I have summarised it here https://isoclive.substack.com/p/interisle-dns-abuse Out of nearly 85 million new gTLD domains registered in 2025, more than 8.4
million had already been blocklisted by May 2026. The report argues that malicious registrations exceeded overall market growth during several months of 2025. In January 2025, for example, net gTLD growth was about 408,000 domains, while approximately 723,000 domains registered that month were later identified as malicious. Similar patterns occurred in February and May.
-- -------------------------------------- Joly MacFie +12185659365 -------------------------------------- -
I skimmed through those documents. With my IP lawyer hat on I hear lots of lawyers and trademark owners claim that they are being abused by a malicious domain when, in fact, all that is happening is that someone beat them to the name registration of a name that they feel is standing too close to one of theirs. I remember one case in which an investment firm - a firm that speculates in things - didn't get a domain name that had the same initials as the investment firm because a college kid had registered a name with his initials. Of course the kid did not have a trademark in his name or initials. There was no malicious purpose nor any abuse, but the investment firm screamed to high heaven that the kid was a criminal and that the domain should be transferred from the kid to the investment firm. i was amused that an investment firm - a firm based on the idea of being quicker than others to the marketplace - forgot that even in the domain name space sometimes the quicker actor legitimately takes the spoils. From where I sit claims of "malicious" and "abuse" are often mere whining about acts that are neither actually malicious nor actually abusive. What I am suggesting is that when writing about domain names (or in this case, about the mere registration of a name) as being malicious or abusive that those terms not only ought to be clearly defined, but that those definitions be front and center on any report about such domains. The Interisle report says this (on page 35): /How does Interisle determine if a domain has been “maliciously registered?”/ /We consider domains blocklisted within 90 days of registration to be malicious./ I note that Interisle seems to distinguish between malicious *registration* and malicious *use*. There us a vast gap there - the same as the difference between a) buying a glass cutter and b) using that glass cutter in a crime (such as cutting through a window pane in order to commit a burglary.) In other words in the minds of Interisle, a domain that somebody puts onto some block lists within three months is adjudged, usually without further inquiry, as "malicious". Or to put it another way around, what is "malicious" depends on the opinions of some unknown block listing agencies. That is not not a definition. Rather it is an invitation to vigilante and inconsistent behaviour. A true definition would dig into real actions that have been actually performed through the use of an accused domain name. Perhaps the Interisle definition could be useful as a sieve to identify registrations that deserve deeper inquiry. But saying that a domain name is malicious simply on the basis of block list entries is a process based on third party rumor (in law we would call that "hearsay", a thing that is usually excluded by our rules of evidence) rather than on a presentation of relevant, directly obtained, supporting facts. --karl-- On 6/3/26 9:06 AM, Joly MacFie via At-Large wrote:
I have summarised it here https://isoclive.substack.com/p/interisle-dns-abuse
Out of nearly 85 million new gTLD domains registered in 2025, more than 8.4 million had already been blocklisted by May 2026. The report argues that malicious registrations exceeded overall market growth during several months of 2025. In January 2025, for example, net gTLD growth was about 408,000 domains, while approximately 723,000 domains registered that month were later identified as malicious. Similar patterns occurred in February and May.
-- -------------------------------------- Joly MacFie +12185659365 -------------------------------------- -
_______________________________________________ At-Large mailing list --at-large@icann.org To unsubscribe send an email toat-large-leave@icann.org
At-Large Official Site:http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
I have been apprised that this report is the 4th agenda item in the ALAC Open House in Seville, June 9 https://icann-community.atlassian.net/wiki/spaces/atlarge/pages/938508316/At... Joly On Wed, Jun 3, 2026 at 9:57 PM Karl Auerbach via At-Large < at-large@icann.org> wrote:
I skimmed through those documents.
With my IP lawyer hat on I hear lots of lawyers and trademark owners claim that they are being abused by a malicious domain when, in fact, all that is happening is that someone beat them to the name registration of a name that they feel is standing too close to one of theirs.
I remember one case in which an investment firm - a firm that speculates in things - didn't get a domain name that had the same initials as the investment firm because a college kid had registered a name with his initials. Of course the kid did not have a trademark in his name or initials. There was no malicious purpose nor any abuse, but the investment firm screamed to high heaven that the kid was a criminal and that the domain should be transferred from the kid to the investment firm. i was amused that an investment firm - a firm based on the idea of being quicker than others to the marketplace - forgot that even in the domain name space sometimes the quicker actor legitimately takes the spoils.
From where I sit claims of "malicious" and "abuse" are often mere whining about acts that are neither actually malicious nor actually abusive.
What I am suggesting is that when writing about domain names (or in this case, about the mere registration of a name) as being malicious or abusive that those terms not only ought to be clearly defined, but that those definitions be front and center on any report about such domains.
The Interisle report says this (on page 35):
*How does Interisle determine if a domain has been “maliciously registered?”*
*We consider domains blocklisted within 90 days of registration to be malicious.*
I note that Interisle seems to distinguish between malicious *registration* and malicious *use*. There us a vast gap there - the same as the difference between a) buying a glass cutter and b) using that glass cutter in a crime (such as cutting through a window pane in order to commit a burglary.)
In other words in the minds of Interisle, a domain that somebody puts onto some block lists within three months is adjudged, usually without further inquiry, as "malicious".
Or to put it another way around, what is "malicious" depends on the opinions of some unknown block listing agencies.
That is not not a definition. Rather it is an invitation to vigilante and inconsistent behaviour.
A true definition would dig into real actions that have been actually performed through the use of an accused domain name.
Perhaps the Interisle definition could be useful as a sieve to identify registrations that deserve deeper inquiry.
But saying that a domain name is malicious simply on the basis of block list entries is a process based on third party rumor (in law we would call that "hearsay", a thing that is usually excluded by our rules of evidence) rather than on a presentation of relevant, directly obtained, supporting facts.
--karl-- On 6/3/26 9:06 AM, Joly MacFie via At-Large wrote:
I have summarised it here https://isoclive.substack.com/p/interisle-dns-abuse
Out of nearly 85 million new gTLD domains registered in 2025, more than
8.4 million had already been blocklisted by May 2026. The report argues that malicious registrations exceeded overall market growth during several months of 2025. In January 2025, for example, net gTLD growth was about 408,000 domains, while approximately 723,000 domains registered that month were later identified as malicious. Similar patterns occurred in February and May.
-- -------------------------------------- Joly MacFie +12185659365 -------------------------------------- -
_______________________________________________ At-Large mailing list -- at-large@icann.org To unsubscribe send an email to at-large-leave@icann.org
At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ At-Large mailing list -- at-large@icann.org To unsubscribe send an email to at-large-leave@icann.org
At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- -------------------------------------- Joly MacFie +12185659365 -------------------------------------- -
On Wed, Jun 3, 2026 at 9:57 PM Karl Auerbach via At-Large < at-large@icann.org> wrote:
With my IP lawyer hat on I hear lots of lawyers and trademark owners claim that they are being abused by a malicious domain when, in fact, all that is happening is that someone beat them to the name registration of a name that they feel is standing too close to one of theirs.
Not an end-user issue.
From where I sit claims of "malicious" and "abuse" are often mere whining about acts that are neither actually malicious nor actually abusive.
From an end-user PoV I don't think there's any such thing as a malicious registration. A domain only becomes malicious when it becomes the source of - Botnets - Malware - Pharming - Phishing - Spam which constitutes the definition of DNS Abuse according to the ICANN Board and described at https://www.icann.org/dnsabuse. Many others including myself consider a much broader definition of abuse, which depending on personal preference may include: - Fingerprinting and cross-site tracking - Advertising based on said tracking - Adult content Is there a good reason not to keep the At-Large discussion focused on DNS Abuse that matters to end-users? In other words in the minds of Interisle, a domain that somebody puts onto
some block lists within three months is adjudged, usually without further inquiry, as "malicious".
Well... by definition, any entry in a list of malicious sites is malicious to *someone*. It all boils down to whether you trust the list maker to have (a) a clear definition of what constitutes a malicious site *to them* and (b) an effective and transparent mechanism to address both false positives and false negatives.
Or to put it another way around, what is "malicious" depends on the opinions of some unknown block listing agencies.
Because some people like myself have a broader definition of malicious than ICANN's. Indeed, one definition of malicious does not fit all. The ControlD public DNS server enables six different levels of abuse blocking <https://controld.com/free-dns#quick-setups>. And that's just the free service, the paid one enables much more fine-grained control.
That is not not a definition. Rather it is an invitation to vigilante and inconsistent behaviour.
One man's vigilante is another's hero. I've been relying for decades on the Spamhaus blackhole list to filter out sources of spam. It has been utterly consistent and extremely useful. Now public DNS servers such as Cloudflare's 1.1.1.2 (and including one created by a ccTLD registry <https://www.cira.ca/en/canadian-shield/>) offer similar methods for end-users to block the abusive domains that ICANN can't or won't. Might the definitions in some lists be arbitrary? Maybe, but so what? I'm the end user, I want to be in control of the definition and list that works for me. Please don't fearmonger. SSAC 127 notes that about 21% of Internet users are using public and filtering DNS servers. They all depend on blocklists and they seem to work pretty well. - Evan
This is related to my comments on registries/registrars lowering their proposed standards for registering in their gTLD. The case study of .LOAN in the report is a good example. Similar to lowering high-minded standards for registration, typically to service some community or ideal (e.g., security) so as to increase registration income you get the next step down which is criminality; selling large blocks of disposable domains to spammers, for example. What happens next in that scenario is the money in that criminality grows and what used to be an annoying cat and mouse game trying to block such criminal activity becomes a threat from professional criminals. For example I've blocked large-scale, persistent spammers here only to be hit shortly thereafter, within an hour, with a DDoS attack. I can't prove it's the spammers but when it happens over and over it's hard to dismiss to coincidence. I anticipate the next step will be one wakes up to a dead horse's head in one's bed or similar*. That's the problem, by indulging one's desire to act like the criminality isn't there the criminals become wealthier and better organized and more difficult to extricate. A lot of this is similar to the money laundering problem and banks which led to KYC rules, FINCEN, etc. * If it's possible someone doesn't get the reference it's a reference to the film "The Godfather" where a bigshot hollywood film producer refuses an offer from the crime godfather which cannot be refused and wakes up with the bloody head of his prized race horse in his bed. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
The fear of crime (or of things that are verging on crimes) is real. But do we want ICANN and DNS registration machinery to be used as a police force - or rather more than a police force with ICANN/registrars/registries acting as police, judge/jury, and executioner? Or would it not be better to simply have a simple, fast, inexpensive registration system that does just that - registers (and publishes names into name servers - a part that is often overlooked) - and leave law enforcement to other bodies that know how to (and have the investigatory tools and powers), and to courts/judges/juries to decide whether the evidence is credible and sufficient, and officers to carry out such judgements? In one of my prior posts I mentioned the example of glass cutting tools. These can be used in a burglary to cut through a window. But they are also rather common and have non-criminal uses - I have one in my tool kit that I've used to replace windows on a greenhouse. Should we burden every hardware store in the world with the costs and expense to investigate whether every purchase of a glass cutting tool is legitimate or should we wait for an actual use in a criminal manner? The trademark and near-vigilante anti-spam communities want ICANN to presume that each of use is a criminal and that we must prove ourselves worthy of obtaining a domain name. The domain name registration system is a money pump that is a pipeline from the pockets of internet users into the bank accounts of domain name registries/registrars and ICANN. A product for which the actual costs are a few cents per year, at most, are costing users on th eorder of 1000x that cost. Overall, ICANN is costing internet users $billions per year. ICANN has never considered, much less ever performed, an actual audit of the costs of providing name registration after filtering out the puffery (such as in one case where a registry created an expensive Fort Knox style physical barrier around a data center - good for keeping guys wearing balaclavas out, but not very good at keeping online penetrations away.) A $billion/year out of the pockets of Internet users is definitely something about which the ALAC ought to be concerned - because it is those ALAC members whose pockets are being emptied by these vastly inflated yearly registration costs we must pay. In my .ewe TLD idea, I completely separated the concept of registration from the way a domain name is used. And I changed the cost machinery so that registrants pay fees for services as those services are requested, not as yearly rent. https://cavebear.com/eweregistry/ --karl-- On 6/4/26 4:15 PM, bzs@theworld.com wrote:
This is related to my comments on registries/registrars lowering their proposed standards for registering in their gTLD. The case study of .LOAN in the report is a good example.
Similar to lowering high-minded standards for registration, typically to service some community or ideal (e.g., security) so as to increase registration income you get the next step down which is criminality; selling large blocks of disposable domains to spammers, for example.
What happens next in that scenario is the money in that criminality grows and what used to be an annoying cat and mouse game trying to block such criminal activity becomes a threat from professional criminals.
For example I've blocked large-scale, persistent spammers here only to be hit shortly thereafter, within an hour, with a DDoS attack. I can't prove it's the spammers but when it happens over and over it's hard to dismiss to coincidence.
I anticipate the next step will be one wakes up to a dead horse's head in one's bed or similar*.
That's the problem, by indulging one's desire to act like the criminality isn't there the criminals become wealthier and better organized and more difficult to extricate.
A lot of this is similar to the money laundering problem and banks which led to KYC rules, FINCEN, etc.
* If it's possible someone doesn't get the reference it's a reference to the film "The Godfather" where a bigshot hollywood film producer refuses an offer from the crime godfather which cannot be refused and wakes up with the bloody head of his prized race horse in his bed.
On Fri, Jun 5, 2026 at 4:07 PM Karl Auerbach via At-Large < at-large@icann.org> wrote:
The domain name registration system is a money pump that is a pipeline from the pockets of internet users into the bank accounts of domain name registries/registrars and ICANN. A product for which the actual costs are a few cents per year, at most, are costing users on th eorder of 1000x that cost. Overall, ICANN is costing internet users $billions per year.
No. It is costing *registrants* whatever per year. As a share of marketing expenses (let alone total expenses) domain rental is miniscule. "Sorry, we had to raise our retail price because the cost of our Internet domain increased," said nobody, ever. The Internet end user that has never bought and will never buy a domain -- the billions out there, that ALAC is uniquely charged to speak for -- is utterly unaffected. This is only perceived as a danger within the ICANN bubble. Outside of the bubble this is utter irrelevancy. Registrants are end-users to the same extent that registry employees, ICANN staff and IP lawyers are also end-users. Maybe At-Large should be fighting on behalf of all of them. (Indeed, one could easily make the case that it already does, such is its lack of focus.) Beyond a common need for stability, end-user interests are widely different from those of registrants (especially the speculation and abuse industries). That ALAC maintains wilful oblivion at this divergence of interest has been a prime driver of its lack of focus and subsequent broad failure at the one job ICANN actually directs it to do. The one fallback I would hear frequently as an excuse for ALAC to meddle in issues not otherwise relevant to end users -- such as the cost of domains -- is that the "wrong" answer to some issues would damage end-user trust in the DNS. And yet ...the post that started this thread offered evidence that at least 93% of all people accessing Internet services (and likely more) do so without typing a domain name, and that trend has yet to bottom out. If ALAC's role was to enhance public trust that the DNS (in the form of typed domain names) was fit to task, the usage statistics suggest that effort has not only failed but is likely beyond recovery. Domains will still be necessary, but they will be increasingly hidden from view in a manner that could be handled by a single flat namespace for the whole world. And if IPv6 ever actually gets broadly adopted there will be no need for domains at all. So the "trust" defence for ALAC's mission-creep is long gone. What remains? A $billion/year out of the pockets of Internet users is definitely something
about which the ALAC ought to be concerned - because it is those ALAC members whose pockets are being emptied by these vastly inflated yearly registration costs we must pay.
ALAC members may be affected, because they are for the most part deep inside the bubble, as I was once. But how many of the pockets of *family members of ALAC reps* are being emptied? How many of the people who access the Internet yet have no intention of owning a domain are having their wallets touched? How many people who use the Internet from libraries, office cubicles, refugee camps, telecentres and living rooms are having their wallets emptied by ICANN? A reality check is clearly in order. These are the people on behalf of whom ALAC is tasked to speak. Nobody else. I suggest that the bias of being an ICANN insider for so long has led to an undeserved conceit regarding the importance of its domain-allocation function to the world. Go outside and look around. - Evan
The Amazon river is a very large stream of water. Did it emerge fully formed? No. It was created one drop of rain and one flake of snow at a time. There are far more than roughly two hundred million domain names registered. Many of those are registered to individual or to small businesses (that are essentially the commercial extension of an individual or small group of individuals.) Perhaps some eyes will say "$25/name/year is negligible." That same person ought to say that those drops of rain and flakes of snow that create the Amazon river are also negligible. However, the sum is immense. And, for those areas in the rain shadow of the mountains, the absence of those raindrops and snowflakes also has enormous consequences. Most of us see that grand river; relatively few of us notice the deserts that would bloom had those raindrops and snowflakes not been taken into the river. Same with ICANN's policies - we tend to forget that those policies are pulling economic raindrops out many pockets, promoting a kind of economic desertification of the wallets of users of the internet. I know people in the US who find $25 to be the difference between eating and not eating at the end of the month. How much more significant might that $25 cost be to the 95% of the world's population who do not live in the US? And to think that business do not pass costs onto consumers - such as individual internet users - would be a flight of fancy. For companies, whether large or small, the impact of domain name costs may be small, but those costs are there in the financial calculations. And like those drops of rain and flakes of snow they accumulate and eventually business will raise their product prices - raises that will land, often only indirectly, onto individual users of the internet. Penny by penny, dollar by dollar, Euro by Euro, ICANN's allowance of unaudited and unquestioned registration fees adds up to well beyond a $Billion each year. And much of that comes, directly and indirectly, year after year, from the pockets of individual internet users. One might say "the only ones affected are those individuals who acquire domain names". Not really. An individual who had to pay $25 for a domain name for which the underlying cost is a few cents is paying at least $24 too much. That user has $24 less disposable income to spend into the economy. Small businesses will add that $25 to their expense ledgers and eventually that will induce, sooner or later, consideration by those businesses whether to raise their product prices. (By-the-way, the cost I am most concerned about is at the registry layer - registrars tend to have higher, and real, costs for the customer facing systems and other services they provide in order to compete.) What appear to be small costs on an individual can aggregate into great revenue streams. Being human, our eyes and attention tend to focus on those great revenue streams. But the impact at the source end - where the the monetary numbers are small (but the numbers of people paying is large) also deserves attention One can argue that ICANN and its bodies formed of individuals ought not to worry about what are probably the better part of a $Billion being yanked out of the pockets of individuals. But I am concerned about cumulative impacts and I would, and I do, wonder why such huge sums are being pulled from individuals. In other words, I am less concerned about the money river that flows, by grace of ICANN policies, into the pockets of registries. And I am more concerned about the desertification of personal, family, and small business economics as their money-droplets are drained away into that river. How can ICANN remedy this? Well, one can begin with the policy that was yanked out of thin air with no justification and no explanation when ICANN was formed - which is the policy that domain names be registered in one year increments with a maximum of ten years. (Yes, some registries have loosened this, but the model of yearly rent tends to hold sway.) (If ICANN were ever to audit the cost of providing name registration servers it is my strong belief that the largest component of the cost will be the machinery to maintain that yearly clock. (It is also a burden to registrants who have to remember to renew, update credit cards in case auto-renew is enabled, etc - those may seem trivial to those who haven't had to run a small business or be the tech person for a church or school, but I can say from my own companies, that because the costs of making mistakes or missing renewal deadlines can be large, these are rather expensive things to monitor.) Changing this would be hard for ICANN. Moving away from the year-based rental approach be a big, often uncomfortable, mental shift for many ICANN folks, and especially for registry/registrar folks. But it is most definitely a topic that ought to be front and center for any body within ICANN that purports to represent the voice of individual people. --karl-- On 6/5/26 7:34 PM, Evan Leibovitch wrote:
On Fri, Jun 5, 2026 at 4:07 PM Karl Auerbach via At-Large <at-large@icann.org> wrote:
The domain name registration system is a money pump that is a pipeline from the pockets of internet users into the bank accounts of domain name registries/registrars and ICANN. A product for which the actual costs are a few cents per year, at most, are costing users on th eorder of 1000x that cost. Overall, ICANN is costing internet users $billions per year.
No.
It is costing *registrants* whatever per year. As a share of marketing expenses (let alone total expenses) domain rental is miniscule. "Sorry, we had to raise our retail price because the cost of our Internet domain increased," said nobody, ever.
On Sat, Jun 6, 2026 at 5:43 AM Karl Auerbach <karl@cavebear.com> wrote:
There are far more than roughly two hundred million domain names registered.
To how many different unique registrants? Do we have a situation in which the top 10% registrants possess more than half of the extant domains? How many domains are rented for purely defensive reasons? How many are part of speculative portfolios? How many are purchased by bots, thousands at a time, with malicious intent? Such statistics should be easily collected. Are they?
Many of those are registered to individual or to small businesses (that are essentially the commercial extension of an individual or small group of individuals.)
How many? Evidence, please. I assert that the impact is far less that is claimed. ICANN has had 30 years to collect the demographics of its tenants and certainly has the means to do so. Has it bothered? Or would the reality of how few people it actually impacts be too embarrassing?
I know people in the US who find $25 to be the difference between eating and not eating at the end of the month.
And those people have no reason to buy domains. Nor does the vast majority of the population, anywhere.
How much more significant might that $25 cost be to the 95% of the world's population who do not live in the US?
That 95% of the population has no need for domains. Indeed, far more than 99%. When I first got involved in ICANN I was confronted by the widespread belief that every person on earth was a potential registrant who simply hadn't been properly sold yet. I immediately drew the comparison, based on its internal self-image, between ICANN as the Once-ler and domains as Thneeds, This belief and the conceit it creates still underlies a lot of ICANN thinking, apparently. Anyone who has travelled the world -- as those who attend ICANN meetings have, at least a little -- should be looking around them to see how local populations access the Internet. One might see the popularity in some locations of the Meta Free Basics scheme, which provides free or subsidized service to more than 100 million people who access the Internet without using visible domains at all. And of course there are the ccTLDs, completely outside the remit of ICANN, who choose their own pricing and business models to suit local needs should the ICANN model be too onerous.
And to think that business do not pass costs onto consumers - such as individual internet users - would be a flight of fancy.
I prefer evidence. Got any?
For companies, whether large or small, the impact of domain name costs may be small, but those costs are there in the financial calculations. And like those drops of rain and flakes of snow they accumulate and eventually business will raise their product prices - raises that will land, often only indirectly, onto individual users of the internet.
This is laughable. Especially the assertion that prices of domains owned by speculators, not used for any purpose, have any impact on the costs to end-users. And I would just love to see any evidence that the targets of phishing and malware and other scams have had to pay extra ransom as a result of the millions of domains rented specifically to produce the scams having had their rates increased.
Penny by penny, dollar by dollar, Euro by Euro, ICANN's allowance of unaudited and unquestioned registration fees adds up to well beyond a $Billion each year. And much of that comes, directly and indirectly, year after year, from the pockets of individual internet users.
You keep saying that, without a whole lot of proof. This line of thought is starting to sound faith-based.
One might say "the only ones affected are those individuals who acquire domain names". Not really. An individual who had to pay $25 for a domain name for which the underlying cost is a few cents is paying at least $24 too much.
I tend to agree with Barry that domains are vastly underpriced. If the ultimate intent is to serve the interests of non-registrant end-users, high domain prices would deter speculative and abusive domain rentals, and would promote greater use of third-level domains and other innovations to keep the costs down for legitimate domain uses. The excess of revenue over cost could be then used to fund more-aggressive abuse mitigation regimes. But that won't happen because ICANN needs the money and the domain churn.
But the impact at the source end - where the the monetary numbers are small (but the numbers of people paying is large) also deserves attention
"Large" is not a useful metric. Some statistics on what proportion of domains are rented by individuals might make this point credible.
One can argue that ICANN and its bodies formed of individuals ought not to worry about what are probably the better part of a $Billion being yanked out of the pockets of individuals.
The one thing upon which we can apparently agree is that the rent-seeking model of ICANN domains extracts value from the Internet rather than adding value. But the world's answer to that appears to be the abandonment of the use of "memorable" domains in favour of other ways of accessing the Internet. And yet the gTLD space is expanding; more and more domains are being used by fewer and fewer people. Unlike so many of the other assertions being made in this thread, the trend away from typing domains has some research statistics to back it up. I await any research from the opposite direction. - Evan
I think we can end this discussion. Your point of view appears to be that the ALAC only represents people who buy domain names and that the ALAC should ignore everyone else. My point of view is that the domain industry, under ICANN's policies, is extracting at least a $Billion a year, much from the pockets of individuals and small businesses that buy domain names and that $billion cost propagates through normal economic flows not only to those domain name buyers but to the community in general. And that those bodies within ICANN that purport to speak for individuals ought to care about that. And if the ALAC won't protect the public, the community of internet users, then what is the use of an ALAC at all? --karl-- On 6/6/26 8:45 AM, Evan Leibovitch wrote:
On Sat, Jun 6, 2026 at 5:43 AM Karl Auerbach <karl@cavebear.com> wrote:
There are far more than roughly two hundred million domain names registered.
To how many different unique registrants? Do we have a situation in which the top 10% registrants possess more than half of the extant domains? How many domains are rented for purely defensive reasons? How many are part of speculative portfolios? How many are purchased by bots, thousands at a time, with malicious intent? Such statistics should be easily collected. Are they?
Many of those are registered to individual or to small businesses (that are essentially the commercial extension of an individual or small group of individuals.)
How many? Evidence, please.
I assert that the impact is far less that is claimed. ICANN has had 30 years to collect the demographics of its tenants and certainly has the means to do so. Has it bothered? Or would the reality of how few people it actually impacts be too embarrassing?
I know people in the US who find $25 to be the difference between eating and not eating at the end of the month.
And those people have no reason to buy domains. Nor does the vast majority of the population, anywhere.
How much more significant might that $25 cost be to the 95% of the world's population who do not live in the US?
That 95% of the population has no need for domains. Indeed, far more than 99%.
When I first got involved in ICANN I was confronted by the widespread belief that every person on earth was a potential registrant who simply hadn't been properly sold yet. I immediately drew the comparison, based on its internal self-image, between ICANN as the Once-ler and domains as Thneeds, This belief and the conceit it creates still underlies a lot of ICANN thinking, apparently.
Anyone who has travelled the world -- as those who attend ICANN meetings have, at least a little -- should be looking around them to see how local populations access the Internet. One might see the popularity in some locations of the Meta Free Basics scheme, which provides free or subsidized service to more than 100 million people who access the Internet without using visible domains at all. And of course there are the ccTLDs, completely outside the remit of ICANN, who choose their own pricing and business models to suit local needs should the ICANN model be too onerous.
And to think that business do not pass costs onto consumers - such as individual internet users - would be a flight of fancy.
I prefer evidence. Got any?
For companies, whether large or small, the impact of domain name costs may be small, but those costs are there in the financial calculations. And like those drops of rain and flakes of snow they accumulate and eventually business will raise their product prices - raises that will land, often only indirectly, onto individual users of the internet.
This is laughable. Especially the assertion that prices of domains owned by speculators, not used for any purpose, have any impact on the costs to end-users. And I would just love to see any evidence that the targets of phishing and malware and other scams have had to pay extra ransom as a result of the millions of domains rented specifically to produce the scams having had their rates increased.
Penny by penny, dollar by dollar, Euro by Euro, ICANN's allowance of unaudited and unquestioned registration fees adds up to well beyond a $Billion each year. And much of that comes, directly and indirectly, year after year, from the pockets of individual internet users.
You keep saying that, without a whole lot of proof. This line of thought is starting to sound faith-based.
One might say "the only ones affected are those individuals who acquire domain names". Not really. An individual who had to pay $25 for a domain name for which the underlying cost is a few cents is paying at least $24 too much.
I tend to agree with Barry that domains are vastly underpriced. If the ultimate intent is to serve the interests of non-registrant end-users, high domain prices would deter speculative and abusive domain rentals, and would promote greater use of third-level domains and other innovations to keep the costs down for legitimate domain uses. The excess of revenue over cost could be then used to fund more-aggressive abuse mitigation regimes. But that won't happen because ICANN needs the money and the domain churn.
But the impact at the source end - where the the monetary numbers are small (but the numbers of people paying is large) also deserves attention
"Large" is not a useful metric. Some statistics on what proportion of domains are rented by individuals might make this point credible.
One can argue that ICANN and its bodies formed of individuals ought not to worry about what are probably the better part of a $Billion being yanked out of the pockets of individuals.
The one thing upon which we can apparently agree is that the rent-seeking model of ICANN domains extracts value from the Internet rather than adding value. But the world's answer to that appears to be the abandonment of the use of "memorable" domains in favour of other ways of accessing the Internet. And yet the gTLD space is expanding; more and more domains are being used by fewer and fewer people.
Unlike so many of the other assertions being made in this thread, the trend away from typing domains has some research statistics to back it up. I await any research from the opposite direction.
- Evan
Karl, I fully agree with you. Thank you for stating this. "the domain industry, under ICANN's policies, is extracting at least a $Billion a year, much from the pockets of individuals and small businesses" Best, Elisabeth Porteneuve Le 06/06/2026 à 22:44, Karl Auerbach via At-Large a écrit :
I think we can end this discussion.
Your point of view appears to be that the ALAC only represents people who buy domain names and that the ALAC should ignore everyone else.
My point of view is that the domain industry, under ICANN's policies, is extracting at least a $Billion a year, much from the pockets of individuals and small businesses that buy domain names and that $billion cost propagates through normal economic flows not only to those domain name buyers but to the community in general. And that those bodies within ICANN that purport to speak for individuals ought to care about that. And if the ALAC won't protect the public, the community of internet users, then what is the use of an ALAC at all?
--karl--
On 6/6/26 8:45 AM, Evan Leibovitch wrote:
On Sat, Jun 6, 2026 at 5:43 AM Karl Auerbach <karl@cavebear.com> wrote:
There are far more than roughly two hundred million domain names registered.
To how many different unique registrants? Do we have a situation in which the top 10% registrants possess more than half of the extant domains? How many domains are rented for purely defensive reasons? How many are part of speculative portfolios? How many are purchased by bots, thousands at a time, with malicious intent? Such statistics should be easily collected. Are they?
Many of those are registered to individual or to small businesses (that are essentially the commercial extension of an individual or small group of individuals.)
How many? Evidence, please.
I assert that the impact is far less that is claimed. ICANN has had 30 years to collect the demographics of its tenants and certainly has the means to do so. Has it bothered? Or would the reality of how few people it actually impacts be too embarrassing?
I know people in the US who find $25 to be the difference between eating and not eating at the end of the month.
And those people have no reason to buy domains. Nor does the vast majority of the population, anywhere.
How much more significant might that $25 cost be to the 95% of the world's population who do not live in the US?
That 95% of the population has no need for domains. Indeed, far more than 99%.
When I first got involved in ICANN I was confronted by the widespread belief that every person on earth was a potential registrant who simply hadn't been properly sold yet. I immediately drew the comparison, based on its internal self-image, between ICANN as the Once-ler and domains as Thneeds, This belief and the conceit it creates still underlies a lot of ICANN thinking, apparently.
Anyone who has travelled the world -- as those who attend ICANN meetings have, at least a little -- should be looking around them to see how local populations access the Internet. One might see the popularity in some locations of the Meta Free Basics scheme, which provides free or subsidized service to more than 100 million people who access the Internet without using visible domains at all. And of course there are the ccTLDs, completely outside the remit of ICANN, who choose their own pricing and business models to suit local needs should the ICANN model be too onerous.
And to think that business do not pass costs onto consumers - such as individual internet users - would be a flight of fancy.
I prefer evidence. Got any?
For companies, whether large or small, the impact of domain name costs may be small, but those costs are there in the financial calculations. And like those drops of rain and flakes of snow they accumulate and eventually business will raise their product prices - raises that will land, often only indirectly, onto individual users of the internet.
This is laughable. Especially the assertion that prices of domains owned by speculators, not used for any purpose, have any impact on the costs to end-users. And I would just love to see any evidence that the targets of phishing and malware and other scams have had to pay extra ransom as a result of the millions of domains rented specifically to produce the scams having had their rates increased.
Penny by penny, dollar by dollar, Euro by Euro, ICANN's allowance of unaudited and unquestioned registration fees adds up to well beyond a $Billion each year. And much of that comes, directly and indirectly, year after year, from the pockets of individual internet users.
You keep saying that, without a whole lot of proof. This line of thought is starting to sound faith-based.
One might say "the only ones affected are those individuals who acquire domain names". Not really. An individual who had to pay $25 for a domain name for which the underlying cost is a few cents is paying at least $24 too much.
I tend to agree with Barry that domains are vastly underpriced. If the ultimate intent is to serve the interests of non-registrant end-users, high domain prices would deter speculative and abusive domain rentals, and would promote greater use of third-level domains and other innovations to keep the costs down for legitimate domain uses. The excess of revenue over cost could be then used to fund more-aggressive abuse mitigation regimes. But that won't happen because ICANN needs the money and the domain churn.
But the impact at the source end - where the the monetary numbers are small (but the numbers of people paying is large) also deserves attention
"Large" is not a useful metric. Some statistics on what proportion of domains are rented by individuals might make this point credible.
One can argue that ICANN and its bodies formed of individuals ought not to worry about what are probably the better part of a $Billion being yanked out of the pockets of individuals.
The one thing upon which we can apparently agree is that the rent-seeking model of ICANN domains extracts value from the Internet rather than adding value. But the world's answer to that appears to be the abandonment of the use of "memorable" domains in favour of other ways of accessing the Internet. And yet the gTLD space is expanding; more and more domains are being used by fewer and fewer people.
Unlike so many of the other assertions being made in this thread, the trend away from typing domains has some research statistics to back it up. I await any research from the opposite direction.
- Evan
_______________________________________________ At-Large mailing list --at-large@icann.org To unsubscribe send an email toat-large-leave@icann.org
At-Large Official Site:http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
On Sat, Jun 6, 2026 at 4:44 PM Karl Auerbach <karl@cavebear.com> wrote:
I think we can end this discussion.
As you wish.
Your point of view appears to be that the ALAC only represents people who buy domain names and that the ALAC should ignore everyone else.
Sheesh. Getting it wrong till the very end? My PoV is that ALAC is only charged to represent those who *neither* rent nor provide domains. That is its charge from the ICANN bylaws, full stop. Everything beyond is mission-creep and/or magical thinking.
And if the ALAC won't protect the public, the community of internet users, then what is the use of an ALAC at all?
Indeed. - Evan
The more I think about it the less I like this idea that the percentage of people who manually enter domains to access a site is a measure of the utility of domains. Every cell phone has a phone number, how often do you actually enter a phone number to call or text someone? For me: rarely. That's been largely automated through contact lists or just responding to a call or text or similar. It doesn't mean we should endeavor to remove phone numbers from cell phones tho perhaps that's some sort of idealistic goal for other reasons. You still need to identify the endpoints. And businesses et al still want to identify themselves in other media (e.g., print.) And domains continue to be sold privately for six, seven, and on occasion more, digits in dollars. Some may not like that business, some may even want to suppress it, but nonetheless it is an active business and indicates some out there consider certain domains to be highly valuable. -- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
Hi all I have tried to stay away from this discussion, but I cannot help…. A couple of years ago I would have jumped in with at least a dozen points to point out - pun not intended. However, in the last years I have focused on the young generations. I have been fortunate enough to have been chosen as NextGen Mentor, and I have had the opportunity to listen to the newcomers - although institutionally, it should have been them to listen to me 🙃. Also, a few days ago I have attended EuroDIG, and again I was blessed with the opportunity to meet YOUthDIG participants. In particular as NextGen Mentor, I attended the presentations of the NextGen-ers. Actually, I have been doing this at ICANN meetings whenever my schedule allowed it ever since the NextGen programme was launched, I am planning to do this albeit remotely during ICANN87, and wholeheartedly invite you all to do the same, and also to take the opportunity to talk to NextGen-ers in person. All NextGen participants are asked to produce a presentation about a topic of their choice within the ICANN remit. One thing that is striking is that a tiny minority of the presentations that the newcomers are asked to do does address new TLDs. Actually once - if I remember correctly, it was in Prague - none of the newcomers even mentioned new TLDs. I am proud of what we, as old elephants, have done over these years - and surely folks like Karl and Barry, for whom I have immense respect, have contributed much more than I did. However, we all must acknowledge that for the vast majority of the plain Internet end users - the At-Large constituency - domain names as such are by and large irrelevant. Of course, we all know that the DNS is still important. And a lot of the young people are interested in DNS security and stability, DNS abuse, and more. What I noticed, is that they do not care about the "domain name market" as such. Why on earth the At-Large should be involved in matters like the one I found myself a few years ago - a series of meetings discussing whether the non-capital cities with more than 100K inhabitants should have their name reserved - is a mystery. Yes, it is an extreme case - at least I hope - but where do we draw the line? The question here is what is the vision that we have, as At-Large, about ICANN and our role in it. How do we imagine the future of the Internet, the role of ICANN in the “next” Internet, the needs and concerns of the end users? Cheers, Roberto On 06.06.2026, at 22:44, Karl Auerbach via At-Large <at-large@icann.org> wrote: I think we can end this discussion. Your point of view appears to be that the ALAC only represents people who buy domain names and that the ALAC should ignore everyone else. My point of view is that the domain industry, under ICANN's policies, is extracting at least a $Billion a year, much from the pockets of individuals and small businesses that buy domain names and that $billion cost propagates through normal economic flows not only to those domain name buyers but to the community in general. And that those bodies within ICANN that purport to speak for individuals ought to care about that. And if the ALAC won't protect the public, the community of internet users, then what is the use of an ALAC at all? --karl-- On 6/6/26 8:45 AM, Evan Leibovitch wrote: On Sat, Jun 6, 2026 at 5:43 AM Karl Auerbach <karl@cavebear.com<mailto:karl@cavebear.com>> wrote: There are far more than roughly two hundred million domain names registered. To how many different unique registrants? Do we have a situation in which the top 10% registrants possess more than half of the extant domains? How many domains are rented for purely defensive reasons? How many are part of speculative portfolios? How many are purchased by bots, thousands at a time, with malicious intent? Such statistics should be easily collected. Are they? Many of those are registered to individual or to small businesses (that are essentially the commercial extension of an individual or small group of individuals.) How many? Evidence, please. I assert that the impact is far less that is claimed. ICANN has had 30 years to collect the demographics of its tenants and certainly has the means to do so. Has it bothered? Or would the reality of how few people it actually impacts be too embarrassing? I know people in the US who find $25 to be the difference between eating and not eating at the end of the month. And those people have no reason to buy domains. Nor does the vast majority of the population, anywhere. How much more significant might that $25 cost be to the 95% of the world's population who do not live in the US? That 95% of the population has no need for domains. Indeed, far more than 99%. When I first got involved in ICANN I was confronted by the widespread belief that every person on earth was a potential registrant who simply hadn't been properly sold yet. I immediately drew the comparison, based on its internal self-image, between ICANN as the Once-ler and domains as Thneeds, This belief and the conceit it creates still underlies a lot of ICANN thinking, apparently. Anyone who has travelled the world -- as those who attend ICANN meetings have, at least a little -- should be looking around them to see how local populations access the Internet. One might see the popularity in some locations of the Meta Free Basics scheme, which provides free or subsidized service to more than 100 million people who access the Internet without using visible domains at all. And of course there are the ccTLDs, completely outside the remit of ICANN, who choose their own pricing and business models to suit local needs should the ICANN model be too onerous. And to think that business do not pass costs onto consumers - such as individual internet users - would be a flight of fancy. I prefer evidence. Got any? For companies, whether large or small, the impact of domain name costs may be small, but those costs are there in the financial calculations. And like those drops of rain and flakes of snow they accumulate and eventually business will raise their product prices - raises that will land, often only indirectly, onto individual users of the internet. This is laughable. Especially the assertion that prices of domains owned by speculators, not used for any purpose, have any impact on the costs to end-users. And I would just love to see any evidence that the targets of phishing and malware and other scams have had to pay extra ransom as a result of the millions of domains rented specifically to produce the scams having had their rates increased. Penny by penny, dollar by dollar, Euro by Euro, ICANN's allowance of unaudited and unquestioned registration fees adds up to well beyond a $Billion each year. And much of that comes, directly and indirectly, year after year, from the pockets of individual internet users. You keep saying that, without a whole lot of proof. This line of thought is starting to sound faith-based. One might say "the only ones affected are those individuals who acquire domain names". Not really. An individual who had to pay $25 for a domain name for which the underlying cost is a few cents is paying at least $24 too much. I tend to agree with Barry that domains are vastly underpriced. If the ultimate intent is to serve the interests of non-registrant end-users, high domain prices would deter speculative and abusive domain rentals, and would promote greater use of third-level domains and other innovations to keep the costs down for legitimate domain uses. The excess of revenue over cost could be then used to fund more-aggressive abuse mitigation regimes. But that won't happen because ICANN needs the money and the domain churn. But the impact at the source end - where the the monetary numbers are small (but the numbers of people paying is large) also deserves attention "Large" is not a useful metric. Some statistics on what proportion of domains are rented by individuals might make this point credible. One can argue that ICANN and its bodies formed of individuals ought not to worry about what are probably the better part of a $Billion being yanked out of the pockets of individuals. The one thing upon which we can apparently agree is that the rent-seeking model of ICANN domains extracts value from the Internet rather than adding value. But the world's answer to that appears to be the abandonment of the use of "memorable" domains in favour of other ways of accessing the Internet. And yet the gTLD space is expanding; more and more domains are being used by fewer and fewer people. Unlike so many of the other assertions being made in this thread, the trend away from typing domains has some research statistics to back it up. I await any research from the opposite direction. - Evan _______________________________________________ At-Large mailing list -- at-large@icann.org To unsubscribe send an email to at-large-leave@icann.org At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
On Sat, Jun 6, 2026 at 8:03 PM Roberto Gaetano via At-Large < at-large@icann.org> wrote:
The question here is what is the vision that we have, as At-Large, about ICANN and our role in it. How do we imagine the future of the Internet, the role of ICANN in the “next” Internet, the needs and concerns of the end users?
Based on the PoVs in this thread that have drawn the most support, the vision seems clear: 1. Fight the battles of registrants and others who have their own independent representation within ICANN -- perhaps one day some of their issues just might have trickle-down effects on an end-user base that, as you said, cares less and less about rented domains anyway; 2. As a key tactical issue, have ICANN drop the price of domains to a pure cost-recovery regime, such that the volume of domains rented for speculation and malicious use can increase by orders of magnitude. This would also starve ICANN of the cash to fund things like, say, ALAC and greater anti-abuse enforcement. While this objective seems obviously against the interests of end-users, apparently that should be no obstacle to ALAC's advocacy of it since the destitute registrants are incapable of making this case for themselves; 3. Just the discussion of issues is an objective in itself. (IE, the IGF but with travel funding.) - Evan
Something I find interesting when talking to younger people about the evolution of the internet is perspective. They are often exposed to simplistic summaries: The US govt sponsored a project...etc. I've sat in this conversation with MIT Media Lab students, Harvard's Berkman center, etc. Very bright young people! But at some point it might come up that I founded the first commercial company to let people access the internet for a small monthly fee. And they look at me as if I just claimed to have invented scrambled eggs. (Surely there was a flag day for this, a big ceremony in front of the FCC or Pentagon with Vint Cerf cutting a ribbon cable as the president of the US looked on! No?) Then one of the skeptics finds it on their phone... I can believe younger people have problems seeing the trees for the forest when it comes to domain names. That they just "are what they are", what's to question or discuss? But if they share in a discussion such as we've been having I'm sure they'll understand. Most people don't get to speak as if the very existence of domain names is a matter of debate. On June 7, 2026 at 00:03 at-large@icann.org (Roberto Gaetano via At-Large) wrote:
Hi all
I have tried to stay away from this discussion, but I cannot help….
A couple of years ago I would have jumped in with at least a dozen points to point out - pun not intended.
However, in the last years I have focused on the young generations. I have been fortunate enough to have been chosen as NextGen Mentor, and I have had the opportunity to listen to the newcomers - although institutionally, it should have been them to listen to me 🙃. Also, a few days ago I have attended EuroDIG, and again I was blessed with the opportunity to meet YOUthDIG participants.
In particular as NextGen Mentor, I attended the presentations of the NextGen-ers. Actually, I have been doing this at ICANN meetings whenever my schedule allowed it ever since the NextGen programme was launched, I am planning to do this albeit remotely during ICANN87, and wholeheartedly invite you all to do the same, and also to take the opportunity to talk to NextGen-ers in person. All NextGen participants are asked to produce a presentation about a topic of their choice within the ICANN remit. One thing that is striking is that a tiny minority of the presentations that the newcomers are asked to do does address new TLDs. Actually once - if I remember correctly, it was in Prague - none of the newcomers even mentioned new TLDs.
I am proud of what we, as old elephants, have done over these years - and surely folks like Karl and Barry, for whom I have immense respect, have contributed much more than I did. However, we all must acknowledge that for the vast majority of the plain Internet end users - the At-Large constituency - domain names as such are by and large irrelevant.
Of course, we all know that the DNS is still important. And a lot of the young people are interested in DNS security and stability, DNS abuse, and more. What I noticed, is that they do not care about the "domain name market" as such. Why on earth the At-Large should be involved in matters like the one I found myself a few years ago - a series of meetings discussing whether the non-capital cities with more than 100K inhabitants should have their name reserved - is a mystery. Yes, it is an extreme case - at least I hope - but where do we draw the line?
The question here is what is the vision that we have, as At-Large, about ICANN and our role in it. How do we imagine the future of the Internet, the role of ICANN in the “next” Internet, the needs and concerns of the end users?
Cheers, Roberto
On 06.06.2026, at 22:44, Karl Auerbach via At-Large <at-large@icann.org> wrote:
I think we can end this discussion.
Your point of view appears to be that the ALAC only represents people who buy domain names and that the ALAC should ignore everyone else.
My point of view is that the domain industry, under ICANN's policies, is extracting at least a $Billion a year, much from the pockets of individuals and small businesses that buy domain names and that $billion cost propagates through normal economic flows not only to those domain name buyers but to the community in general. And that those bodies within ICANN that purport to speak for individuals ought to care about that. And if the ALAC won't protect the public, the community of internet users, then what is the use of an ALAC at all?
--karl--
On 6/6/26 8:45 AM, Evan Leibovitch wrote:
On Sat, Jun 6, 2026 at 5:43 AM Karl Auerbach <karl@cavebear.com> wrote:
There are far more than roughly two hundred million domain names registered.
To how many different unique registrants? Do we have a situation in which the top 10% registrants possess more than half of the extant domains? How many domains are rented for purely defensive reasons? How many are part of speculative portfolios? How many are purchased by bots, thousands at a time, with malicious intent? Such statistics should be easily collected. Are they?
Many of those are registered to individual or to small businesses (that are essentially the commercial extension of an individual or small group of individuals.)
How many? Evidence, please.
I assert that the impact is far less that is claimed. ICANN has had 30 years to collect the demographics of its tenants and certainly has the means to do so. Has it bothered? Or would the reality of how few people it actually impacts be too embarrassing?
I know people in the US who find $25 to be the difference between eating and not eating at the end of the month.
And those people have no reason to buy domains. Nor does the vast majority of the population, anywhere.
How much more significant might that $25 cost be to the 95% of the world's population who do not live in the US?
That 95% of the population has no need for domains. Indeed, far more than 99%.
When I first got involved in ICANN I was confronted by the widespread belief that every person on earth was a potential registrant who simply hadn't been properly sold yet. I immediately drew the comparison, based on its internal self-image, between ICANN as the Once-ler and domains as Thneeds, This belief and the conceit it creates still underlies a lot of ICANN thinking, apparently.
Anyone who has travelled the world -- as those who attend ICANN meetings have, at least a little -- should be looking around them to see how local populations access the Internet. One might see the popularity in some locations of the Meta Free Basics scheme, which provides free or subsidized service to more than 100 million people who access the Internet without using visible domains at all. And of course there are the ccTLDs, completely outside the remit of ICANN, who choose their own pricing and business models to suit local needs should the ICANN model be too onerous.
And to think that business do not pass costs onto consumers - such as individual internet users - would be a flight of fancy.
I prefer evidence. Got any?
For companies, whether large or small, the impact of domain name costs may be small, but those costs are there in the financial calculations. And like those drops of rain and flakes of snow they accumulate and eventually business will raise their product prices - raises that will land, often only indirectly, onto individual users of the internet.
This is laughable. Especially the assertion that prices of domains owned by speculators, not used for any purpose, have any impact on the costs to end-users. And I would just love to see any evidence that the targets of phishing and malware and other scams have had to pay extra ransom as a result of the millions of domains rented specifically to produce the scams having had their rates increased.
Penny by penny, dollar by dollar, Euro by Euro, ICANN's allowance of unaudited and unquestioned registration fees adds up to well beyond a $Billion each year. And much of that comes, directly and indirectly, year after year, from the pockets of individual internet users.
You keep saying that, without a whole lot of proof. This line of thought is starting to sound faith-based.
One might say "the only ones affected are those individuals who acquire domain names". Not really. An individual who had to pay $25 for a domain name for which the underlying cost is a few cents is paying at least $24 too much.
I tend to agree with Barry that domains are vastly underpriced. If the ultimate intent is to serve the interests of non-registrant end-users, high domain prices would deter speculative and abusive domain rentals, and would promote greater use of third-level domains and other innovations to keep the costs down for legitimate domain uses. The excess of revenue over cost could be then used to fund more-aggressive abuse mitigation regimes. But that won't happen because ICANN needs the money and the domain churn.
But the impact at the source end - where the the monetary numbers are small (but the numbers of people paying is large) also deserves attention
"Large" is not a useful metric. Some statistics on what proportion of domains are rented by individuals might make this point credible.
One can argue that ICANN and its bodies formed of individuals ought not to worry about what are probably the better part of a $Billion being yanked out of the pockets of individuals.
The one thing upon which we can apparently agree is that the rent-seeking model of ICANN domains extracts value from the Internet rather than adding value. But the world's answer to that appears to be the abandonment of the use of "memorable" domains in favour of other ways of accessing the Internet. And yet the gTLD space is expanding; more and more domains are being used by fewer and fewer people.
Unlike so many of the other assertions being made in this thread, the trend away from typing domains has some research statistics to back it up. I await any research from the opposite direction.
- Evan
_______________________________________________ At-Large mailing list -- at-large@icann.org To unsubscribe send an email to at-large-leave@icann.org
At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ At-Large mailing list -- at-large@icann.org To unsubscribe send an email to at-large-leave@icann.org
At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
1+ to Karl Wolfgang
Karl Auerbach via At-Large <at-large@icann.org> hat am 06.06.2026 22:44 CEST geschrieben:
I think we can end this discussion.
Your point of view appears to be that the ALAC only represents people who buy domain names and that the ALAC should ignore everyone else.
My point of view is that the domain industry, under ICANN's policies, is extracting at least a $Billion a year, much from the pockets of individuals and small businesses that buy domain names and that $billion cost propagates through normal economic flows not only to those domain name buyers but to the community in general. And that those bodies within ICANN that purport to speak for individuals ought to care about that. And if the ALAC won't protect the public, the community of internet users, then what is the use of an ALAC at all?
--karl--
On 6/6/26 8:45 AM, Evan Leibovitch wrote:
On Sat, Jun 6, 2026 at 5:43 AM Karl Auerbach <karl@cavebear.com mailto:karl@cavebear.com> wrote:
There are far more than roughly two hundred million domain names registered.
To how many different unique registrants? Do we have a situation in which the top 10% registrants possess more than half of the extant domains? How many domains are rented for purely defensive reasons? How many are part of speculative portfolios? How many are purchased by bots, thousands at a time, with malicious intent? Such statistics should be easily collected. Are they?
Many of those are registered to individual or to small businesses (that are essentially the commercial extension of an individual or small group of individuals.)
How many? Evidence, please.
I assert that the impact is far less that is claimed. ICANN has had 30 years to collect the demographics of its tenants and certainly has the means to do so. Has it bothered? Or would the reality of how few people it actually impacts be too embarrassing?
I know people in the US who find $25 to be the difference between eating and not eating at the end of the month.
And those people have no reason to buy domains. Nor does the vast majority of the population, anywhere.
How much more significant might that $25 cost be to the 95% of the world's population who do not live in the US?
That 95% of the population has no need for domains. Indeed, far more than 99%. When I first got involved in ICANN I was confronted by the widespread belief that every person on earth was a potential registrant who simply hadn't been properly sold yet. I immediately drew the comparison, based on its internal self-image, between ICANN as the Once-ler and domains as Thneeds, This belief and the conceit it creates still underlies a lot of ICANN thinking, apparently.
Anyone who has travelled the world -- as those who attend ICANN meetings have, at least a little -- should be looking around them to see how local populations access the Internet. One might see the popularity in some locations of the Meta Free Basics scheme, which provides free or subsidized service to more than 100 million people who access the Internet without using visible domains at all. And of course there are the ccTLDs, completely outside the remit of ICANN, who choose their own pricing and business models to suit local needs should the ICANN model be too onerous.
And to think that business do not pass costs onto consumers - such as individual internet users - would be a flight of fancy.
I prefer evidence. Got any?
For companies, whether large or small, the impact of domain name costs may be small, but those costs are there in the financial calculations. And like those drops of rain and flakes of snow they accumulate and eventually business will raise their product prices - raises that will land, often only indirectly, onto individual users of the internet.
This is laughable. Especially the assertion that prices of domains owned by speculators, not used for any purpose, have any impact on the costs to end-users. And I would just love to see any evidence that the targets of phishing and malware and other scams have had to pay extra ransom as a result of the millions of domains rented specifically to produce the scams having had their rates increased.
Penny by penny, dollar by dollar, Euro by Euro, ICANN's allowance of unaudited and unquestioned registration fees adds up to well beyond a $Billion each year. And much of that comes, directly and indirectly, year after year, from the pockets of individual internet users.
You keep saying that, without a whole lot of proof. This line of thought is starting to sound faith-based.
One might say "the only ones affected are those individuals who acquire domain names". Not really. An individual who had to pay $25 for a domain name for which the underlying cost is a few cents is paying at least $24 too much.
I tend to agree with Barry that domains are vastly underpriced. If the ultimate intent is to serve the interests of non-registrant end-users, high domain prices would deter speculative and abusive domain rentals, and would promote greater use of third-level domains and other innovations to keep the costs down for legitimate domain uses. The excess of revenue over cost could be then used to fund more-aggressive abuse mitigation regimes. But that won't happen because ICANN needs the money and the domain churn.
But the impact at the source end - where the the monetary numbers are small (but the numbers of people paying is large) also deserves attention
"Large" is not a useful metric. Some statistics on what proportion of domains are rented by individuals might make this point credible.
One can argue that ICANN and its bodies formed of individuals ought not to worry about what are probably the better part of a $Billion being yanked out of the pockets of individuals.
The one thing upon which we can apparently agree is that the rent-seeking model of ICANN domains extracts value from the Internet rather than adding value. But the world's answer to that appears to be the abandonment of the use of "memorable" domains in favour of other ways of accessing the Internet. And yet the gTLD space is expanding; more and more domains are being used by fewer and fewer people.
Unlike so many of the other assertions being made in this thread, the trend away from typing domains has some research statistics to back it up. I await any research from the opposite direction. - Evan
_______________________________________________ At-Large mailing list -- at-large@icann.org To unsubscribe send an email to at-large-leave@icann.org At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
+ 1 CW
On 7 Jun 2026, at 14:12, Wolfgang Kleinwächter via At-Large <at-large@icann.org> wrote:
1+ to Karl
Wolfgang
Karl Auerbach via At-Large <at-large@icann.org> hat am 06.06.2026 22:44 CEST geschrieben:
I think we can end this discussion.
Your point of view appears to be that the ALAC only represents people who buy domain names and that the ALAC should ignore everyone else.
My point of view is that the domain industry, under ICANN's policies, is extracting at least a $Billion a year, much from the pockets of individuals and small businesses that buy domain names and that $billion cost propagates through normal economic flows not only to those domain name buyers but to the community in general. And that those bodies within ICANN that purport to speak for individuals ought to care about that. And if the ALAC won't protect the public, the community of internet users, then what is the use of an ALAC at all?
--karl--
On 6/6/26 8:45 AM, Evan Leibovitch wrote:
On Sat, Jun 6, 2026 at 5:43 AM Karl Auerbach <karl@cavebear.com <mailto:karl@cavebear.com>> wrote:
There are far more than roughly two hundred million domain names registered.
To how many different unique registrants? Do we have a situation in which the top 10% registrants possess more than half of the extant domains? How many domains are rented for purely defensive reasons? How many are part of speculative portfolios? How many are purchased by bots, thousands at a time, with malicious intent? Such statistics should be easily collected. Are they? Many of those are registered to individual or to small businesses (that are essentially the commercial extension of an individual or small group of individuals.)
How many? Evidence, please.
I assert that the impact is far less that is claimed. ICANN has had 30 years to collect the demographics of its tenants and certainly has the means to do so. Has it bothered? Or would the reality of how few people it actually impacts be too embarrassing? I know people in the US who find $25 to be the difference between eating and not eating at the end of the month.
And those people have no reason to buy domains. Nor does the vast majority of the population, anywhere. How much more significant might that $25 cost be to the 95% of the world's population who do not live in the US?
That 95% of the population has no need for domains. Indeed, far more than 99%. When I first got involved in ICANN I was confronted by the widespread belief that every person on earth was a potential registrant who simply hadn't been properly sold yet. I immediately drew the comparison, based on its internal self-image, between ICANN as the Once-ler and domains as Thneeds, This belief and the conceit it creates still underlies a lot of ICANN thinking, apparently.
Anyone who has travelled the world -- as those who attend ICANN meetings have, at least a little -- should be looking around them to see how local populations access the Internet. One might see the popularity in some locations of the Meta Free Basics scheme, which provides free or subsidized service to more than 100 million people who access the Internet without using visible domains at all. And of course there are the ccTLDs, completely outside the remit of ICANN, who choose their own pricing and business models to suit local needs should the ICANN model be too onerous. And to think that business do not pass costs onto consumers - such as individual internet users - would be a flight of fancy.
I prefer evidence. Got any? For companies, whether large or small, the impact of domain name costs may be small, but those costs are there in the financial calculations. And like those drops of rain and flakes of snow they accumulate and eventually business will raise their product prices - raises that will land, often only indirectly, onto individual users of the internet.
This is laughable. Especially the assertion that prices of domains owned by speculators, not used for any purpose, have any impact on the costs to end-users. And I would just love to see any evidence that the targets of phishing and malware and other scams have had to pay extra ransom as a result of the millions of domains rented specifically to produce the scams having had their rates increased. Penny by penny, dollar by dollar, Euro by Euro, ICANN's allowance of unaudited and unquestioned registration fees adds up to well beyond a $Billion each year. And much of that comes, directly and indirectly, year after year, from the pockets of individual internet users.
You keep saying that, without a whole lot of proof. This line of thought is starting to sound faith-based. One might say "the only ones affected are those individuals who acquire domain names". Not really. An individual who had to pay $25 for a domain name for which the underlying cost is a few cents is paying at least $24 too much.
I tend to agree with Barry that domains are vastly underpriced. If the ultimate intent is to serve the interests of non-registrant end-users, high domain prices would deter speculative and abusive domain rentals, and would promote greater use of third-level domains and other innovations to keep the costs down for legitimate domain uses. The excess of revenue over cost could be then used to fund more-aggressive abuse mitigation regimes. But that won't happen because ICANN needs the money and the domain churn. But the impact at the source end - where the the monetary numbers are small (but the numbers of people paying is large) also deserves attention
"Large" is not a useful metric. Some statistics on what proportion of domains are rented by individuals might make this point credible. One can argue that ICANN and its bodies formed of individuals ought not to worry about what are probably the better part of a $Billion being yanked out of the pockets of individuals.
The one thing upon which we can apparently agree is that the rent-seeking model of ICANN domains extracts value from the Internet rather than adding value. But the world's answer to that appears to be the abandonment of the use of "memorable" domains in favour of other ways of accessing the Internet. And yet the gTLD space is expanding; more and more domains are being used by fewer and fewer people.
Unlike so many of the other assertions being made in this thread, the trend away from typing domains has some research statistics to back it up. I await any research from the opposite direction. - Evan _______________________________________________ At-Large mailing list -- at-large@icann.org To unsubscribe send an email to at-large-leave@icann.org At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
At-Large mailing list -- at-large@icann.org To unsubscribe send an email to at-large-leave@icann.org
At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
I believe an economist would summarize most of this as a "moral hazard". On June 6, 2026 at 02:43 karl@cavebear.com (Karl Auerbach) wrote:
The Amazon river is a very large stream of water. Did it emerge fully formed? No. It was created one drop of rain and one flake of snow at a time.
There are far more than roughly two hundred million domain names registered.
Many of those are registered to individual or to small businesses (that are essentially the commercial extension of an individual or small group of individuals.)
Perhaps some eyes will say "$25/name/year is negligible." That same person ought to say that those drops of rain and flakes of snow that create the Amazon river are also negligible. However, the sum is immense. And, for those areas in the rain shadow of the mountains, the absence of those raindrops and snowflakes also has enormous consequences. Most of us see that grand river; relatively few of us notice the deserts that would bloom had those raindrops and snowflakes not been taken into the river.
Same with ICANN's policies - we tend to forget that those policies are pulling economic raindrops out many pockets, promoting a kind of economic desertification of the wallets of users of the internet.
I know people in the US who find $25 to be the difference between eating and not eating at the end of the month. How much more significant might that $25 cost be to the 95% of the world's population who do not live in the US?
And to think that business do not pass costs onto consumers - such as individual internet users - would be a flight of fancy.
For companies, whether large or small, the impact of domain name costs may be small, but those costs are there in the financial calculations. And like those drops of rain and flakes of snow they accumulate and eventually business will raise their product prices - raises that will land, often only indirectly, onto individual users of the internet.
Penny by penny, dollar by dollar, Euro by Euro, ICANN's allowance of unaudited and unquestioned registration fees adds up to well beyond a $Billion each year. And much of that comes, directly and indirectly, year after year, from the pockets of individual internet users.
One might say "the only ones affected are those individuals who acquire domain names". Not really. An individual who had to pay $25 for a domain name for which the underlying cost is a few cents is paying at least $24 too much. That user has $24 less disposable income to spend into the economy. Small businesses will add that $25 to their expense ledgers and eventually that will induce, sooner or later, consideration by those businesses whether to raise their product prices.
(By-the-way, the cost I am most concerned about is at the registry layer - registrars tend to have higher, and real, costs for the customer facing systems and other services they provide in order to compete.)
What appear to be small costs on an individual can aggregate into great revenue streams.
Being human, our eyes and attention tend to focus on those great revenue streams.
But the impact at the source end - where the the monetary numbers are small (but the numbers of people paying is large) also deserves attention
One can argue that ICANN and its bodies formed of individuals ought not to worry about what are probably the better part of a $Billion being yanked out of the pockets of individuals. But I am concerned about cumulative impacts and I would, and I do, wonder why such huge sums are being pulled from individuals.
In other words, I am less concerned about the money river that flows, by grace of ICANN policies, into the pockets of registries. And I am more concerned about the desertification of personal, family, and small business economics as their money-droplets are drained away into that river.
How can ICANN remedy this?
Well, one can begin with the policy that was yanked out of thin air with no justification and no explanation when ICANN was formed - which is the policy that domain names be registered in one year increments with a maximum of ten years. (Yes, some registries have loosened this, but the model of yearly rent tends to hold sway.)
(If ICANN were ever to audit the cost of providing name registration servers it is my strong belief that the largest component of the cost will be the machinery to maintain that yearly clock. (It is also a burden to registrants who have to remember to renew, update credit cards in case auto-renew is enabled, etc - those may seem trivial to those who haven't had to run a small business or be the tech person for a church or school, but I can say from my own companies, that because the costs of making mistakes or missing renewal deadlines can be large, these are rather expensive things to monitor.)
Changing this would be hard for ICANN. Moving away from the year-based rental approach be a big, often uncomfortable, mental shift for many ICANN folks, and especially for registry/registrar folks.
But it is most definitely a topic that ought to be front and center for any body within ICANN that purports to represent the voice of individual people.
--karl--
On 6/5/26 7:34 PM, Evan Leibovitch wrote:
On Fri, Jun 5, 2026 at 4:07 PM Karl Auerbach via At-Large < at-large@icann.org> wrote:
The domain name registration system is a money pump that is a pipeline from the pockets of internet users into the bank accounts of domain name registries/registrars and ICANN. A product for which the actual costs are a few cents per year, at most, are costing users on th eorder of 1000x that cost. Overall, ICANN is costing internet users $billions per year.
No.
It is costing registrants whatever per year. As a share of marketing expenses (let alone total expenses) domain rental is miniscule. "Sorry, we had to raise our retail price because the cost of our Internet domain increased," said nobody, ever.
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
Other industries have various circumscriptions in their dealings with customers so as to deter or detect criminality. Ths is particularly true for those involved in abstract products such as banking, finance, and insurance. And also those where one could enable great harm (e.g., gun sales, auto rental.) This doesn't make them a "police force" etc. I'd call domains and other resources ICANN manages (e.g., IP addresses) "abstract products". This generally means information must be gathered about customers ("KYC", Know Your Customer) in a reliable way and certain basic criteria must be met such as refusing service to individuals who have committed certain crimes or abuses in the past. That is not meant to be in any way exhaustive. Selling large blocks of domains, sometimes thousands, at steeply reduced prices leaps to mind, etc. Where ICANN might stand in all this exactly is a big topic but they probably could do a little better than, e.g., roughly 10% or more of domain registrants registering with names like "Donald Duck". I doubt anyone involved in ICANN disputes that but the question is what will they actually do beyond nodding their heads in agreement? Many might dispute concrete requirements as just more expense and marketing friction. Therefore I'll call your glass cutting tool example a straw man. On June 5, 2026 at 13:06 karl@cavebear.com (Karl Auerbach) wrote:
The fear of crime (or of things that are verging on crimes) is real.
But do we want ICANN and DNS registration machinery to be used as a police force - or rather more than a police force with ICANN/registrars/registries acting as police, judge/jury, and executioner?
Or would it not be better to simply have a simple, fast, inexpensive registration system that does just that - registers (and publishes names into name servers - a part that is often overlooked) - and leave law enforcement to other bodies that know how to (and have the investigatory tools and powers), and to courts/judges/juries to decide whether the evidence is credible and sufficient, and officers to carry out such judgements?
In one of my prior posts I mentioned the example of glass cutting tools. These can be used in a burglary to cut through a window. But they are also rather common and have non-criminal uses - I have one in my tool kit that I've used to replace windows on a greenhouse.
Should we burden every hardware store in the world with the costs and expense to investigate whether every purchase of a glass cutting tool is legitimate or should we wait for an actual use in a criminal manner?
The trademark and near-vigilante anti-spam communities want ICANN to presume that each of use is a criminal and that we must prove ourselves worthy of obtaining a domain name.
The domain name registration system is a money pump that is a pipeline from the pockets of internet users into the bank accounts of domain name registries/registrars and ICANN. A product for which the actual costs are a few cents per year, at most, are costing users on th eorder of 1000x that cost. Overall, ICANN is costing internet users $billions per year.
ICANN has never considered, much less ever performed, an actual audit of the costs of providing name registration after filtering out the puffery (such as in one case where a registry created an expensive Fort Knox style physical barrier around a data center - good for keeping guys wearing balaclavas out, but not very good at keeping online penetrations away.)
A $billion/year out of the pockets of Internet users is definitely something about which the ALAC ought to be concerned - because it is those ALAC members whose pockets are being emptied by these vastly inflated yearly registration costs we must pay.
In my .ewe TLD idea, I completely separated the concept of registration from the way a domain name is used. And I changed the cost machinery so that registrants pay fees for services as those services are requested, not as yearly rent.
https://cavebear.com/eweregistry/
--karl--
On 6/4/26 4:15 PM, bzs@theworld.com wrote:
This is related to my comments on registries/registrars lowering their proposed standards for registering in their gTLD. The case study of .LOAN in the report is a good example.
Similar to lowering high-minded standards for registration, typically to service some community or ideal (e.g., security) so as to increase registration income you get the next step down which is criminality; selling large blocks of disposable domains to spammers, for example.
What happens next in that scenario is the money in that criminality grows and what used to be an annoying cat and mouse game trying to block such criminal activity becomes a threat from professional criminals.
For example I've blocked large-scale, persistent spammers here only to be hit shortly thereafter, within an hour, with a DDoS attack. I can't prove it's the spammers but when it happens over and over it's hard to dismiss to coincidence.
I anticipate the next step will be one wakes up to a dead horse's head in one's bed or similar*.
That's the problem, by indulging one's desire to act like the criminality isn't there the criminals become wealthier and better organized and more difficult to extricate.
A lot of this is similar to the money laundering problem and banks which led to KYC rules, FINCEN, etc.
* If it's possible someone doesn't get the reference it's a reference to the film "The Godfather" where a bigshot hollywood film producer refuses an offer from the crime godfather which cannot be refused and wakes up with the bloody head of his prized race horse in his bed.
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
Name collisions remains a horizon too far for the DNS standardisation function. But a perfect opportunity for the arbitration police. Karl Auerbach via At-Large <at-large@icann.org> writes:
I skimmed through those documents.
With my IP lawyer hat on I hear lots of lawyers and trademark owners claim that they are being abused by a malicious domain when, in fact, all that is happening is that someone beat them to the name registration of a name that they feel is standing too close to one of theirs.
I remember one case in which an investment firm - a firm that speculates in things - didn't get a domain name that had the same initials as the investment firm because a college kid had registered a name with his initials. Of course the kid did not have a trademark in his name or initials. There was no malicious purpose nor any abuse, but the investment firm screamed to high heaven that the kid was a criminal and that the domain should be transferred from the kid to the investment firm. i was amused that an investment firm - a firm based on the idea of being quicker than others to the marketplace - forgot that even in the domain name space sometimes the quicker actor legitimately takes the spoils.
From where I sit claims of "malicious" and "abuse" are often mere whining about acts that are neither actually malicious nor actually abusive.
What I am suggesting is that when writing about domain names (or in this case, about the mere registration of a name) as being malicious or abusive that those terms not only ought to be clearly defined, but that those definitions be front and center on any report about such domains.
The Interisle report says this (on page 35):
How does Interisle determine if a domain has been “maliciously registered?”
We consider domains blocklisted within 90 days of registration to be malicious.
I note that Interisle seems to distinguish between malicious *registration* and malicious *use*. There us a vast gap there - the same as the difference between a) buying a glass cutter and b) using that glass cutter in a crime (such as cutting through a window pane in order to commit a burglary.)
In other words in the minds of Interisle, a domain that somebody puts onto some block lists within three months is adjudged, usually without further inquiry, as "malicious".
Or to put it another way around, what is "malicious" depends on the opinions of some unknown block listing agencies.
That is not not a definition. Rather it is an invitation to vigilante and inconsistent behaviour.
A true definition would dig into real actions that have been actually performed through the use of an accused domain name.
Perhaps the Interisle definition could be useful as a sieve to identify registrations that deserve deeper inquiry.
But saying that a domain name is malicious simply on the basis of block list entries is a process based on third party rumor (in law we would call that "hearsay", a thing that is usually excluded by our rules of evidence) rather than on a presentation of relevant, directly obtained, supporting facts.
--karl--
On 6/3/26 9:06 AM, Joly MacFie via At-Large wrote:
I have summarised it here https://isoclive.substack.com/p/interisle-dns-abuse
Out of nearly 85 million new gTLD domains registered in 2025, more than 8.4 million had already been blocklisted by May 2026. The report argues that malicious registrations exceeded overall market growth during several months of 2025. In January 2025, for example, net gTLD growth was about 408,000 domains, while approximately 723,000 domains registered that month were later identified as malicious. Similar patterns occurred in February and May.
-- -------------------------------------- Joly MacFie +12185659365 -------------------------------------- -
_______________________________________________ At-Large mailing list -- at-large@icann.org To unsubscribe send an email to at-large-leave@icann.org
At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
_______________________________________________ At-Large mailing list -- at-large@icann.org To unsubscribe send an email to at-large-leave@icann.org
At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
-- Christian de Larrinaga
On 04/06/2026 02:57, Karl Auerbach via At-Large wrote:
I skimmed through those documents.
It seems quite comprehensive and there are serious issues for the next round of new gTLDs.
From where I sit claims of "malicious" and "abuse" are often mere whining about acts that are neither actually malicious nor actually abusive.
There may be a time between registration and weaponisation for a malicious registration. Blocklists may use reporting rather than detection and by the time a malicious registration is used, it is already too late. The renewals figures were a bit strange as the 2025 set of new registrations will renew over 2026 and early 2027. The various grace periods skew the renewals and what the 2025 renewals mentioned in the Interisle report may actually apply to 2024 registrations because a lot of the 2025 registration have not gone through their first renewal/deletion cycle. (Tracking renewal rates at a domain name level for statistical purposes is possible. I do this kind of work for two monthly spreadsheets.)
The Interisle report says this (on page 35):
/How does Interisle determine if a domain has been “maliciously registered?”/
/We consider domains blocklisted within 90 days of registration to be malicious./
I note that Interisle seems to distinguish between malicious *registration* and malicious *use*. There us a vast gap there - the same as the difference between a) buying a glass cutter and b) using that glass cutter in a crime (such as cutting through a window pane in order to commit a burglary.)
From a very brief read of the report, it seems to mainly rely on blocklists and registration patterns. A reliance on blocklists once their methodologies are clear is fine. Compromised websites are often a major issue especially when there has been a new Wordpress exploit published. Some of those affected domain names might end up on blocklists. Again, it can vary by blocklist type (spam/malware etc). The registration patterns may be a more solid methodology though with the mess that GDRP and WHOIS Privacy made of things, only the registrar data may be reliable. The alternative to lookups of a sample or full dataset is to use ICANN's registry report data and that its typically delayed by three months. It is also volume based. It does provide comprehensive new registration and deletion volume data. (Have rebuilt all the ICANN registrar report data including the flakey PDF versions of Excel spreadsheets into a gTLD/registrar transactions database table going back to July 2001. The 2012 round of new gTLDs were not the first to engage in this boom and bust registration pattern.) It can be very difficult to determine user intent when registering a domain name. With bulk registrations, there might be some legitimate reason. If a registrar offers an API to legitimate and iffy customers, it becomes difficult to determine that intention and registration timelines (bursts of registration activity) might have to be used (correlating known blocklist domain names with specific times). There are some other indications that were not mentioned in the Interisle methodology that could be used as some malicious registrations may have usage patterns beyond registration data. Verifying the nature of the DNS Abuse would require the blocklists to share more data than just domain names. It would also require this data to be investigated. The problem is the operational lifetime of an abusive registration. It may already have been removed from the zone by the registry or the registrar.
A true definition would dig into real actions that have been actually performed through the use of an accused domain name.
That would involve a lot of work on an ongoing basis. Some of the blocklist companies and anti-DNS Abuse companies do this. I don't think that ICANN has the capabilities to do this on an ongoing basis.
Perhaps the Interisle definition could be useful as a sieve to identify registrations that deserve deeper inquiry.
It certainly makes for some terrifying headlines on new registration activity. It also could raise questions about the awareness and complicity of registries and registrars in this activity. There is also an ecnomic issue that I don't think was clearly mentioned in the report. That is the commercial viability of some of these new gTLDs without having discounting. The discounting model reduces the first year registration fee to make a new TLD attractive to registrants. Most of those new registrations will not renew at first renewal. Some will. It varies from gTLD to gTLD and cound be lower than 5% for some gTLDs. The renewal fee is often a multiple of the discounted first year fee and the registry and registrars make their money from this small set of renewals. Rinse and repeat often enough and it builds up a core of domain names that keep renewing. Eventually, it creates two TLDs within that gTLD. The first is the discounted TLD with low renewal rates and the second is composed of domain names that keep renewing. The registry can continue to increase the renewal fee for this second class of domain names safe in the knowledge that most of them are on auto-renew or are brand protection registrations. Without that process, some of these gTLDs might not be commercially viable as many of them discovered when the 2012 round gTLDs launched. It was the Field Of Dreams fallacy (if you build it, they will come) and it has turned some gTLDs into nightmares. Regards...jmcc -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com ********************************************************** -- This email has been checked for viruses by Avast antivirus software. www.avast.com
Hi John: I remain an avid reader of your reports because they offer the lived experience better than most others. Then again, it is always thought-provoking to read the practical advice you give out. Carlton ============================== *Carlton A Samuels* *Mobile: 876-818-1799Strategy, Process, Governance, Assessment & Turnaround* ============================= On Thu, 11 Jun 2026 at 04:46, John McCormac via At-Large <at-large@icann.org> wrote:
On 04/06/2026 02:57, Karl Auerbach via At-Large wrote:
I skimmed through those documents.
It seems quite comprehensive and there are serious issues for the next round of new gTLDs.
From where I sit claims of "malicious" and "abuse" are often mere whining about acts that are neither actually malicious nor actually
abusive.
There may be a time between registration and weaponisation for a malicious registration. Blocklists may use reporting rather than detection and by the time a malicious registration is used, it is already too late.
The renewals figures were a bit strange as the 2025 set of new registrations will renew over 2026 and early 2027. The various grace periods skew the renewals and what the 2025 renewals mentioned in the Interisle report may actually apply to 2024 registrations because a lot of the 2025 registration have not gone through their first renewal/deletion cycle. (Tracking renewal rates at a domain name level for statistical purposes is possible. I do this kind of work for two monthly spreadsheets.)
The Interisle report says this (on page 35):
/How does Interisle determine if a domain has been “maliciously registered?”/
/We consider domains blocklisted within 90 days of registration to be malicious./
I note that Interisle seems to distinguish between malicious *registration* and malicious *use*. There us a vast gap there - the same as the difference between a) buying a glass cutter and b) using that glass cutter in a crime (such as cutting through a window pane in order to commit a burglary.)
From a very brief read of the report, it seems to mainly rely on blocklists and registration patterns. A reliance on blocklists once their methodologies are clear is fine. Compromised websites are often a major issue especially when there has been a new Wordpress exploit published. Some of those affected domain names might end up on blocklists. Again, it can vary by blocklist type (spam/malware etc).
The registration patterns may be a more solid methodology though with the mess that GDRP and WHOIS Privacy made of things, only the registrar data may be reliable.
The alternative to lookups of a sample or full dataset is to use ICANN's registry report data and that its typically delayed by three months. It is also volume based. It does provide comprehensive new registration and deletion volume data. (Have rebuilt all the ICANN registrar report data including the flakey PDF versions of Excel spreadsheets into a gTLD/registrar transactions database table going back to July 2001. The 2012 round of new gTLDs were not the first to engage in this boom and bust registration pattern.)
It can be very difficult to determine user intent when registering a domain name. With bulk registrations, there might be some legitimate reason. If a registrar offers an API to legitimate and iffy customers, it becomes difficult to determine that intention and registration timelines (bursts of registration activity) might have to be used (correlating known blocklist domain names with specific times).
There are some other indications that were not mentioned in the Interisle methodology that could be used as some malicious registrations may have usage patterns beyond registration data.
Verifying the nature of the DNS Abuse would require the blocklists to share more data than just domain names. It would also require this data to be investigated. The problem is the operational lifetime of an abusive registration. It may already have been removed from the zone by the registry or the registrar.
A true definition would dig into real actions that have been actually performed through the use of an accused domain name.
That would involve a lot of work on an ongoing basis. Some of the blocklist companies and anti-DNS Abuse companies do this. I don't think that ICANN has the capabilities to do this on an ongoing basis.
Perhaps the Interisle definition could be useful as a sieve to identify registrations that deserve deeper inquiry.
It certainly makes for some terrifying headlines on new registration activity. It also could raise questions about the awareness and complicity of registries and registrars in this activity. There is also an ecnomic issue that I don't think was clearly mentioned in the report. That is the commercial viability of some of these new gTLDs without having discounting.
The discounting model reduces the first year registration fee to make a new TLD attractive to registrants. Most of those new registrations will not renew at first renewal. Some will. It varies from gTLD to gTLD and cound be lower than 5% for some gTLDs. The renewal fee is often a multiple of the discounted first year fee and the registry and registrars make their money from this small set of renewals. Rinse and repeat often enough and it builds up a core of domain names that keep renewing. Eventually, it creates two TLDs within that gTLD. The first is the discounted TLD with low renewal rates and the second is composed of domain names that keep renewing. The registry can continue to increase the renewal fee for this second class of domain names safe in the knowledge that most of them are on auto-renew or are brand protection registrations.
Without that process, some of these gTLDs might not be commercially viable as many of them discovered when the 2012 round gTLDs launched. It was the Field Of Dreams fallacy (if you build it, they will come) and it has turned some gTLDs into nightmares.
Regards...jmcc -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com **********************************************************
-- This email has been checked for viruses by Avast antivirus software. www.avast.com _______________________________________________ At-Large mailing list -- at-large@icann.org To unsubscribe send an email to at-large-leave@icann.org
At-Large Official Site: http://atlarge.icann.org _______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
participants (11)
-
bzs@theworld.com -
Carlton Samuels -
Christian de Larrinaga -
Evan Leibovitch -
John McCormac -
Joly MacFie -
Karl Auerbach -
mail@christopherwilkinson.eu -
Porteneuve, Elisabeth (labo) -
Roberto Gaetano -
Wolfgang Kleinwächter