Greetings from Macau, 

Simon.

PS, DOMAINfest is going great. Day-2 just closed out; 1 more to go.

On Sat, Sep 5, 2015 at 9:04 AM, Mark Svancarek <marksv@microsoft.com> wrote:

Excellent, thanks!

 

From: Kurt Pritz [mailto:kpritz@thedna.org]
Sent: Friday, September 4, 2015 4:30 PM
To: Mark Svancarek <marksv@microsoft.com>
Cc: ua-comms@icann.org
Subject: Re: [UA-comms] Alarming article on computing.co.uk

 

I wrote to the publisher of the original article (The Hill), the author (Katie Bo Williams), and to Blue Coat. I heard back from the author. 

 

The three letters were similar in content; here is one of them:

 

Dear Ian Swanson and Dustin Weaver:

 

My name is Kurt Pritz, Executive Director of the Domain Name Association - a not-for-profit that represents the interests of domain name registries and registrars. 

 

We disagree strongly with the conclusions drawn by the article The Hill recently published, "New Web addresses a cybercrime playground" (http://thehill.com/policy/cybersecurity/252397-new-web-addresses-a-cybercrime-playground) and were surprised that The Hill decided to publish it. I will go more into that later. 

 

The reason I am writing though, is to establish a dialogue and a resource for The Hill so that when you consider pieces for publication having to do with the Domain Name Industry and the economics, business or policy regarding the use of domain names, you can get an accurate and reasoned analysis of claims made by the authors. I can provide input myself or provide access to large and small registry operators and registrars doing business around the world. Our members include Google, Amazon, Donuts, Rightside, GoDaddy, InternetX and many other large and small players.

 

We think the article should not have seen the light of day because it is replete with inconsistencies and a lack of analysis that puts the lie to the conclusions the article attempts to draw.

 

For example, Blue Coat has ranked .zip as “100% shady,” meaning that every single .zip domain its customers have visited is either spam, malware, a scam, a botnet, suspicious, phishing or potentially unwanted software. The problem with this claim is that the entire .zip zone file currently consists of precisely one (1) domain., nic.zip, and it belongs to Google Registry.
 
Does Blue Coat imply the Google operated Registry is complicit in or lax toward distributing malware, spam, phishing, etc? Based on the one domain they recommended network administrators should “consider blocking traffic” to .zip and other “shady” TLDs. This is an absurd conclusion to be drawn.
 
The report lacks substance and data. For example, the report is clearly wrong where it alleges that 45,000+ of .review domains are 100% shady. How do they arrive at a figure of 100% of 45,000+ domains? The report does not provide data, calculations or the sampling plan that backs up that assertion. How can the report be respected when some claims are apparently false on their face?
 
The report cites “lax Policies” in new domain names extensions and that they should all “exercise the same level of caution in who they allow to purchase domains.” The fact is that all new domain name registries have protections above and beyond those required of the registries that were already in existence. They are required to implement trademark and abuse protections that were introduced as a part of this program.

 

When claims about the Domain Name Industry appear and those claims are not backed by analysis, we can help you find facts that support or belie the claims. I'd be happy to provide an article describing the utility of domain names and especially innovative and safe uses of the new domain name extensions. For some examples, you can visit www.inthewild.domains. I also hope you follow the lead of many major news organizations and claim your own .news domains: www.thehill,news and other brands that you own.

 

Thanks very much for taking the time to read and consider this. I hope I can be helpful in some way.

 

Regards,

 

Kurt

 

 

The article's author wrote back:

 

Kurt—

 

Thanks for reaching out. I'm working on a follow-up that addresses the fact that there is only one .zip domain. 

 

I would like to use some of your response in this follow up. May I attribute your criticism of the study's methodology to the DNA? 

 

Thanks! 

 

Cheers, 

Katie Bo

 

 

For those that haven't seen them, you can read other criticisms of this article: 

 

http://domainnamewire.com/2015/09/04/domain-dunce-award-blue-coat/  

 

http://domainincite.com/19241-blue-coat-explains-zip-screw-up#comments and

 

http://domainincite.com/19211-laughable-security-report-labels-google-registry-shady

 

 

 

 

 

On Sep 4, 2015, at 3:15 PM, Mark Svancarek <marksv@microsoft.com> wrote:

 

I don’t have any confidence in this methodology, and Blue Coat’s conclusion is outrageous.

 

“To reduce the risks, organisations ought to simply block entire TLDs, advises Blue Coat, although even the supposedly safest TLDs on the web still host tens of thousands of nefarious web sites.”

 

http://www.computing.co.uk/ctg/news/2424630/explosion-of-top-level-domains-opens-up-new-security-risks-for-web-users