[ALAC] Fwd: Re: SADAG Public Comment

h.raiche at internode.on.net h.raiche at internode.on.net
Wed Sep 6 11:23:32 UTC 2017

A good report - thanks to Olivier.  I will certainly be attending the


----- Original Message -----
From: "Alan Greenberg" 
Sent:Wed, 6 Sep 2017 00:27:59 -0400
Subject:[ALAC] Fwd: Re: SADAG Public Comment

 I asked Olivier to look at whether we needed to comment on a recent
study on DNS abuse (commissioned by the CCT-RT). His report followed
and is an excellent example of what we should be doing to evaluate
whether ALAC action is required. See
https://community.icann.org/x/bRUhB [1].

 In this case, Olivier is recommending no comment, a recommendation I


Subject: Re: SADAG Public Comment
 To: Ariel Liang , Alan Greenberg 
 CC: 'At Large Staff' 
 From: Olivier MJ Crépin-Leblond 
 Date: Wed, 6 Sep 2017 03:07:33 +0200

 Dear Ariel,
 Dear Alan,

 thanks for your follow-up. I have read the SADAG report and have
found it very interesting.

 First thing, I was surprised to see that .pharmacy was seen as
community TLD. (p.2) but then that's not the topic of the report.
There are a few other grammatical errors, but that's no big deal
either. What matters is the substance of the paper. 

 It basically confirms our suspicions when we spoke of misuse of TLDs
and made our case regarding sensitive strings. Alan will remember this
episode in Singapore when Alan, Evan and I had a meeting with the NGPC
and several members of the GNSO - including contracted parties. What
we are seeing now is the proof of the pudding - that:

 "While legacy gTLDs collectively
 had a spam-domains-per-10,000 rate of 56.9, in the last quarter of
 2016, the new gTLDs experienced a rate of 526.6–which is almostt
 one order of magnitude higher. "

 The methodology and technical details of the analysis are of good
quality. The model which they used to perform the crawl of the domain
name space appears to be thorough, thus I have no reason to believe
that the analysis would be flawed.

 Some of the report's findings show that some new gTLDs are very
affected by misuse/malware domains.
 Gibraltar (surprise!) figures on the top of Registrars with most
malware domains.
 Community gTLDs are less likely to be used for malware that standard
 Cheaper domains appear to be more used for malware - although the
authors do writein their conclusions:  "It is not clear, however, if
pricing is the only factor driving high concentra-
 tions of maliciously registered domains."

 But they do also say:

 "Our findings suggest that some new gTLDs have become
 a growing target for malicious actors." (page 25)

 Well, nothing really new in this, but it corroborates the work that
ICANN has done, as well as many other groups like the APWG.

 But at present, short of congratulating the authors of the report and
asking the CCT-RT to take strong note of the report's finding,
including expressing the concern that we have about the use of new
gTLD for malware, I don't see any other reason to write a
 I asked Tatiana Tropina to also go through the report. She did note
that one thing was missing: whether abuse correlates with semantic
properties of the gTLD names, e.g. some names are more attractive to
abuse because of the words themselves. As the authors are explaining
that they are seeing some potential for further work, it might be
interesting to suggest this to them.

 Last, I note that there is a Webinar about the topic:
https://www.icann.org/news/announcement-2017-08-31-en [2]
 I would encourage At-Large participants to participate in the
Webinar. Perhaps during that Webinar should many At-Large participants
express their concerns.

 Kindest regards,


 On 01/09/2017 22:10, Ariel Liang wrote:
Hello Olivier, 
 Any update on this public comment?
https://community.icann.org/x/bRUhB [3] 
 Saw this action item has been checked but just want to reconfirm
whether a statement will be needed or not. 
 Thank you,

[1] https://community.icann.org/x/bRUhB
[2] https://www.icann.org/news/announcement-2017-08-31-en
[3] https://communityicann.org/x/bRUhB

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://atlarge-lists.icann.org/pipermail/alac/attachments/20170906/a1fa5f56/attachment.html>

More information about the ALAC mailing list