. A .com Domain is No Longer Necessary;
  7. “The Domain Sector is Simply Fascinating";
  8. Richemont kills off two more dot-brands;
  9. Interesting move:
  10. INTA cover:
    1. Don’t read too much into the lack of ‘.brand’ registrations;
    2. Dot Brand Domains: A Work In Progress (download the PDF).
  11. What the New gTLDs Mean for Higher Education Institutions;
  12. Just dropped 198 New gTLD domains and saved $45,000;
  13. Event coming: The (June 26, 2017, from 11 am to 18 pm);
  14. The DomainTools Report Spring 2017;
  15. The CSC new Brand (read the short story).
Read more NEWS  (much more)

Monday, May 22, 2017

French students soon equipped with new domains

Some French business schools will soon equip their students with new domain names from the ICANN new gTLD program.

The idea is simple: have a email (or a website) that catches the eye of a recruiter on your résumé.

Article is available in French:
La majorité des étudiants ont déjà un email avant de commencer leurs études, c’est un email qu’ils garderont probablement...toute leur vie. Quand bien même leur employeur leur en fournira un pour travailler, des écoles de commerce prennent les devants pour préparer leurs étudiants en Finance à se différencier en abordant le marché du travail avec un email plus “pro”.
Read my article on the Journal Du Net (in French)

Thursday, May 18, 2017

Second update: ".brands" & Homograph attacks

UPDATE: the two examples of homographs below for Apple and Epic now appear "in real" in the Chrome and Edge (Microsoft) Browsers. These browsers must have received an upgrade recently. This was not the case at the time of this first publication e few days ago. The fake sites can still be viewed on the Chrome version of Chromebooks (5/18/2017).

The article:

Many Trademarks applied for their own ".brand" domain name extension but very few use them, and why would they if they are already installed with their legacy “.com” domain? IDN Homograph attacks are a good reason to start migrate to (and promote) a .BRAND new gTLD. Read why below.

With traditional domain name extensions, open for domain name registration to the public, anyone can register a domain name: no need to ask anyone the permission. An attacker is free to register the exact same domain name as a trademark and unless the trademark’s owner notices, few will pay attention. It is what attackers often do but this is not possible with “.brand” domain names.

Why it matters
The reason why it matters for Trademarks and their consumers is that it is this restricted access to registering “.brand” domain names that makes a huge difference in terms of security: Attackers don’t have access to them. When a .BRAND new gTLD applicants makes the move to use its personalized extension only and informs its clients, it greatly increases their security:
  • Buying online;
  • Certifying the information that they read.

Two more levels of security
With .BRAND new gTLDs, two more level of security are offered to online consumers and will incite an attacker to use another domain name extension since he won’t be able to have access to registering such “.brand” domains:
  1. Homograph attacks free
    An attacker will be able to launch a phishing or an homograph attack using any open extension but if he will be able to cheat, hiding inside the second level domain name using homoglyphs or mistypes, he won’t be able to do it with a “.brand” domain name. No one but the owner of the .BRAND new gTLD can create domain names. In regard to standard phishing attacks faking “.brand” domains, a consumer will always have the ultimate alternative to double check the hyperlink but does it really matter here since double checking if it ends with the right extension is enough?
    Remember: the attacker cannot use a .BRAND new gTLD.
  2. A seal: the extension is the Trademark
    With a client being trained by the Trademark (the “.brand” new gTLD applicant) to visit hyperlinks ending in a “.brand” domain name extension, he becomes used to it so the ending of an email received or a website visited certifies that the content is from the Trademark. Again here, attackers cannot register such domains so wherever the link points to: the received of an email or the reader of a website has the capacity to double check what the domain name extension is.
    Remember: the .BRAND new gTLD is the seal that confirms that what you read is legitimate.

Phishing and Homograph attacks

Phishing attacks
In a Phishing attack, you would receive an email asking you to click on hyperlink - which title would be “click here” - clicking would take you to a fake website (asking money or information). Such links can be double checked, passing the mouse on the hyperlink, so it becomes possible to see the real hyperlink prior to clicking. Some more sophisticated phishing attacks even offer mistyped domain names such as GuiІІ (fake site) for (real site). Note that the two letters “l” in the fake site are in fact two decimal “i”, a letter of the cyrillic script (it also works with “0” replacing “o”). When you pass your mouse on the hyperlink, you will note that the domain name shows two “i” (instead of two “l”). Phishing attacks are in fact spam campaigns asking you to click on a hyperlink to take you to a fake website.
Remember: you can double check the link in your browser bar (URL bar).

Homograph attacks
Homograph attacks are the same but the problem is that the link you are asked to click the exact same in your address bar “visually speaking”. Homoglyphs are used here: they are words which letters’ shapes appear identical or very similar one to the other: International Domain Names (IDNs) are used for homograph attacks. A recent example given in the press was “” (real site), which is also “” and “” (fake site). Try the two of them in your address bar and you will note that both read to “” in your address bar. The problem? They are two different websites under the exact same “.com” domain name. Imagine such an attack using your domain name: scary isn’t it?
Remember: you cannot double check the link in your browser bar (URL bar), you must double check it before you click.

Why change now?
If .BRAND new gTLD applicants still don’t know what to do with their own domain name extension, changing now allows:
  • To start training and informing their consumers to visit a new website: “this takes time”;
  • To homogenize their domain name portfolio and stop registering more domain names they will never use: there will probably be more domain name extensions created in the future and unless I am wrong, this means more domain names to register for any Trademark who wants to secure its assets.
  • To enhance their consumers’ level of security: chances are high that attacks’ level of sophistication will not lower in the future and “.brand” domain names are a barrier to homograph attacks.
The most frustrating reason why migrating to a .BRAND new gTLD today is that consumers - you - don’t stand a chance to face a sophisticated homograph attack. For example, receiving a picture in an email does not always show the URL prior to clicking on it. It means that if you click, you could be taken to a website with the right domain name and the exact same content as the one from your bank. How will you be able to know that you are on the right website? Once you've submitted your login and password?

Banks should consider
Banks who did not (yet) apply for their own domain name extension should consider using a .BANK domain name for the same reason. Attackers cannot have access to “.bank” domain names since these are restricted to banks. In one word, it means that a bank can drastically increase its level of online security by using an extension which is not open to the public, like the popular “.com” domain name extension is. Some other extensions, like the .MUSEUM legacy gTLD, for example, prevents homograph attacks by restricting which characters can be used in domain names (source Wikipedia).

Making sense
Migrating to a single .BRAND new domain name extension makes sense if:
  • All other domain names are redirected to new “.brand” domains so existing users are trained to visiting the new URLs;
  • Existing and new clients are informed about this change early in advance so it does not cause more confusion;
  • Existing and new clients are explained that all other information coming from other domain name extensions (emails or websites) are not certified coming from the Trademark.
The objective of such move is to:
  1. Guarantee visitors the highest level of security;
  2. Lower the level of confusion due to the important number of new domain name extensions created;
  3. Increase the level of trust with one single source of information.
Attackers can use any second level domain from any extension open to the public, and which accepts IDNs, to organize and launch an homograph attack. Trademarks owning their personalized .BRAND extension are the one to control which domain name is registered so this cannot happen (unless it wants to). Still not convinced? Click here: https://аррӏе.com/

Monday, May 15, 2017

New gTLD Subsequent Procedures

Below are the action items and discussion notes captured by staff from the meeting on 15 May.

GDD Summit Recap
  • Held last week, Jeff Neuman and others were there;
  • GDD Summit is intended for contracted parties:
    • registries;
    • registrars;
    • consultants.
  • Many of the people are not members of this PDP WG (Working Group);
  • Some don't pay attention to policy processes and may not be aware of the work we are doing;
  • There are a number of contracted parties that would like to see a subsequent gTLD procedures sooner rather than later and wanted ICANN staff to set a date;
  • Not sure how realistic it is to set a date;
  • Comment by Akram Atallah: "There are a number of items that are gating items before we write any procedures, including whether it will be first come, first served";
  • Don't want to wait until the policy process is completely over before ICANN org starts to work on implementation processes;
  • Asked Akram if he could produce a list of the gating items could be so that we could consider them and in theory prioritize them;
  • Other subjects: application fees and whether there should be a refund of excess application fees; transitioning backend registries or assigning from one entity to another. Did not pertain to the RSP Program but there are some parallels;
  • GNSO Council could set a target date if they wanted to;
  • No policy decisions were made; it was just a forum for contracted parties to express their views. Everything will come back to the policy process. Nothing will happen without bringing it back to this WG;
  • From ICANN staff: Developing a list of items, but don't view them as gating items, just those that would be very helpful for implementation planning as to what the policy direction may be. For example, if it is first come, first served it could fundamentally affect how implementation is structured;
  • GDD Summit can provide an insight into the practical operational issues and concerns for contracted parties;
  • Of the 2 1/2 days of meetings there were maybe just a couple of hours on subsequent gTLD issues. Most time was spent discussing operational issues.
Participation is welcome and Community comments are available here.

Friday, May 12, 2017

Free ".broker" & ".forex" domains

Boston Ivy is what I call a "Multiple Registry", it means that it is one company which applied for several new domain name extensions.

6 new domain name extensions
Highly specialized in financial domain names, it applied for six new gTLDs:
  1. The .FOREX new gTLD for Forex service providers, brokers or individuals providing information on the forex markets;
  2. The .TRADING new gTLD for Traders and Trading companies;
  3. The .BROKER new gTLD for - guess what - Brokers;
  4. The .MARKETS new gTLD for financial markets;
  5. The .SPREADBETTING new gTLD for spread betting providers;
  6. The .CFD domain name extension, a highly specialized financial extension, which requires to hold a regulatory permission granted by a financial regulatory authority in respect of the CFD space.
Free domain names
Got an idea for a website using a .forex or .broker web address? Join Boston Ivy's Innovator Programme to have the opportunity of securing a free ".broker" or ".forex" domain name for two years. Being part of the programme, will help you to:
  • Expand your reach with co-marketing initiatives;
  • Promote your business through Boston Ivy’s publishing network;
  • Be at the forefront of the new Top Level Domain revolution and showcase your business online.
For more details, please contact

Wednesday, May 10, 2017

New gTLDs: what said the press recently

Everyday, the online press, bloggers and new gTLD service providers talk about new gTLDs. Some TLDs were acquired recently, some .BRAND new gTLD applicants launched more new domain names and some community TLDs are still pending activation for some obscure reasons. Note that, added to the Newsletter, we launched to announce new gTLD events.
  1. The .HEALTH Sunrise Period;
  2. New gTLD event: the GDS (Xiamen, China during 7th -9th July,2017);
  3. Applicants in limbo as ICANN probes itself (.MUSIC - .GAY - ...);
  4. Jovenet Consulting turns Five;
  5. Another Cool $25 Million Bet on New gTLDs (.ART);
  6. The .CLUB Registry turns Three;
  7. How should I present .BRAND domains in advertising? (Part 2);
  8. The .CREDITUNION Sunrise Period;
  9. .PRESS Supports Press Freedom Day;
  10. is now MansfieldBank.Bank
  11. Event: the (June 26, 2017 - Paris);
  12. Countries with Weird TLD Habits;
  13. Can a New Domain Finally Bring the Art World Into the 21st Century?
  14. Brand Control: The Next Stage for Digital (.NIKE - .BMW - ...);
  15. Μόλις κυκλοφόρησε το νέο gtld .SUCKS
  16. Buy Rightside: A Fast Growing Digital Toll Road;
  17. The .STORAGE new gTLD was acquired;
  18. The future of gTLDs (second round of applications just ahead?);
  19. .XYZ domains can’t be registered in China;
  20. MarkMonitor severs relationship with .FEEDBACK TLD;
  21. The .CLOUD case study (Publication Date: 28 April 2017);
  22. French: questionnements autour des modèles des nTLDs;
  23. .NYC tech domain name auction kicks off at SnapNames;
  24. HOT: the May 2017 update. All new gTLD reports have been updated;
  25. .ART – the new digital dress code for the art world;
  26. .AMAZON Final Hearing scheduled for 1-2 May 2017;
  27. New gTLDs: someone said "STOP" (.RED - .BLUE - .PINK ...);
  28. A silly premium strategy at .ART;
  29. Domain Names to Become Insignificant within 20 Years or Less;
  30. Oh, Those Wild and Crazy New TLDs;
  31. Happening in May 2017 (.MARKETS and .TRADING): release of 35,000 ".markets" and ".trading" names at Registrars;
  32. Domain Names Are Fading From User View;
  33. Another forum post full of "new gTLD haters";
  34. .ART will have 3.5 million premium domain names;
  35. Dot-Com is Still King - of Domain Name Disputes;
  36. More live .BRAND Websites: .STATEFARM / .MINI / .ABBOTT / .SBI / .SONY / .LIXIL / .SWATCH and many more...
  37. HOT - The .ETH new gTLD;
  38. 50K Domains Registered on The New gTLD .REALTY
  39. Local Popularity & Global Influence: Nations and nTLDs;
  40. ICANN - Shape the future of the New gTLD marketplace;
  41. .AFRICA : La Chine très friande de la nouvelle extension africaine.
Find all these news in our Archives. Note that, due to the important volume of info published everyday, all titles cannot be added to the list above.

Register your Trademark using an agent.