Other industries have various circumscriptions in their dealings with customers so as to deter or detect criminality. Ths is particularly true for those involved in abstract products such as banking, finance, and insurance. And also those where one could enable great harm (e.g., gun sales, auto rental.) This doesn't make them a "police force" etc. I'd call domains and other resources ICANN manages (e.g., IP addresses) "abstract products". This generally means information must be gathered about customers ("KYC", Know Your Customer) in a reliable way and certain basic criteria must be met such as refusing service to individuals who have committed certain crimes or abuses in the past. That is not meant to be in any way exhaustive. Selling large blocks of domains, sometimes thousands, at steeply reduced prices leaps to mind, etc. Where ICANN might stand in all this exactly is a big topic but they probably could do a little better than, e.g., roughly 10% or more of domain registrants registering with names like "Donald Duck". I doubt anyone involved in ICANN disputes that but the question is what will they actually do beyond nodding their heads in agreement? Many might dispute concrete requirements as just more expense and marketing friction. Therefore I'll call your glass cutting tool example a straw man. On June 5, 2026 at 13:06 karl@cavebear.com (Karl Auerbach) wrote:
The fear of crime (or of things that are verging on crimes) is real.
But do we want ICANN and DNS registration machinery to be used as a police force - or rather more than a police force with ICANN/registrars/registries acting as police, judge/jury, and executioner?
Or would it not be better to simply have a simple, fast, inexpensive registration system that does just that - registers (and publishes names into name servers - a part that is often overlooked) - and leave law enforcement to other bodies that know how to (and have the investigatory tools and powers), and to courts/judges/juries to decide whether the evidence is credible and sufficient, and officers to carry out such judgements?
In one of my prior posts I mentioned the example of glass cutting tools. These can be used in a burglary to cut through a window. But they are also rather common and have non-criminal uses - I have one in my tool kit that I've used to replace windows on a greenhouse.
Should we burden every hardware store in the world with the costs and expense to investigate whether every purchase of a glass cutting tool is legitimate or should we wait for an actual use in a criminal manner?
The trademark and near-vigilante anti-spam communities want ICANN to presume that each of use is a criminal and that we must prove ourselves worthy of obtaining a domain name.
The domain name registration system is a money pump that is a pipeline from the pockets of internet users into the bank accounts of domain name registries/registrars and ICANN. A product for which the actual costs are a few cents per year, at most, are costing users on th eorder of 1000x that cost. Overall, ICANN is costing internet users $billions per year.
ICANN has never considered, much less ever performed, an actual audit of the costs of providing name registration after filtering out the puffery (such as in one case where a registry created an expensive Fort Knox style physical barrier around a data center - good for keeping guys wearing balaclavas out, but not very good at keeping online penetrations away.)
A $billion/year out of the pockets of Internet users is definitely something about which the ALAC ought to be concerned - because it is those ALAC members whose pockets are being emptied by these vastly inflated yearly registration costs we must pay.
In my .ewe TLD idea, I completely separated the concept of registration from the way a domain name is used. And I changed the cost machinery so that registrants pay fees for services as those services are requested, not as yearly rent.
https://cavebear.com/eweregistry/
--karl--
On 6/4/26 4:15 PM, bzs@theworld.com wrote:
This is related to my comments on registries/registrars lowering their proposed standards for registering in their gTLD. The case study of .LOAN in the report is a good example.
Similar to lowering high-minded standards for registration, typically to service some community or ideal (e.g., security) so as to increase registration income you get the next step down which is criminality; selling large blocks of disposable domains to spammers, for example.
What happens next in that scenario is the money in that criminality grows and what used to be an annoying cat and mouse game trying to block such criminal activity becomes a threat from professional criminals.
For example I've blocked large-scale, persistent spammers here only to be hit shortly thereafter, within an hour, with a DDoS attack. I can't prove it's the spammers but when it happens over and over it's hard to dismiss to coincidence.
I anticipate the next step will be one wakes up to a dead horse's head in one's bed or similar*.
That's the problem, by indulging one's desire to act like the criminality isn't there the criminals become wealthier and better organized and more difficult to extricate.
A lot of this is similar to the money laundering problem and banks which led to KYC rules, FINCEN, etc.
* If it's possible someone doesn't get the reference it's a reference to the film "The Godfather" where a bigshot hollywood film producer refuses an offer from the crime godfather which cannot be refused and wakes up with the bloody head of his prized race horse in his bed.
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*