Wednesday, March 21, 2018

Phishing, Banks and .BRAND new gTLDs

I recently tried to complain against a phisher using as the phisher's Registrar and I also followed a procedure at the ICANN to see if anything would happen, but, as expected, nothing happened: the ICANN created a case and offered to fill-in another form and the Registrar did not even confirm he received my complaint. Note that I could also have complained at the Registry but  I did not know...time consuming?

Another approach for Banks
Below are examples of recent phishing emails I received in the name of a French bank. These are issues banks have to deal with on a daily basis and in volume: not only because it hurts their image but also because it causes serious problems to some of their customers. For these two reasons, and also because it is useless thinking that procedures exist at (some) Registrars to fight phishing, here is another approach banks can have to protect more their customers from phishing.

Phishing is this:
  1. The end user receives an email with a fake link to click onto: the email says that it is sent from but it is not, and at this level, you cannot learn who is the sender (because it is so easy to send an email using a fake one).
  2. The link to click onto is either some text (ie: "Confirmer votre PassCyberPlus" in my case) or a link which looks like it is a known link (domain name) from our bank (ie: ""). In both case, the link is a fake one, or an IP address (my case) offering to go to another website where the fraud is installed. Sometimes, it will ask for your login and password or it will try to automate the installation of a program to encrypt your hard drive (ransomware) or it will ask for more information.
End users are more trained than before but...
More end users receiving phishing emails do not click on their links anymore: they check before clicking. The real link appears down in the browser when passing (but not clicking) the mouse onto, so they can learn if the email is legitimate or not. Phishing has now become so common that end users have become familiar with checking a link before they click. Note that there will still need a few more generations before phishing becomes completely useless.

Banks can fight fishing another way
Trying to explain their client to be cautious with phishing is negative and trying to solve these problems with registrars, which often demonstrates to be completely useless and endless, is a total waste of time. ICANN will answer that it has no responsibility into this, and Registries...well...try to complain at a registry and tell us more about your experience ;-)

Another way for banks to fight phishing - and better protect their clients - is to "work on words": when building a website, navigation has to be simple, if there's more than two clicks to reach out to the information, you lose your reader. It is the same for banks' names: with too many names for branches, inline services, banks confuse their customers and that also takes them to click on the wrong link. Working on words is called branding. Banks want their clients to:
  1. Recognize their name;
  2. Go to the right website and not another.
With dozens of subsidiaries, trademarks, legal entities, names and other brands, it is impossible for a Bank to gather under a same name and under the same domain name but using a .BRAND new gTLD is a solution to this with an enormous advantage: thank to words, it reduces the risk of phishing and definitely kills any homograph attack in the egg. Here are the advantages to use a .BRAND domain name extensions, instead of a ".com" or any other country code Top-Level Domain (a domain name extension for a country).

The number one advantage to remember for a Bank is that when it controls the registration of its domain names, it also means that a phisher will never be able to register one of them: anyone can register a domain name ending in ".com", in ".fr" or any other domain name extension available to the general public: but not a ".brand".

Let's talk about my case figure, the "Banque Populaire" one
When you hit "banque populaire" in Google, you get a full list of words: banque populaire, bred, bred banque populaire sa, groupe bpce, casden banque populaire, etc...there are dozens of names belonging to Banque Populaire and dozens of websites:
    1. How do you expect clients not to be confused when receiving an email about Banque Populaire? How does the bank ensure that her client knows if the bank's name and URL are legitimate?
    2. Can you imagine the pleasure a phisher can have when preparing an attack with such a confusing information sent to this bank's clients: it's wonderland for phishers because the bank's client WILL be confused.
Why it matters
In terms of Branding
Paying attention to the name and the URL clients will be sent to matters and as I previously wrote it, if it is impossible to gather under a same name and domain name, gathering under a same ".brand" name changes everything:
  1. In terms of trust for the client: all services from the bank will be easily identified behind an exact same domain name extension. For example:
    1. www.casden.bpce (or ".banquepopulaire")
    2. www.bred.bpce
    3. www.banquepopulaire.bpce
    4. etc...
  2. In terms of name for the Bank: the domain name extension becomes the seal which connects all services, trademarks, names, categories of clients, subsidiaries, branches, office locations, the same Bank. When seeing this seal, the client knows that he is on a website belonging to the bank: "can't be something else". Instead of using various confusing domain names (which none can be certified by the bank), the ".brand" domain name extension simplifies it all for the client: when passing his mouse onto a hyperlink prior to clicking, the ".brand" extensions from the domain name is the seal that confirms that he can click.
In terms of strategy (for the Bank)
Things take time and don't expect a client to understand why a domain name using a ".brand" extension might be less risky for him to click onto, also expect things to be more the beginning at least; things take time and explanation.

Some banks have already migrated to their .BRAND new gTLD, there is even one in France: Since 2012, 1,230 new domain name extensions have been created, and this also means:
  1. More confusion to consumers;
  2. More options for phishers to fool banks' clients;
  3. But also more training and adoption for users: the more new domain name extensions start to appear online, the more coming generations are used to them.
There are today 490 ".brand" new gTLDs. They are trademarks to have acquired and signed an agreement with the ICANN to be granted the authorization to create and use their personalized domain names. It means that from an old and non-secure use of domain names, a few brands have already started to change to more secured strategies for the benefit of their clients: aren't Banks security?

Another alternative for Banks
Banks are the only one to have access to ".bank" domain names but in the case of a French bank, it does not match: you don't talk to French customers using an english web ending. Note that some French banks applied for a ".banque" new gTLD but then, withdrew their application.

Need help understanding all this? Contact Jovenet Consulting and ask for Jean.

Recent phishing emails received

Monday, March 19, 2018

Coming soon: the .ICU Sunrise Period

Domain names ending in ".icu" (instead of ".com") are coming to the market. The Sunrise Period was just announced and here is what the new gTLD application submitted to the ICANN says. According to the Applicant, the purpose of the TLD is explained below:
  1. Reflect and operate a distinctive that is aimed to identify the Applicant’s services (“ICU”)at the top level of the DNS’ hierarchy;
  2. Provide customers and other stakeholders of the Group, including, subsidiaries, and their respective suppliers, sponsorships, and their respective directors, officers, employees, with a recognizable and trusted identifier on the Internet;
  3. Provide such stakeholders with a secure and safe Internet environment that is mainly under the control of the Applicant, the Group and its subcontractors;
  4. Provide selected stakeholders in ‘ICU’ brands with the opportunity to create a secure and safe Internet environment that is to a large extent under control of the Applicant and⁄or such stakeholders.

Looks like a .BRAND new gTLD
Question 18/a from the application submitted to the ICANN generally reflects the purpose of the new gTLD and in this case, it clearly looks like the application was submitted for an internal purpose to the brand but the Sunrise Period is dated 24 April 2018 to 24 May 2018 with a Trademark Claims Period dated 29 May 2018 to 30 August 2018 with a Qualified Launch Program (QLP) dated 24 April 2018 to 17 May 2018 so unless I am wrong, .ICU domains should be made available for sale.

The registry website is available here and this is the ICANN announcement.

Friday, March 16, 2018

New gTLDs: Adopted Board Resolutions

In each ICANN meetings, working groups and the board gather to take decisions.

This document is a long one to extract the information related to new gTLDs "only" but here is some of it. There is a lot about the CPE process (Community Priority Evaluation) but I even if the document is entitled "adopted board resolution", I saw nothing "adopted". Note that the ICANN uses the words "resolve" but it does not necessarily mean that a case ends when it has been resolved. A good way to read this document in an efficient way is to use the search field of the browser and enter the word "Resolved". It is what I did and here is the result.

I found adopted board resolutions for some Top-Level Domains, they are dated 15 March 2018 so I guess that they are of interest:
  1. On the Community Priority Evaluation:
    1. Resolved (2018.03.15.09), the Board concludes that, as a result of the findings in the CPE Process Review Reports, no overhaul or change to the CPE process for this current round of the New gTLD Program is necessary.
    2. Resolved (2018.03.15.10), the Board declares that the CPE Process Review has been completed.
  2. On .PRESIANGULF new gTLD:
    1. Resolved (2018.03.15.13), the Board directs the President and CEO, or his designee(s), to take all steps necessary to reimburse the GCC in the amount of US$107,924.16 in furtherance of the IRP Panel's Costs Declaration upon demonstration by the GCC that these incurred costs have been paid.
    2. Resolved (2018.03.15.14), the Board directs the BAMC: to follow the steps required as if the GAC provided non-consensus advice to the Board pursuant to Module 3.1 (subparagraph II) of the Applicant Guidebook regarding .PERSIANGULF; to review and consider the relevant materials related to the .PERSIANGULF matter; and to provide a recommendation to the Board as to whether or not the application for .PERSIANGULF should proceed.
  3. On .HALAL and .ISLAM new gTLDs:
    1. Resolved (2018.03.15.15), the Board accepts that the Panel declared the following: AGIT is the prevailing party in the Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. v. ICANN IRP; and ICANN shall reimburse AGIT the sum of US$93,918.83.
    2. Resolved (2018.03.15.17), the Board directs the BAMC to re-review the GAC non-consensus advice (as defined in Section 3.1 subparagraph II of the Applicant Guidebook) as well as the subsequent communications from or with objecting and supporting parties, in light of the Final Declaration, and provide a recommendation to the Board as to whether or not the applications for .HALAL and .ISLAM should proceed.
All adopted board resolutions are available here.

Wednesday, March 14, 2018

ICANN Correspondence and new gTLDs

There is a page on the ICANN website which lists all correspondences between complainants the ICANN. It has become a reflex to check this page on a daily basis because this is where it becomes possible to follow-up with problematic new gTLD cases. In 2018 some Top-Level Domain applicants already shared a lot of mails on .GAY - .MUSIC - .WEB - .WOMEN (this TLD does not exist but "hey") - .HALAL - .ISLAM and .CPA. The first correspondence is dated 1998.

Other interesting links
The "Litigation" link is also a good one to have a look at, they are litigation documents between parties and the ICANN. For example, it is where you can find documentation on the .AFRICA case (
DotConnectAfrica Trust v. ICANN (Appellate Court Proceeding)), the .WEB case (Ruby Glen, LLC v. ICANN), etc...

The Registry agreements link is one that is interesting too: the chronological listing allows to see when something new happens to a new gTLD. For example, on 10 March 2018, ICANN and gTLD Limited, entered into a Registry Agreement under which gTLD Limited, operates the .INC top-level domain.

For more new gTLD bookmarks, you can check this page at Jovenet Consulting.

Tuesday, March 6, 2018

New gTLDs offer more alternatives (and innovation)

I went skiing and saw the ad below, it is an ad for a Land Rover offered at a car dealer whose name is Donnay with several garages around Barcelona Spain. The ski resort I went to is an important with many Land Rovers exposed in the mountain so I checked if there was a ".donnay" new gTLD but found none. Anyway.

Prints are often where we add a domain name to offer potential clients to visit a website but on this one, I find the URL used a little "old fashioned" compared to what could have been done with a domain name ending in ".barcelona" or even better: ".landrover". I checked the ".landrover" new gTLD application and read:
"The .landrover gTLD will provide an authoritative internet space for Land Rover, its affiliates and partners that are associated with the Land Rover brand. Second and third level domains can then be utilised for specific pages for Land Rover’s car models and dealerships, as well as for communication and marketing purposes, with internet users assured of brand authenticity".
Unless I am wrong, or completely stupid, isn't it precisely what the ".landrover" new gTLD was created and paid for: "to provide an authoritative internet space for Land Rover, its affiliates and partners that are associated with the Land Rover brand"?

Such great names could have been used: or

We're still far away
The .LANROVER new gTLD was delegated in October 2015, almost 3 years ago, but is it still not used appropriately. It is also possible that the people in charge of communication with affiliates and partners don't know about the existence of such tool.

I personally find that such an opportunity to demonstrate innovation in branding is a missed one in such a crowded place like a ski resort. This also clearly demonstrates that we are still far away from having communication specialists to innovate using their .BRAND new gTLD. This also happens with many other .BRAND Top-Level Domains at the moment.

For the note, three were 6,134 ".barcelona" domain names registered in February 2018 and 18 ending in ".landrover" in January 2018, down to 4 in February.

Land Rover: wake up ;-)

Monday, March 5, 2018

Concern Over DNS Abuse: really?

This is a recent letter sent to the ICANN from the The Independent Compliance Working Party and focusing on DNS abuse. It is signed by Adobe Systems Inc. - DomainTools eBay Inc. - Facebook, Inc. - Microsoft Corporation and Time Warner Inc.

I particularly focused on this line saying: "The number of abused phishing domains in legacy gTLDs is mainly driven by the .com gTLD". After more than 30 years facing phishing, spam and malwares...I really wonder "who" can still do anything about this.

I sometimes write to Registrars, Registries and the ICANN about domain name owners doing phishing and I admit that I never - NEVER - had anyone of them to act (ie: check the domain name and change its status to one that blocks the domain from harming consumers). Reading this letter, I see Trademarks seriously harmed by phishers and on the other side, I see organizations who won't act because a client is a client: phishers pay for their domain names. In France we have a saying: "pas vu pas pris".

The letter:
The undersigned global businesses and their customers depend upon the continuing security, stability and resiliency of the Internet, and thus have significant interests in domain name industry issues and outcomes. We are amongst the leaders in working to protect the interests of customers and those of the broader Internet from domain name system (DNS) abuse, in various ways. As long standing participants in ICANN- and industry-related conversations and policymaking, we are contacting you with our concerns about serious harm occurring to Internet users, and a request for action that we believe would serve the interests of the broader community.

Under your direction, ICANN’s Compliance team has broadened the various forms of feedback it seeks from the broader community. This is much appreciated. Accordingly, we write with concerns that you and your department are in a position to help resolve.

We commend ICANN for orienting its policymaking function towards a more data- and fact-based approach. This orientation of course depends on the availability of data and reports that provide an accurate view of the DNS and the impact of DNS abuse on stakeholders. While there is more data that needs to be collected and analyzed, it’s gratifying to see that ICANN Org is now in a better position to use and publish more widely available and reliable data to better evaluate DNS harm to users and more effectively exercise its responsibilities to help remedy ongoing harms.

Specifically, ICANN and the community now have at their disposal published data--namely, the Statistical Analysis of DNS Abuse in gTLDs (SADAG) report and the ongoing Domain Abuse Activity Reporting (DAAR) System regarding rates of abuse in the DNS. These rates are regrettably showing stark increases and serious concentrations of abuse across legacy and new gTLDs, registries and registrars, and in the proliferation of spam, malware, phishing and other harms. For example, according to the Domain Abuse Activity Reporting (DAAR) System report:
  • The 25 most exploited TLDs account for 95% of the abuse complaints submitted to DAAR.
  • Five TLDs alone are responsible for more than half of abuse complaints.

Additionally, according to the SADAG report:
  • The number of abused phishing domains in legacy gTLDs is mainly driven by the .com gTLD and at the end of 2016 represents 82.5% (15,795 of 19,157) of all abused legacy gTLD domains considered in this study.
  • …the five new gTLDs suffering from the highest concentrations of domain names used in phishing attacks listed on the APWG domain blacklist in the last quarter of 2016 collectively owned 58.7% of all blacklisted domains in all new gTLDs.
  • …we observe as many as 182 and 111 abused .work and .xyz domains, respectively. The results indicate that the majority of .work domains were registered by the same person. 150 domains were registered on the same day using the same registrant information, the same registrar, and the domain names were composed of similar strings. Note that only 150 abused domains, blacklisted in the third quarter of 2015, influenced the security reputation of all new gTLDs.
  • ...the overwhelming majority of malware domains, which were categorized as compromised, belong to one of four new gTLDs: .win, .loan, .top, and .link (77.1%, which represents 19,261 out of 24,987 domains).
You’ll agree these are troublesome statistics, and are antithetical to a secure and stable DNS administered by ICANN. We are alarmed at the levels of DNS abuse among a few contracted parties, and would appreciate further information about how ICANN Compliance is using available data to proactively address the abusive activity amongst this subset of contracted parties in order to improve the situation before it further deteriorates. Also, can ICANN provide any details as to whether the higher rates of abuse (as documented above by parties that appear not to be the subject of enforcement notices) correlates to specific breaches of the RA and RAA by the relevant contracted parties? Are there specific hurdles that Compliance perceives that inhibit enforcement activity against such contracted parties? Has ICANN prioritized its attention to compliance matters relating to such parties and does it have sufficient resources to handle them before they reach a new stage of criticality?

Specifically, is Compliance more assertively applying Specification 11(3)(b) of the Registry Agreement, compelling offending registry operators to disclose actions taken against security threats? How is ICANN’s Consumer Safeguards effort playing a stronger role in determining new areas for compliance action?

Not only do we look forward to hearing the details of ICANN Org’s comprehensive actions in this area, we seek, as an immediate and urgent matter, compliance action on the worst offenders in current ICANN reports.

We also would like to know additional ways in which the undersigned parties could support ICANN in this broad endeavor. If helpful to develop steps forward, we welcome an in-person meeting with you, other relevant ICANN Org executives, and your staff.

Over the long term, we suggest development of a data-driven roadmap for compliance based on key information and statistics. We encourage Compliance to consult with the wider community to help shape this data-driven roadmap, and we look forward to offering our further input. Thank you for your attention to this letter.

Read the full letter here. (PDF Download)

Thursday, March 1, 2018

UPDATED: New gTLDs in your kids' future

Many people remember the .NAME new gTLD which qualified for a first name or a surname. I bought one at the time: “just in case” because the similar one ending in”.com” was not available and I thought that I‘d found a use for it (different from a redirection).

I checked my name in several new gTLD extensions and noticed that many first names have already been registered.

When thinking about my kids’ future: isn’t it time to secure a good domain name for them?

Available but Premium
I bought my three kids their first name in a specific domain name extension but I will be honest in saying that the extension chosen was not exactly the one I wanted. The reason for this was that a domain name could be expensive to renew, year after year. I don’t know when (and if) my kids will want to use them one day so…price is important. Also, a first name has value: a lot of value because many people have the same name. When looking for common first names, you will notice that there are many that are available as “Premium domains” and so on, at a higher price, for the reason I explained above.

Cheap but in niche TLDs
My name is “Jean” and this word has other meanings, it is also a short four letters word so it makes it even more complicated to find an available domain name in most extensions, even in new domain name extensions but niche ones. Shall I register for €9,000 because it is a generic TLD? Clearly not. I went to my Registrar and I found some first names available for registration for €3,19 but in niche extensions that my kids will never use.

For example, the “.bargains”, “.cash”, “.mba”, “.reisen” extensions and many others are extremely cheap to register and renewing the domain name is not so expensive but what is the point in registering my kids their first name in one of these extensions if they never use them?

Your kids and the future
I don’t know whether my kids will need a domain name in the future and, even is some ultra generic keywords will still be available in not so niche new gTLDs that could match with a business they might be interested in developing; I do not know either if their chosen business will match the generic domain name I chose for them. Hunting for their first name as a domain name is a good start I believe.

From my searches - and I wanted to register my kids their domain name in the same extension - I realized that I am not the only person to be looking for first names in new gTLDs. I also realized that, when searching, there are still extremely good domain names to register for your kid(s). The one I chose for mine are in the “.business” new gTLD.

I often hear that people often use more applications than they do for websites; the future is in apps. Let’s say that this is a fact but when starting a business, you often need a name and this can be the application’s name: why not start with your family’s name or the first name of your kid as a domain name? The risk is low and purely financial (a few Euros) but the value could be extremely high in a few years...for your kids.

Register your Trademark using an agent.