On 29/03/2022 05:14, Alan Greenberg via CPWG wrote:

The draft response can be found at https://docs.google.com/document/d/1z8JPTXIQHDBGveCIsw_gxQQG_4ZwC5KnLStNBSj6... <https://docs.google.com/document/d/1z8JPTXIQHDBGveCIsw_gxQQG_4ZwC5KnLStNBSj6...> . I am also attaching a PDF version for those who cannot readily access the Google Doc. Also attached for your convenience is the full GNSO letter. I also note that similar letters went to the GAC, SSAC and the DNS Abuse Institute.

On Section 1 of the reponse: Bulk Registration is part of the business model of some gTLDs. From the registry side, it is a kind of speculative registration system where a large number of domain names are registered with most being deleted without being renewed and a small percentage (often below 5%) being renewed at full renewal fee. These are, in reality, heavily discounted registrations. As part of a business model, this use of discounting has a long history. The problem is that in addition to speculative/brand protection registrations that may never be developed into working websites or used, these discounted registrations attract bad actors who will register large numbers of domain names for spam and abuse purposes. This is the activity that needs to be identified. Some gTLDs may not be financially viable without discounting as they cannot compete with either .COM or local ccTLDs. The economics of the markets that they are targeting may also require a registration fee below that of .COM but the discounting means that the gTLD will be affected by DA activity as DA is mobile and often follows the discounting offers. The suggestion of ICANN developing and deploying predictive algorithms is worrying in that there is a fundamental difference between ccTLDs (typically geographically and linguistically concentrated) and gTLDs (often global and containing a large set of languages). Such tools also have to be continually maintained and updated as the threat model of DA changes. On the background/sources section: Interisle's study from 2019 is far superior to the EC report in terms of expertise, understanding, analysis and examples of DA. The problem with the EC report is that it has a very poor and extremely inaccurate definition of DA and is not reliable especially in terms of methodology. It misses one of the most common abuses of compromised websites and treats the problem of compromised sites as a simple binary one between the distribution of malware or phishing. The reality is more complex. https://interisle.net/sub/CriminalDomainAbuse.pdf It might be fair to mention the EC report in passing but it should not be relied upon for anything substantial. The timeframe used in the report is too narrow. The Interisle report is far more substantial and is accurate. The people who did it know and understand the problems of Domain Abuse. The EC report has been criticised on CircleID for its methodology and findings so relying upon it would cause problems. https://circleid.com/posts/20220305-the-ever-evolving-problem-of-dns-abuse The ICANN 4 Year retrospective review of DNS Abuse trends is also a good reference. The correlation between spam/abuse trends and the spikes in bulk registrations may be worth following up. It is also worth including it as a reference document in the letter. https://www.icann.org/en/blogs/details/icann-publishes-dns-abuse-trends-22-0... https://www.icann.org/en/system/files/files/last-four-years-retrospect-brief... Domain Abuse is a continually evolving problem and the span of the ICANN/DAAR data (4 years) is quite useful. It might be a good thing to compares the ICANN graphs with the historical gTLD registration numbers to see if the bulk discounting offers coincide. It may be possible to use ICANN's registry reports to do this. Regards...jmcc

We will be reviewing the document at the CPWG meeting on Wednesday.

This is just a draft, but hopefully covers the main points. For those who have a strong knowledge of the subject, we need specific references to prior research and reports on the subject.

Comments. Please make suggestions via comments and not changes to the text. This will allow others to easily see the original text and your suggestions. I will try to update the document to incorporate feedback prior to the meeting.

*ALAC Members: Note that this is the last CPWG meeting prior to the submission deadline and we will be asking for a approval to proceed during the CPWG meeting.

**Alan

*

<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_camp...> Virus-free. www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_camp...>

<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>

_______________________________________________ CPWG mailing list CPWG@icann.org https://mm.icann.org/mailman/listinfo/cpwg

_______________________________________________ By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.

-- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com ********************************************************** -- This email has been checked for viruses by AVG. https://www.avg.com