[At-Large] DomainIncite : Is this why WhatsApp hates some TLDs but not others?

Antony Van Couvering avc at avc.vc
Sat Sep 16 17:00:45 UTC 2023 

All domain names are machine-generated. 

> On Sep 15, 2023, at 21:53, Barry Shein via At-Large <at-large at atlarge-lists.icann.org> wrote:
> 
> 
> How about selling tens of thousands (maybe hundreds of thousands) of
> machine-generated domains to spammers/phishers for a steeply discounted
> price?
> 
>> On September 15, 2023 at 15:20 karl at cavebear.com (Karl Auerbach) wrote:
>> In order to avoid reading the actual text (yes, I am lazy) what is the
>> definition of "DNS security abuse"?
>> 
>> The reason I ask is that I've seen the phrase "DNS abuse" (absent the word
>> "security") tossed about to whine (yes I am being hyperbolic and pejorative)
>> about things such as "this or that practice annoys my cat" or "go to website
>> abc.def.tld and buy solid gold 1kg bars for $1 each."  The first is simply out
>> of ICANN's scope and the second probably violates fraud/misrepresentation laws
>> in pretty much every country and ought to be beyond ICANN's scope.  I would put
>> anything that is covered by national and international trademark law outside
>> the umbra or penumbra of the word "security".
>> 
>> On the other hand it would, to my mind, be quite within ICANN's scope to knock
>> registr* bodies and TLD server operators if they do bad things, like leaving
>> logins open via telnet (clear text passwords) or are running on easily
>> penetrated foundations such as (let me pick a crazy example) Windows 95.
>> 
>>     --karl--
>> 
>> On 9/15/23 10:58 AM, Carlton Samuels via At-Large wrote:
>> 
>>    If you missed it, after a year in pending status, the ICANN Board just
>>    voted to reject Recs 14 & 15 from the CCT Review.  These were offered for
>>    mitigating systemic DNS security abuse. 
>>     
>>    #14 recommends amendments offering incentives - inclusive of financial ones
>>    - in the [RA/RAA] Agreements for the contracted parties adopting proactive
>>    anti-abuse measures. Nothing too heretical. 
>> 
>>    #15 recommends amendments to [RA/RAA] Agreements that establish thresholds
>>    of abuse at which compliance inquiries are automatically triggered and a
>>    higher one at which registrars and registries are presumed to be in default
>>    of their agreements. 
>> 
>>    We went on to recommend a community-developed DNS Abuse Dispute Resolution
>>    Policy (DADRP) if ICANN Compliance falls asleep on the enforcement job.
>>    [The text delicately eased into that like only "...if the community
>>    determines that ICANN org itself is ill-suited or unable to enforce such
>>    provisions."] 
>> 
>>    In my own view #14 is something regulators do with concessionaires time and
>>    again. Even the "light touch and by suasion" telecoms ones I know well in
>>    my home region. 
>> 
>>    Our ICANN don't play that!
>> 
>>    Carlton   
>>    ==============================
>>    Carlton A Samuels
>>    Mobile: 876-818-1799
>>    Strategy, Process, Governance, Assessment & Turnaround
>>    =============================
>> 
>> 
>>    On Thu, 14 Sept 2023 at 20:33, Barry Shein via At-Large <
>>    at-large at atlarge-lists.icann.org> wrote:
>> 
>> 
>>        As a company which provides email and other internet services maybe if
>>        the new gTLDs agreements included some serious commitment to avoid
>>        allowing the use of these gTLDs for massive spamming and phishing etc
>>        maybe the service providers would have been more enthusiastic about
>>        acceptance.
>> 
>>        Unfortunately the opposite is true and many of these new gTlDs can
>>        safely be blocked in entirety, they just spew spam etc, with no
>>        customer complaints.
>> 
>>        I'll guess these new gTLD registrars/registries would complain that's
>>        not equitable since it's not required of other TLDs.
>> 
>>        Which is all a very nice argument to make sitting in an airless room
>>        somewhere.
>> 
>>        So instead they tend to get blocked and ignored, or at least marked
>>        "suspicious" by spam filters, but equitably!
>> 
>>        If I had a nickel for every ISP who said or recommended "oh just block
>>        all .pick-a-nGTLD, you and your customers will be happier"...
>> 
>>        --
>>                -Barry Shein
>> 
>>        Software Tool & Die    | bzs at TheWorld.com             | http://
>>        www.TheWorld.com
>>        Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
>>        The World: Since 1989  | A Public Information Utility | *oo*
>>        _______________________________________________
>>        At-Large mailing list
>>        At-Large at atlarge-lists.icann.org
>>        https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> 
>>        At-Large Official Site: http://atlarge.icann.org
>>        _______________________________________________
>>        By submitting your personal data, you consent to the processing of your
>>        personal data for purposes of subscribing to this mailing list
>>        accordance with the ICANN Privacy Policy (https://www.icann.org/privacy
>>        /policy) and the website Terms of Service (https://www.icann.org/
>>        privacy/tos). You can visit the Mailman link above to change your
>>        membership status or configuration, including unsubscribing, setting
>>        digest-style delivery or disabling delivery altogether (e.g., for a
>>        vacation), and so on.
>> 
>> 
>>    _______________________________________________
>>    At-Large mailing list
>>    At-Large at atlarge-lists.icann.org
>>    https://atlarge-lists.icann.org/mailman/listinfo/at-large
>> 
>>    At-Large Official Site: http://atlarge.icann.org
>>    _______________________________________________
>>    By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
>> 
> 
> -- 
>        -Barry Shein
> 
> Software Tool & Die    | bzs at TheWorld.com             | http://www.TheWorld.com
> Purveyors to the Trade | Voice: +1 617-STD-WRLD       | 800-THE-WRLD
> The World: Since 1989  | A Public Information Utility | *oo*
> _______________________________________________
> At-Large mailing list
> At-Large at atlarge-lists.icann.org
> https://atlarge-lists.icann.org/mailman/listinfo/at-large
> 
> At-Large Official Site: http://atlarge.icann.org
> _______________________________________________
> By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

More information about the At-Large mailing list