[ALAC] Fwd: Re: SADAG Public Comment
Alan Greenberg
alan.greenberg at mcgill.ca
Wed Sep 6 04:27:59 UTC 2017
I asked Olivier to look at whether we needed to
comment on a recent study on DNS abuse
(commissioned by the CCT-RT). His report followed
and is an excellent example of what we should be
doing to evaluate whether ALAC action is
required. See https://community.icann.org/x/bRUhB.
In this case, Olivier is recommending no comment, a recommendation I support.
Alan
>Subject: Re: SADAG Public Comment
>To: Ariel Liang <ariel.liang at icann.org>, Alan
>Greenberg <alan.greenberg at mcgill.ca>
>CC: 'At Large Staff' <Staff at atlarge.icann.org>
>From: Olivier MJ Crépin-Leblond <ocl at gih.com>
>Date: Wed, 6 Sep 2017 03:07:33 +0200
>
>
>Dear Ariel,
>Dear Alan,
>
>thanks for your follow-up. I have read the SADAG
>report and have found it very interesting.
>
>First thing, I was surprised to see that
>.pharmacy was seen as community TLD. (p.2) but
>then that's not the topic of the report. There
>are a few other grammatical errors, but that's
>no big deal either. What matters is the substance of the paper.
>
>It basically confirms our suspicions when we
>spoke of misuse of TLDs and made our case
>regarding sensitive strings. Alan will remember
>this episode in Singapore when Alan, Evan and I
>had a meeting with the NGPC and several members
>of the GNSO - including contracted parties. What
>we are seeing now is the proof of the pudding - that:
>
>"While legacy gTLDs collectively
>had a spam-domains-per-10,000 rate of 56.9, in the last quarter of
>2016, the new gTLDs experienced a rate of 526.6which is almostt
>one order of magnitude higher. "
>
>The methodology and technical details of the
>analysis are of good quality. The model which
>they used to perform the crawl of the domain
>name space appears to be thorough, thus I have
>no reason to believe that the analysis would be flawed.
>
>Some of the report's findings show that some new
>gTLDs are very affected by misuse/malware domains.
>Gibraltar (surprise!) figures on the top of
>Registrars with most malware domains.
>Community gTLDs are less likely to be used for malware that standard gTLDs.
>Cheaper domains appear to be more used for
>malware - although the authors do writein their
>conclusions: "It is not clear, however, if
>pricing is the only factor driving high concentra-
>tions of maliciously registered domains."
>
>But they do also say:
>
>"Our findings suggest that some new gTLDs have become
>a growing target for malicious actors." (page 25)
>
>Well, nothing really new in this, but it
>corroborates the work that ICANN has done, as
>well as many other groups like the APWG.
>
>But at present, short of congratulating the
>authors of the report and asking the CCT-RT to
>take strong note of the report's finding,
>including expressing the concern that we have
>about the use of new gTLD for malware, I don't
>see any other reason to write a Statement/Comment.
>I asked Tatiana Tropina to also go through the
>report. She did note that one thing was missing:
>whether abuse correlates with semantic
>properties of the gTLD names, e.g. some names
>are more attractive to abuse because of the
>words themselves. As the authors are explaining
>that they are seeing some potential for further
>work, it might be interesting to suggest this to them.
>
>Last, I note that there is a Webinar about the
>topic:
><https://www.icann.org/news/announcement-2017-08-31-en>https://www.icann.org/news/announcement-2017-08-31-en
>I would encourage At-Large participants to
>participate in the Webinar. Perhaps during that
>Webinar should many At-Large participants express their concerns.
>
>Kindest regards,
>
>Olivier
>
>
>On 01/09/2017 22:10, Ariel Liang wrote:
>>Hello Olivier,
>>
>>Any update on this public comment?
>><https://community.icann.org/x/bRUhB>https://community.icann.org/x/bRUhB
>>
>>Saw this action item has been checked but just
>>want to reconfirm whether a statement will be needed or not.
>>
>>Thank you,
>>Ariel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20170906/4ba53c60/attachment.html>
More information about the ALAC
mailing list