[ALAC] Fwd: Re: SADAG Public Comment

Sebicann Bachollet sebicann at bachollet.fr
Wed Sep 6 09:06:17 UTC 2017

Thanks Olivier for your good summary.
I agree with your conclusion.
Just one point about the webinar.
I have noticed the following
" The webinars will be conducted in English."
As (new) gTLDs and misuse is a global concern, may I suggest that ALAC request a fully interpreted webinar?
All the best

> Le 6 sept. 2017 à 06:27, Alan Greenberg <alan.greenberg at mcgill.ca> a écrit :
> I asked Olivier to look at whether we needed to comment on a recent study on DNS abuse (commissioned by the CCT-RT). His report followed and is an excellent example of what we should be doing to evaluate whether ALAC action is required. See https://community.icann.org/x/bRUhB <https://community.icann.org/x/bRUhB>.
> In this case, Olivier is recommending no comment, a recommendation I support.
> Alan
>> Subject: Re: SADAG Public Comment
>> To: Ariel Liang <ariel.liang at icann.org>, Alan Greenberg <alan.greenberg at mcgill.ca>
>> CC: 'At Large Staff' <Staff at atlarge.icann.org>
>> From: Olivier MJ Crépin-Leblond <ocl at gih.com>
>> Date: Wed, 6 Sep 2017 03:07:33 +0200
>> Dear Ariel,
>> Dear Alan,
>> thanks for your follow-up. I have read the SADAG report and have found it very interesting.
>> First thing, I was surprised to see that .pharmacy was seen as community TLD. (p.2) but then that's not the topic of the report. There are a few other grammatical errors, but that's no big deal either. What matters is the substance of the paper. 
>> It basically confirms our suspicions when we spoke of misuse of TLDs and made our case regarding sensitive strings. Alan will remember this episode in Singapore when Alan, Evan and I had a meeting with the NGPC and several members of the GNSO - including contracted parties. What we are seeing now is the proof of the pudding - that:
>> "While legacy gTLDs collectively
>> had a spam-domains-per-10,000 rate of 56.9, in the last quarter of
>> 2016, the new gTLDs experienced a rate of 526.6–which is almostt
>> one order of magnitude higher. "
>> The methodology and technical details of the analysis are of good quality. The model which they used to perform the crawl of the domain name space appears to be thorough, thus I have no reason to believe that the analysis would be flawed.
>> Some of the report's findings show that some new gTLDs are very affected by misuse/malware domains.
>> Gibraltar (surprise!) figures on the top of Registrars with most malware domains.
>> Community gTLDs are less likely to be used for malware that standard gTLDs.
>> Cheaper domains appear to be more used for malware - although the authors do writein their conclusions:  "It is not clear, however, if pricing is the only factor driving high concentra-
>> tions of maliciously registered domains."
>> But they do also say:
>> "Our findings suggest that some new gTLDs have become
>> a growing target for malicious actors." (page 25)
>> Well, nothing really new in this, but it corroborates the work that ICANN has done, as well as many other groups like the APWG.
>> But at present, short of congratulating the authors of the report and asking the CCT-RT to take strong note of the report's finding, including expressing the concern that we have about the use of new gTLD for malware, I don't see any other reason to write a Statement/Comment.
>> I asked Tatiana Tropina to also go through the report. She did note that one thing was missing: whether abuse correlates with semantic properties of the gTLD names, e.g. some names are more attractive to abuse because of the words themselves. As the authors are explaining that they are seeing some potential for further work, it might be interesting to suggest this to them.
>> Last, I note that there is a Webinar about the topic: https://www.icann.org/news/announcement-2017-08-31-en <https://www.icann.org/news/announcement-2017-08-31-en>
>> I would encourage At-Large participants to participate in the Webinar. Perhaps during that Webinar should many At-Large participants express their concerns.
>> Kindest regards,
>> Olivier
>> On 01/09/2017 22:10, Ariel Liang wrote:
>>> Hello Olivier, 
>>> Any update on this public comment? https://community.icann.org/x/bRUhB <https://community.icann.org/x/bRUhB> 
>>> Saw this action item has been checked but just want to reconfirm whether a statement will be needed or not. 
>>> Thank you,
>>> Ariel
> _______________________________________________
> ALAC mailing list
> ALAC at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/alac
> At-Large Online: http://www.atlarge.icann.org
> ALAC Working Wiki: https://community.icann.org/display/atlarge/At-Large+Advisory+Committee+(ALAC)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20170906/c68d164d/attachment.html>

More information about the ALAC mailing list