Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance
Folks, BlueCoat <https://www.bluecoat.com/company-overview>, a security vendor used by most of the Fortune 500, released a report on the Web’s shadiest TLDs <https://www.bluecoat.com/company/press-releases/blue-coat-reveals-webs-shadi...> on Sep 1, 2015. They recommend to their 15,000+ customers to block all listed TLDs (report attached). Most of these are new gTLDs. There are implications for universal acceptance. This will result in some discussion at the upcoming UA Coordination Summit in Horsham tomorrow and Friday. The summit will have a conference bridge for anyone interesting in participating. Don Hollander will provide details. -Ram Chair, UASG o: +1.215.706.5700 x103; m: +1.215.431.0958; f: +1.215.706.5701 Skype: gliderpilot30 ----------------------------------------------------------------------------------------------- *The Web’s Top 10 "TLDs with Shady Sites*"* *Rank * *Top-Level Domain Name * *Percentage of Shady Sites* *#1 .zip 100.00%* *#2 .review 100.00% * *#3 .country 99.97%* *#4 .kim 99.74% * *#5 .cricket 99.57% * *#6 .science 99.35% * *#7 .work 98.20%* *#8 .party 98.07% * *#9 .gq (Equatorial Guinea) 97.68%* *#10 .link 96.98%*
Ram and UA Members, Have we requested or received any of the underlying data that supports the stats outlined in the BlueCoat report? I wonder why the .zip extension was referenced as a ‘shady’ considering it hasn’t launched yet. Thanks, Jennifer Jennifer Gore Standiford Policy Director Web.com 12808 Gran Bay Parkway, West | Jacksonville, FL 32258 Office: 904. 680-6919| Cell: 904. 401-4347 [cid:image003.png@01CFD6B5.902BADC0] From: ua-discuss-bounces@icann.org [mailto:ua-discuss-bounces@icann.org] On Behalf Of Ram Mohan Sent: Wednesday, September 16, 2015 1:43 PM To: UA-discuss@icann.org Subject: [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance Folks, BlueCoat<https://www.bluecoat.com/company-overview>, a security vendor used by most of the Fortune 500, released a report on the Web’s shadiest TLDs<https://www.bluecoat.com/company/press-releases/blue-coat-reveals-webs-shadi...> on Sep 1, 2015. They recommend to their 15,000+ customers to block all listed TLDs (report attached). Most of these are new gTLDs. There are implications for universal acceptance. This will result in some discussion at the upcoming UA Coordination Summit in Horsham tomorrow and Friday. The summit will have a conference bridge for anyone interesting in participating. Don Hollander will provide details. -Ram Chair, UASG o: +1.215.706.5700 x103; m: +1.215.431.0958; f: +1.215.706.5701 Skype: gliderpilot30 ----------------------------------------------------------------------------------------------- The Web’s Top 10 "TLDs with Shady Sites*" Rank Top-Level Domain Name Percentage of Shady Sites #1 .zip 100.00% #2 .review 100.00% #3 .country 99.97% #4 .kim 99.74% #5 .cricket 99.57% #6 .science 99.35% #7 .work 98.20% #8 .party 98.07% #9 .gq (Equatorial Guinea) 97.68% #10 .link 96.98%
BlueCoat’s methodology is discussed in some security group mailing lists. My understanding is that in the case of .zip, there were instances of <file>.pdf.zip which allowed for drive-bys, malware etc. regardless of the state of name registration. -ram *From:* Jennifer Gore Standiford [mailto:JStandiford@web.com] *Sent:* Wednesday, September 16, 2015 4:32 PM *To:* Ram Mohan <rmohan@afilias.info> *Cc:* UA-discuss@icann.org *Subject:* RE: [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance Ram and UA Members, Have we requested or received any of the underlying data that supports the stats outlined in the BlueCoat report? I wonder why the .zip extension was referenced as a ‘shady’ considering it hasn’t launched yet. Thanks, Jennifer *Jennifer Gore Standiford* Policy Director Web.com 12808 Gran Bay Parkway, West | Jacksonville, FL 32258 Office: 904. 680-6919| Cell: 904. 401-4347 [image: cid:image003.png@01CFD6B5.902BADC0] *From:* ua-discuss-bounces@icann.org [mailto:ua-discuss-bounces@icann.org <ua-discuss-bounces@icann.org>] *On Behalf Of *Ram Mohan *Sent:* Wednesday, September 16, 2015 1:43 PM *To:* UA-discuss@icann.org *Subject:* [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance Folks, BlueCoat <https://www.bluecoat.com/company-overview>, a security vendor used by most of the Fortune 500, released a report on the Web’s shadiest TLDs <https://www.bluecoat.com/company/press-releases/blue-coat-reveals-webs-shadi...> on Sep 1, 2015. They recommend to their 15,000+ customers to block all listed TLDs (report attached). Most of these are new gTLDs. There are implications for universal acceptance. This will result in some discussion at the upcoming UA Coordination Summit in Horsham tomorrow and Friday. The summit will have a conference bridge for anyone interesting in participating. Don Hollander will provide details. -Ram Chair, UASG o: +1.215.706.5700 x103; m: +1.215.431.0958; f: +1.215.706.5701 Skype: gliderpilot30 ----------------------------------------------------------------------------------------------- *The Web’s Top 10 "TLDs with Shady Sites*"* *Rank * *Top-Level Domain Name * *Percentage of Shady Sites* *#1 .zip 100.00%* *#2 .review 100.00% * *#3 .country 99.97%* *#4 .kim 99.74% * *#5 .cricket 99.57% * *#6 .science 99.35% * *#7 .work 98.20%* *#8 .party 98.07% * *#9 .gq (Equatorial Guinea) 97.68%* *#10 .link 96.98%*
Relevant follow-up coverage (which doesn't exactly make sense): http://www.reuters.com/article/2015/09/04/us-internet-security-domains-idUSK... Jordyn On Wed, Sep 16, 2015 at 1:37 PM, Ram Mohan <rmohan@afilias.info> wrote:
BlueCoat’s methodology is discussed in some security group mailing lists.
My understanding is that in the case of .zip, there were instances of <file>.pdf.zip which allowed for drive-bys, malware etc. regardless of the state of name registration.
-ram
*From:* Jennifer Gore Standiford [mailto:JStandiford@web.com] *Sent:* Wednesday, September 16, 2015 4:32 PM *To:* Ram Mohan <rmohan@afilias.info> *Cc:* UA-discuss@icann.org *Subject:* RE: [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance
Ram and UA Members,
Have we requested or received any of the underlying data that supports the stats outlined in the BlueCoat report? I wonder why the .zip extension was referenced as a ‘shady’ considering it hasn’t launched yet.
Thanks, Jennifer
*Jennifer Gore Standiford*
Policy Director
Web.com
12808 Gran Bay Parkway, West | Jacksonville, FL 32258
Office: 904. 680-6919| Cell: 904. 401-4347
[image: cid:image003.png@01CFD6B5.902BADC0]
*From:* ua-discuss-bounces@icann.org [mailto:ua-discuss-bounces@icann.org <ua-discuss-bounces@icann.org>] *On Behalf Of *Ram Mohan *Sent:* Wednesday, September 16, 2015 1:43 PM *To:* UA-discuss@icann.org *Subject:* [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance
Folks,
BlueCoat <https://www.bluecoat.com/company-overview>, a security vendor used by most of the Fortune 500, released a report on the Web’s shadiest TLDs <https://www.bluecoat.com/company/press-releases/blue-coat-reveals-webs-shadi...> on Sep 1, 2015. They recommend to their 15,000+ customers to block all listed TLDs (report attached). Most of these are new gTLDs.
There are implications for universal acceptance. This will result in some discussion at the upcoming UA Coordination Summit in Horsham tomorrow and Friday. The summit will have a conference bridge for anyone interesting in participating. Don Hollander will provide details.
-Ram
Chair, UASG
o: +1.215.706.5700 x103; m: +1.215.431.0958; f: +1.215.706.5701
Skype: gliderpilot30
-----------------------------------------------------------------------------------------------
*The Web’s Top 10 "TLDs with Shady Sites*"*
*Rank * *Top-Level Domain Name * *Percentage of Shady Sites*
*#1 .zip 100.00%*
*#2 .review 100.00% *
*#3 .country 99.97%*
*#4 .kim 99.74% *
*#5 .cricket 99.57% *
*#6 .science 99.35% *
*#7 .work 98.20%*
*#8 .party 98.07% *
*#9 .gq (Equatorial Guinea) 97.68%*
*#10 .link 96.98%*
Hello Ram, That is true, BlueCoat treats file extensions as domain extensions. DomainIncite has posted some explanation from them on http://domainincite.com/19241-blue-coat-explains-zip-screw-up, including the doesn't-make-any-sense statement "In conclusion, none of the .zip “domains” we see in our traffic logs are requests to registered sites. Nevertheless, we recommend that people block these requests, until valid .zip domains start showing up." Kind regards, Siemen Roorda Openprovider On 16/09/15 22:37, Ram Mohan wrote:
BlueCoat’s methodology is discussed in some security group mailing lists.
My understanding is that in the case of .zip, there were instances of <file>.pdf.zip which allowed for drive-bys, malware etc. regardless of the state of name registration.
-ram
*From:* Jennifer Gore Standiford [mailto:JStandiford@web.com <mailto:JStandiford@web.com>] *Sent:* Wednesday, September 16, 2015 4:32 PM *To:* Ram Mohan <rmohan@afilias.info <mailto:rmohan@afilias.info>> *Cc:* UA-discuss@icann.org <mailto:UA-discuss@icann.org> *Subject:* RE: [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance
Ram and UA Members,
Have we requested or received any of the underlying data that supports the stats outlined in the BlueCoat report? I wonder why the .zip extension was referenced as a ‘shady’ considering it hasn’t launched yet.
Thanks, Jennifer
*Jennifer Gore Standiford*
Policy Director
Web.com
12808 Gran Bay Parkway, West | Jacksonville, FL 32258
Office: 904. 680-6919| Cell: 904. 401-4347
cid:image003.png@01CFD6B5.902BADC0
*From:*ua-discuss-bounces@icann.org <mailto:ua-discuss-bounces@icann.org> [mailto:ua-discuss-bounces@icann.org] *On Behalf Of *Ram Mohan *Sent:* Wednesday, September 16, 2015 1:43 PM *To:* UA-discuss@icann.org <mailto:UA-discuss@icann.org> *Subject:* [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance
Folks,
BlueCoat <https://www.bluecoat.com/company-overview>, a security vendor used by most of the Fortune 500, released a report on the Web’s shadiest TLDs <https://www.bluecoat.com/company/press-releases/blue-coat-reveals-webs-shadi...> on Sep 1, 2015. They recommend to their 15,000+ customers to block all listed TLDs (report attached). Most of these are new gTLDs.
There are implications for universal acceptance. This will result in some discussion at the upcoming UA Coordination Summit in Horsham tomorrow and Friday. The summit will have a conference bridge for anyone interesting in participating. Don Hollander will provide details.
-Ram
Chair, UASG
o: +1.215.706.5700 x103; m: +1.215.431.0958; f: +1.215.706.5701
Skype: gliderpilot30
-----------------------------------------------------------------------------------------------
*The Web’s Top 10 "TLDs with Shady Sites*"*
*Rank * *Top-Level Domain Name * *Percentage of Shady Sites*
*#1 .zip 100.00%*
*#2 .review 100.00% *
*#3 .country 99.97%*
*#4 .kim 99.74% *
*#5 .cricket 99.57% *
*#6 .science 99.35% *
*#7 .work 98.20%*
*#8 .party 98.07% *
*#9 .gq (Equatorial Guinea) 97.68%*
*#10 .link 96.98%*
-- Met vriendelijke groet, Siemen Roorda Product developer Openprovider Hosting Concepts B.V. Willem Buytewechstraat 40 3024 BN Rotterdam The Netherlands Tel +31 (0)10 448 22 96 Fax +31 (0)10 244 02 50 www.openprovider.nl www.twitter.com/openprovider www.openprovider.co.uk www.twitter.com/openprovider_en www.openprovider.es www.twitter.com/openprovider_es The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby (a): notified that any disclosure, copying, distribution or taking any action with respect to the content of this information is strictly prohibited and may be unlawful, and (b): kindly requested to inform the sender immediately and destroy any copies.
So we all know that the information on .zip is a little sketchy, but what information do we have on the other extensions cited in the report like .review, .kim, etc. are the results for those accurate and should we be concerned? Jeff Neuman
On Sep 16, 2015, at 7:51 PM, Siemen Roorda <siemen@openprovider.nl> wrote:
Hello Ram,
That is true, BlueCoat treats file extensions as domain extensions. DomainIncite has posted some explanation from them on http://domainincite.com/19241-blue-coat-explains-zip-screw-up, including the doesn't-make-any-sense statement "In conclusion, none of the .zip “domains” we see in our traffic logs are requests to registered sites. Nevertheless, we recommend that people block these requests, until valid .zip domains start showing up."
Kind regards,
Siemen Roorda Openprovider
On 16/09/15 22:37, Ram Mohan wrote: BlueCoat’s methodology is discussed in some security group mailing lists.
My understanding is that in the case of .zip, there were instances of <file>.pdf.zip which allowed for drive-bys, malware etc. regardless of the state of name registration.
-ram
*From:* Jennifer Gore Standiford [mailto:JStandiford@web.com <mailto:JStandiford@web.com>] *Sent:* Wednesday, September 16, 2015 4:32 PM *To:* Ram Mohan <rmohan@afilias.info <mailto:rmohan@afilias.info>> *Cc:* UA-discuss@icann.org <mailto:UA-discuss@icann.org> *Subject:* RE: [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance
Ram and UA Members,
Have we requested or received any of the underlying data that supports the stats outlined in the BlueCoat report? I wonder why the .zip extension was referenced as a ‘shady’ considering it hasn’t launched yet.
Thanks, Jennifer
*Jennifer Gore Standiford*
Policy Director
Web.com
12808 Gran Bay Parkway, West | Jacksonville, FL 32258
Office: 904. 680-6919| Cell: 904. 401-4347
cid:image003.png@01CFD6B5.902BADC0
*From:*ua-discuss-bounces@icann.org <mailto:ua-discuss-bounces@icann.org> [mailto:ua-discuss-bounces@icann.org] *On Behalf Of *Ram Mohan *Sent:* Wednesday, September 16, 2015 1:43 PM *To:* UA-discuss@icann.org <mailto:UA-discuss@icann.org> *Subject:* [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance
Folks,
BlueCoat <https://www.bluecoat.com/company-overview>, a security vendor used by most of the Fortune 500, released a report on the Web’s shadiest TLDs <https://www.bluecoat.com/company/press-releases/blue-coat-reveals-webs-shadi...> on Sep 1, 2015. They recommend to their 15,000+ customers to block all listed TLDs (report attached). Most of these are new gTLDs.
There are implications for universal acceptance. This will result in some discussion at the upcoming UA Coordination Summit in Horsham tomorrow and Friday. The summit will have a conference bridge for anyone interesting in participating. Don Hollander will provide details.
-Ram
Chair, UASG
o: +1.215.706.5700 x103; m: +1.215.431.0958; f: +1.215.706.5701
Skype: gliderpilot30
-----------------------------------------------------------------------------------------------
*The Web’s Top 10 "TLDs with Shady Sites*"*
*Rank * *Top-Level Domain Name * *Percentage of Shady Sites*
*#1 .zip 100.00%*
*#2 .review 100.00% *
*#3 .country 99.97%*
*#4 .kim 99.74% *
*#5 .cricket 99.57% *
*#6 .science 99.35% *
*#7 .work 98.20%*
*#8 .party 98.07% *
*#9 .gq (Equatorial Guinea) 97.68%*
*#10 .link 96.98%*
-- Met vriendelijke groet,
Siemen Roorda Product developer Openprovider
Hosting Concepts B.V. Willem Buytewechstraat 40 3024 BN Rotterdam The Netherlands Tel +31 (0)10 448 22 96 Fax +31 (0)10 244 02 50
www.openprovider.nl www.twitter.com/openprovider www.openprovider.co.uk www.twitter.com/openprovider_en www.openprovider.es www.twitter.com/openprovider_es
The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby (a): notified that any disclosure, copying, distribution or taking any action with respect to the content of this information is strictly prohibited and may be unlawful, and (b): kindly requested to inform the sender immediately and destroy any copies.
Jeff, In a separate post, DomainIncite quoted Architelos numbers that are more inline with what I'd expect (see http://domainincite.com/19269-architelos-shadiest-new-gtld-is-only-10-shady), however in this context I am not sure the exact percentages matter. Unfortunately, I believe there is a perception outside the ICANN community and particularly in the security and network operational communities, that many of the new gTLDs are, to paraphrase Obi Wan Kenobi, wretched hives of scum and villainy. And folks are quite emotional about it. There are numerous security/operational folks out there who suggest like Bluecoat that new TLDs should be blocked at network borders until it can be demonstrated that they aren't "shady". A quick perusal of the comments from one of the "regurgitation of a press release as reporting" references to the Bluecoat report include: "Can confirm this. We blocked a lot of new TLDs from e-mailing us because 100% of incoming mail was, well not even spam, but fake spam (what a world we live in, eh?) pushing malware or attempting to game search engines with fake referrals." "My spam filters are regularly catching spam with URLs in TLD's like .faith, .win, .review, .space, .date, etc. I'm pretty close to treating 100% of all these new gTLD's as spam identifiers at this point." "Our domain has sen such an increase in the new TLD - and try as you might, so much of this "crap" (technical term for SPAM) is still getting through. Too Many TLD's means so much more work for the e-mail admin!" "Personally I do not trust anything hosted on the new top-level domains." "I blocked all of them in our email servers. Reason? 100% spam. Not a single valid email coming from the new domains so far. Not one." Etc. My group (Office of the CTO) is looking to collect data on the level of blockage as well as the situation with regards to domain name abuse in order to address reports like Bluecoat with facts, but as I suspect everyone is aware, it can be challenging to combat perception with facts when emotion is involved. While this may be a bit outside of "universal acceptance", it could suggest new gTLD registries may want to take a more aggressive approach in relation to mitigating "domain name abuse" within their namespaces if they do not want _all_ new gTLDs to be blocked at network borders. Regards, -drc (ICANN CTO, but speaking only for myself)
On Sep 16, 2015, at 9:07 PM, Jeff Neuman <jeff.neuman@comlaude.com> wrote:
So we all know that the information on .zip is a little sketchy, but what information do we have on the other extensions cited in the report like .review, .kim, etc. are the results for those accurate and should we be concerned?
Jeff Neuman
On Sep 16, 2015, at 7:51 PM, Siemen Roorda <siemen@openprovider.nl> wrote:
Hello Ram,
That is true, BlueCoat treats file extensions as domain extensions. DomainIncite has posted some explanation from them on http://domainincite.com/19241-blue-coat-explains-zip-screw-up, including the doesn't-make-any-sense statement "In conclusion, none of the .zip “domains” we see in our traffic logs are requests to registered sites. Nevertheless, we recommend that people block these requests, until valid .zip domains start showing up."
Kind regards,
Siemen Roorda Openprovider
On 16/09/15 22:37, Ram Mohan wrote: BlueCoat’s methodology is discussed in some security group mailing lists.
My understanding is that in the case of .zip, there were instances of <file>.pdf.zip which allowed for drive-bys, malware etc. regardless of the state of name registration.
-ram
*From:* Jennifer Gore Standiford [mailto:JStandiford@web.com <mailto:JStandiford@web.com>] *Sent:* Wednesday, September 16, 2015 4:32 PM *To:* Ram Mohan <rmohan@afilias.info <mailto:rmohan@afilias.info>> *Cc:* UA-discuss@icann.org <mailto:UA-discuss@icann.org> *Subject:* RE: [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance
Ram and UA Members,
Have we requested or received any of the underlying data that supports the stats outlined in the BlueCoat report? I wonder why the .zip extension was referenced as a ‘shady’ considering it hasn’t launched yet.
Thanks, Jennifer
*Jennifer Gore Standiford*
Policy Director
Web.com
12808 Gran Bay Parkway, West | Jacksonville, FL 32258
Office: 904. 680-6919| Cell: 904. 401-4347
cid:image003.png@01CFD6B5.902BADC0
*From:*ua-discuss-bounces@icann.org <mailto:ua-discuss-bounces@icann.org> [mailto:ua-discuss-bounces@icann.org] *On Behalf Of *Ram Mohan *Sent:* Wednesday, September 16, 2015 1:43 PM *To:* UA-discuss@icann.org <mailto:UA-discuss@icann.org> *Subject:* [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance
Folks,
BlueCoat <https://www.bluecoat.com/company-overview>, a security vendor used by most of the Fortune 500, released a report on the Web’s shadiest TLDs <https://www.bluecoat.com/company/press-releases/blue-coat-reveals-webs-shadi...> on Sep 1, 2015. They recommend to their 15,000+ customers to block all listed TLDs (report attached). Most of these are new gTLDs.
There are implications for universal acceptance. This will result in some discussion at the upcoming UA Coordination Summit in Horsham tomorrow and Friday. The summit will have a conference bridge for anyone interesting in participating. Don Hollander will provide details.
-Ram
Chair, UASG
o: +1.215.706.5700 x103; m: +1.215.431.0958; f: +1.215.706.5701
Skype: gliderpilot30
-----------------------------------------------------------------------------------------------
*The Web’s Top 10 "TLDs with Shady Sites*"*
*Rank * *Top-Level Domain Name * *Percentage of Shady Sites*
*#1 .zip 100.00%*
*#2 .review 100.00% *
*#3 .country 99.97%*
*#4 .kim 99.74% *
*#5 .cricket 99.57% *
*#6 .science 99.35% *
*#7 .work 98.20%*
*#8 .party 98.07% *
*#9 .gq (Equatorial Guinea) 97.68%*
*#10 .link 96.98%*
-- Met vriendelijke groet,
Siemen Roorda Product developer Openprovider
Hosting Concepts B.V. Willem Buytewechstraat 40 3024 BN Rotterdam The Netherlands Tel +31 (0)10 448 22 96 Fax +31 (0)10 244 02 50
www.openprovider.nl www.twitter.com/openprovider www.openprovider.co.uk www.twitter.com/openprovider_en www.openprovider.es www.twitter.com/openprovider_es
The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. If you are not the intended recipient you are hereby (a): notified that any disclosure, copying, distribution or taking any action with respect to the content of this information is strictly prohibited and may be unlawful, and (b): kindly requested to inform the sender immediately and destroy any copies.
David, I am really glad you are CTO, as I appreciate you weighing in on this (and I am a sucker for a Star Wars reference). Clearly, SPAM ("Sith Penetrate All Media" ;) ) is patient zero of UA disruption. Second only to evolutionary resistance, followed by snap judgment, I share a similar experience with router-lords within NANOG meetings from lunch discussions with people who are responsible for massive systems and networks. Anecdotally speaking, the abstract/overall sentiment on New TLDs that I heard in the informal and more authentic settings (lunches, hallway banter, etc.) was unfavorable. Even from people whose employer were applicants. Somehow, there is a belief that TLD makes for correlation with SPAM. Actually it is more often TLD pricing, but researching prices of domains is more cumbersome than the "kill everyone and let god sort them out" approach. Essentially, New TLDs are viewed as being a complexity introduced to their jobs that exists only for marketing purposes, and it represents change that increases their workload like any change in technology. But in this case there is also the "we are once again pushing brooms as cleanup behind the parade marketing threw" angle as well. I have heard similar annoyance expressed at various points over the past few decades over the router-lords having to react to the increasing bandwidth needs when WWW and then VOIP and Video became more and more popular. I am not comparing WWW invention to New TLDs, just making the point on evolutionary resistance. I respect the expressions of frustration from router-lords over the challenges that are introduced, as well as the way it triggers the battle for budget or reactive scenarios that plague day to day operations. I myself have lived it. The anecdotal stories about evolutionary resistance and response scenarios typically carry an intensity, derived from tactical events that create a fire to put out at unforeseen times. If you take a long view, rolling the calendar forward a few years to where the changes are more mainstream though, the benefits of the changes start to manifest themselves, and the sentiment changes. When faced with a reactive event, the solution is often less elegant or well thought out for their long term impact, but I respect how folks need to get on with their day job and normal responsibilities (or get back to sleep if paged in the middle of the night). And whatever band-aid gets put in place at the point of reaction can have lasting consequences. I recall a time (1991) when a 64k ISDN was adequate internet connection for a company of 400 to use for their corporate WAN gateway, when it was primarily used for email. But SPAM was ever increasing, and consistently choking the connection, and monitoring was paging the on call sysadmins at all hours to remedy things. The IT department budget for capacity and equipment solutions that would have aided in mitigating the issue were constantly denied, so the admin and I wrote a shell script that executed on the system our SMTP gateway attached to, which would sweep through the sendmail queue directories and purge out emails from any addresses that did not have com, net, or org at the end of the FROM address. Tick the box next to "solved" for IT, or so they thought until the CEO could not receive email from a .EDU and complained, then the sysadmin sighed and begrudgingly added it to the whitelist, and later a .co.uk (and thus began the whack-a-mole static list), each time having to make these annoying changes they would not have needed to make. We ultimately got the budget and stopped the script from running. It had been particularly effective, but completely inelegant. And yet necessary. I reckon there are quite a lot of solutions like this still running on systems throughout the Internet due to how effective they are. I will say it again, clearly SPAM combat is patient zero of UA disruption. Followed by evolutionary resistance and snap judgment. -Jothan
-- Jothan Frakes +1.206-355-0230 tel +1.206-201-6881 fax
On 9/18/15, 5:16, "ua-discuss-bounces@icann.org on behalf of Jothan Frakes" <ua-discuss-bounces@icann.org on behalf of jothan@gmail.com> wrote:
The anecdotal stories about evolutionary resistance and response scenarios typically carry an intensity, derived from tactical events that create a fire to put out at unforeseen times. If you take a long view, rolling the calendar forward a few years to where the changes are more mainstream though, the benefits of the changes start to manifest themselves, and the sentiment changes.
To bolster Jothan's point, without writing as elegantly, here's another angle on this that I have observed. A particular gTLD was opened up with a paticular advantage over the legacy ones - namely the timeliness from registration to delegation. (I.e., instead of waiting a day ot two, a name would be active in less than an hour.) This would seem like a "good" improvement. The first movers were the black hats. They'd steal a credit card number, register and before anyone could build a judgement about the name they'd use it for badness. Sending spam, as a start. What followed was a bad reputation was given to the TLD. The reaction by the TLD was to institute a takedown service under the banner of "brand protection." The moral of the story is that innovation many times is adopted more quickly by those willing to take on the risk, and if you want to apply the name, criminals very much accept risk. That's not the end of the story, just something that needs to be expected and handled. (Rarely can it be anticipated, white hats don't think like black hats.) Whether this lends any creedence to the BlueCat report, I don't know. But as Jothan says, people fear change and often the excuse is because the new stuff is a bad neighborhood.
Just a quick clarification: On 9/18/15, 4:36 AM, "Edward Lewis" <ua-discuss-bounces@icann.org on behalf of edward.lewis@icann.org> wrote:
Whether this lends any creedence to the BlueCat report,
The report was from Bluecoat (who, as I understand it, make what I call "censorware"), not Bluecat (who make IP address/DNS/DHCP solutions). Regards, -drc
On 9/18/15, 11:15, "David Conrad" <david.conrad@icann.org> wrote:
Just a quick clarification:
On 9/18/15, 4:36 AM, "Edward Lewis" <ua-discuss-bounces@icann.org on behalf of edward.lewis@icann.org> wrote:
Whether this lends any creedence to the BlueCat report,
The report was from Bluecoat (who, as I understand it, make what I call "censorware"), not Bluecat (who make IP address/DNS/DHCP solutions).
Ah, my mistake - good catch. It wasn't a typo, I misread the name in the article. My reading eyesight isn't the best, I missed the extra vowel.
Jennifer Gore Standiford wrote: [...]
I wonder why the .zip extension was referenced as a ‘shady’ considering it hasn’t launched yet.
They published a blog post that explained that they failed to distinguish between filenames and domain names: https://www.bluecoat.com/security-blog/2015-09-02/zip-urls-or-why-you-should... Regards, Leo Vegoda
Hi Jennifer, We might need to rise awareness in the community, that idea of filtering whole TLDs is quite contrary to the idea of open and united internet. Sounds weird, but according to the report all customers should buy .mil domains (the safest ones) , which is impossible. (Usually everybody looks into worst and best and pass the rest). P.s: most probably their customers are not civilians, so such logic might make some sense for them I tried to reach site of BlueCoat from one of my VPN servers https://www.bluecoat.com/whos-secure/customers/major-defense-contractor And, to my surprise I had "ERR_CONNECTION_REFUSED" in Chrome (no explanation at all, just refused connection) The reason - one of GEO Locators think that 89.104.90.178 is somewhere in Iran, when in reality it is in Moscow, Russia ... (but this issue is outside of the scope of UA group) Sincerely Yours, Maxim Alzoba Special projects manager, International Relations Department, FAITID m. +7 916 6761580 skype oldfrogger Current UTC offset: +3.00 (Moscow) On Sep 16, 2015, at 23:31 , Jennifer Gore Standiford <JStandiford@web.com> wrote:
Ram and UA Members,
Have we requested or received any of the underlying data that supports the stats outlined in the BlueCoat report? I wonder why the .zip extension was referenced as a ‘shady’ considering it hasn’t launched yet.
Thanks, Jennifer
Jennifer Gore Standiford Policy Director Web.com 12808 Gran Bay Parkway, West | Jacksonville, FL 32258 Office: 904. 680-6919| Cell: 904. 401-4347
From: ua-discuss-bounces@icann.org [mailto:ua-discuss-bounces@icann.org] On Behalf Of Ram Mohan Sent: Wednesday, September 16, 2015 1:43 PM To: UA-discuss@icann.org Subject: [UA-discuss] Blue Coat's Web's Shadiest Neighborhoods and implications on TLD acceptance
Folks, BlueCoat, a security vendor used by most of the Fortune 500, released a report on the Web’s shadiest TLDs on Sep 1, 2015. They recommend to their 15,000+ customers to block all listed TLDs (report attached). Most of these are new gTLDs.
There are implications for universal acceptance. This will result in some discussion at the upcoming UA Coordination Summit in Horsham tomorrow and Friday. The summit will have a conference bridge for anyone interesting in participating. Don Hollander will provide details.
-Ram Chair, UASG
o: +1.215.706.5700 x103; m: +1.215.431.0958; f: +1.215.706.5701 Skype: gliderpilot30
-----------------------------------------------------------------------------------------------
The Web’s Top 10 "TLDs with Shady Sites*"
Rank Top-Level Domain Name Percentage of Shady Sites
#1 .zip 100.00%
#2 .review 100.00%
#3 .country 99.97%
#4 .kim 99.74%
#5 .cricket 99.57%
#6 .science 99.35%
#7 .work 98.20%
#8 .party 98.07%
#9 .gq (Equatorial Guinea) 97.68%
#10 .link 96.98%
participants (10)
-
David Conrad -
Edward Lewis -
Jeff Neuman -
Jennifer Gore Standiford -
Jordyn Buchanan -
Jothan Frakes -
Leo Vegoda -
Maxim Alzoba -
Ram Mohan -
Siemen Roorda