Friday, September 21, 2018

A dotBrand Email is a Seal

In August the 14th of 2018, we relayed the information that Canon email addresses would use a ".canon" domain name ending. Changing the domain name extension for websites is one thing but changing emails...is something else.


A ".brand" domain name is seal
We've already explained the benefit of using a personalized domain name, ending in the name of a trademark for a website: it clarifies things and a user can be certain that he has reached the right website and no copy, or competitor or squatter, of it. Due to the prohibitive new gTLD application fee of $185,000, it makes it hard for squatters to follow.

A good example to show would that website from Gucci (the famous luxury Trademark): https://www.diventafornitore.gucci/. The domain name extensions ending in ".gucci" is the seal since there's no mistake, nor doubt, about where the consumer has reached out to: it is the Gucci Trademark.

If some Trademarks, to have applied for their own domain name extension, start to use their dotBrand new gTLD for their websites, only one has announced its intention to change all of its emails: the Canon Trademark just did that.

A ".brand" email is a seal
It is possible to fake an email: I receive spam coming from my own personalized email sometimes and my spam filter just knows it and does the rest. It means that any spammer with a little knowledge knows how to fake an email but the purpose of using such method is just to send emails for spam, not get a response so we're not really concerned here since the real benefit of using a ".brand" email is to send AND receive emails.

Spammers also often use typos in domain names (they also now use homoglyphs more and more) but they can do that creating second level domains only (what comes right before the extension), not first domains (the extension) and that's where the huge difference is.

When receiving an email from a domain name ending in ".com" (for example), anything that comes before the ".com" extension could have been created by anyone; and so the email could come from...anyone, unless the receiver is certain that it comes from the right person AND that it is not an homoglyph. The truth is that this does not happen very often but it happens and it could happen to you. Banks and other major Trademarks from all industries face such spam sent to their clients daily.

When receiving an email ending in the name of a Trademark like Canon just announced it, no one can create a domain name ending in that same Trademark but the Trademark itself which applied for it at the ICANN as a .BRAND new gTLD (specification 13). It then blocks instantly hackers and squatters from the possibility to do the same. Canon explains:
"Because ".canon" can only be used by Canon Group companies and services as well as related organizations, visitors to sites that use the TLD can easily confirm their authenticity and be assured that the information they contain is reliable."
Welcome to the future of secured email.

Hey wait...
What if an entrepreneur applied for a Trademark similar to the Canon one and decided to sell these domain names to the public? Good question...have a look here then ;-)
Posted by at Links to this post
Labels: , , , , ,
Location: Wausau, WI, USA

Thursday, September 20, 2018

The LinkedIn new gTLD group is changing

Recently, LinkedIn informed group owners about a few changes on how groups will now work and on how can participants benefit more from being members. We are approaching the 3,000 participants but still, the level of participation remains low so I hope that the below will be of interest.

What's changing
What LinkedIn recently changed to the groups:
  1. Groups are now accessible from the LinkedIn mobile application: note that this is something truly useful but I have not yet found how to do this. Since these changes are recent, it should be a matter of days.
  2. Unless I missed something, it is not possible to send a weekly email to the members of the group anymore.
  3. You are encouraged to invite people and again, publishing content related to new gTLDs (only) is open to anyone as long as you stick to the subject. I just block domainers who try to sell their domain names.
  4. When sharing content from other sites, it is recommended to add a question to the content you are sharing to invite discussion.
Reminder
We now pay attention to publishing all content to the Google+ Community, which is another communication channel that we maintain on a daily basis.

The new gTLD group is free to access. You can join and contribute here.
Posted by at Links to this post
Labels: ,
Location: Montevideo, Montevideo Department, Uruguay

Tuesday, September 18, 2018

Most abused TLDs are not new gTLDs

I often read critics about new gTLDs but most of the time, they come from the ".com" domaining industry and those investors who can't sell their domain names anymore because new gTLDs have now flooded the market.

Most abused TLDs
While reading a French article on the .BZH new gTLD, I discovered the existence of the SURBL list of most abused TLDs and I was not surprised to read that the most abused TLD is ".com". The reason for this is obvious to me: it's been there forever and trademarks want to make no mistake starting something online. Trademarks often look for their ".com" first, instead of searching for something that offers more precision...but things are changing.


The SURBL list
The SURBL list is a good indicator and in today's report (Tue Sep 18 08:00:12 UTC 2018 - updated every hour), it clearly shows that ".com" leads in terms of abuses. In this top 10 of most abused TLDs:
  • The .COM comes first on top of the list;
  • Country code Top Level Domains (ccTLDs) are present with 6 ccTLDs;
  • Other legacy TLDs such as ".net", ".biz", ".info" and ".org" are listed too (that counts as 4 legacy TLDs);
  • Then we have 9 new gTLDs, which comes as no surprise since they offer the advantage of availability, with an important number of new extensions to have launched at the same time (hundreds of them).
Confusing new gTLDs: the next list
I recently read that article from FairWinds Partners, entitled "How Cybersquatters Capitalize on Typos and How to Protect Your Brand". I recommend this reading since ccTLDs are a serious risk when it comes to securing a ".com" domain name...but I doubt that ".com" si the future.

If the future is with new gTLDs - and that's my strong feeling - I think that it is time to add that the typos risk might become second with the introduction of hundreds of extensions: similar TLDs such as ".cam" and ".com", ".casa" and ".cash" or again ".fun" and ".fund" are the new risk to consider when registering a domain name since the problem will not be the type but the exact same second level domain in a different extension. I compiled a list of similar new gTLDs that I strongly suggest to check prior to registering any domain name.

My opinion on this
I have personally redirected my old ".com" domain name to my new ".consulting" one since I do...consulting: not because ".com" is the most abused TLD, but because it makes more sense to me. And by the way, I do Consulting, not "com": whatever it means.
Posted by at Links to this post
Labels: , , , ,
Location: Makassar, Makassar City, South Sulawesi, Indonesia

Monday, September 17, 2018

The .BEST new gTLD and SEO Whitepaper

This is a whitepaper published by the .BEST new gTLD registry. I particularly like the title used in the presentation: "The untold truth". This is an extract of the content that you will find in this document:
  1. Why choose a .BEST domain name;
  2. What is the .BESt new gTLD;
  3. Examples of possible domains names on .EST;
  4. Why ".BEST"?
  5. Best and Food;
  6. Best and Products;
  7. Best and Entertainments,
  8. Best and Services;
  9. Best and Co;
  10. Google Trends score:
    1. Score: 97/100;
    2. Best vs Price.
  11. HOT: dotBEST and SEO:
    1. .BEST and Google;
    2. .BEST and CTR (Click Through Rate);
    3. .BEST and Bounce rate;
    4. .BEST and Dwell Time (time on site);
    5. .BEST and Pages Per Visit;
    6. .BEST and Conversion rate;
    7. Conclusion.
  12. Examples of ".best" domains indexed in google.

Download the White Paper here.


Posted by at Links to this post
Labels: , ,
Location: Paris, France

Wednesday, September 5, 2018

Second UPDATE: Registries and Law Enforcement Agencies

It often requires a court order for an accredited registrar or a registry (ccTLDs, legacy and new gTLDs) to respond to a security threat and when going through an online procedure, it can take...months.

Procedures to stop a phishing operation for example have to go through filling several online forms or sending an email to a registry or a registrar, then wait for something to happen. Such situations are a nonsense since a phishing operation should and could be stopped instantly by "taking down" the domain name.

Changing the status of a domain at the registry level can stops the domain name hosting the phishing operation from working and investigations can then start.

Why are procedures blocking simple things like stopping a phishing or homograph attack from being possible when this could be done instantly? Threats attempts are not going stop, and they're not going to decrease neither.

Law enforcement agencies
These agencies don't do things to be more profitable, nor they have a financial interest in doing their job. They don't work for a client, and if they have one, it is the civil society: these agencies contribute to tracking criminals, stopping pedophiles, terrorists and other persons who think that they can hide behind a fake profile or a domain name.

These agencies should be treated differently when contacting a registry since they contribute to saving lives and not increase the income of a private company.

A dedicated point of contact
Registries seat on top of the pyramid when it comes to domain name infringement: they are the legal entity to take the technical action on a domain name: they can press the button for something to happen FAST.

I often contact registries and found almost no direct contact for law enforcement agencies, which have to stand in line and use the standard contact forms or abuse emails. I believe that this could change since phishing and homograph attacks are becoming more and more sophisticated. The increasing number of new gTLDs won't help lowering these threats in the future.

The ICANN answer
I asked ICANN the following question: "Which working group at ICANN can help national law enforcement agencies to work on the creation of a direct contact at registries for major threats?"

If I noticed that such point of contacts exist at an extremely limited number of registries, I also noticed that such question could be raised at the ICANN for the benefit of consumers. The ICANN answered me and I was offered to look at a certain number of organizations:
  • The Anti-Phishing Working Group, which did not answer the last email that I sent them when I informed them about an ongoing phishing operation (this organization requires a payment of a membership);
  • The Messaging Malware and Mobile Anti-Abuse Working Group that I never heard about and which also requires a membership payment too. They wrote "Recommendations for Preserving Investments in New Generic Top-Level Domains (gTLDs)" in January 2018;
  • The At Large Community (ALAC) which is "the primary organizational home for the voice and concerns of the individual Internet user in the ICANN processes". As a long time contributor to this community ("new gTLDs topic"), I didn't know that I was already in the place to have my question answered so I have questioned the ALAC staff.
Update
The staff answered me with the below:

"Thank you for your inquiry. Your topic of interest is broad, and several groups within ICANN discuss these issues.
Might I point you to related working group pages, where you may familiarize yourself with their issues and determine the best fit:
In addition, there is a page on the ICANN website with resources for Registry Operators. Please let me know if we may assist you further."

As expected, the answer received was fast and if I doubt that the GAC will help, the Security and Stability Advisory Committee (SSAC) might do so, so I sent a third email to the SSAS staff with this question: "I have the question below and wonder where national law enforcement agencies should debate to raise this question. Is the SSAC working group the right place where to start a debate and incite registries to provide a point of contact dedicated to national law enforcement agencies?"

Second update and final
ICANN answered me the below and I have to admit that...they answer fast for such an important organization. Surprisingly, following the publication of this post, I was contacted by "users" who have similar questions and...well...you don't need to know about the rest ;-)
The answer from ICANN:
I wish I had been given the name of a person to contact directly because, as you might have understood, I don't just do this for fun; but I guess that I'll dig i the SSR direction.
Posted by at Links to this post
Labels: , , , , , ,
Location: Panama
Subscribe to: Posts (Atom)

Register your Trademark using an agent.

Register your Trademark using an agent.