RE: [gnso-ff-pdp-may08] Possible additional registries to mention for page 37 footnote

["Greg Aaron" <gaaron@xxxxxxxxxxxx>]

All--

Below is the language I propose -- references some good summaries. 

<proposal>

1082 The Working Group would like to point out that a number of registries
-- including generic,
1083 sponsored, and country code TLDs - currently have policies that might
serve as examples of
1084 how TLDs can take individual action in the area of domain abuse.
Various TLDs are
1085 differently situated, and have different needs and approaches in this
area. [INSERT FOOTNOTE HERE]

FOOTNOTE: 
Related to policies, a purpose of the recent "GNSO Issues Report on
Registration Abuse Policies" was to "identify and describe various
provisions in a representative sampling of gTLD registration agreements
which relate to contracting parties' and/or registrants rights and
obligations with respect to abuse."
[http://does-not-exist.org/mail-archives/council/pdfdV1ZIs2xi1.pdf]  The
report found that among the gTLDs, "research found that eleven out of
sixteen gTLDs have provisions in place that address (seven of eleven) or
potentially could address (four of eleven) abuse."  Many ccTLDs also have
policies against criminal and/or abusive uses of domain names, with .DE
(http://www.denic.de/en/domainbedingungen.html) and .UK
(http://www.nominet.org.uk/nominet-terms) being but two examples.  Related
to needs, various studies have demonstrated that the amount and types of
abuses vary greatly from TLD to TLD, and that some TLDs do not suffer
certain types of abusive domain name uses at all.  For examples, see the
Data Annex to this FFWG report by Arbor Networks and Karmasphere, The
Anti-Phishing Working Group's "Global Phishing Survey: Domain Name Use and
Trends in 1H2008" report
(http://www.apwg.org/reports/APWG_GlobalPhishingSurvey1H2008.pdf), and
URIBL.COM TLD statistics (http://rss.uribl.com/tlds/). 

</proposal>

With best wishes,
--Greg


-----Original Message-----
From: owner-gnso-ff-pdp-may08@xxxxxxxxx
[mailto:owner-gnso-ff-pdp-may08@xxxxxxxxx] On Behalf Of Dave Piscitello
Sent: Friday, December 19, 2008 12:16 PM
To: Joe St Sauver; gnso-ff-pdp-May08@xxxxxxxxx
Subject: Re: [gnso-ff-pdp-may08] Possible additional registries to mention
for page 37 footnote


Doesn't this depend on your metric for under control?

The APWG Annual Phishing 1H2008 metric would suggest that several others
that have abuse under control if you consider that metric as valuable.

That report also makes some useful observations regarding the
characteristics that those registries share. Using the APWG scoring, you
could add all the TLDs that had a score of less than 1, for example, AG, AR,
DE, DM, EU, .. Don't overlook Libya with a "attaboy" score of 0.0  :-)

The EU score is noteworthy because it's a sizeable registry.

You could also use "phishing uptime". COOP, Jersey, Caymans, Kazakhstan,
Nicaragua are all around 4-5 hours.

Perhaps a combination of scores... Aren't numbers fun?

On 12/19/08 11:45 AM  Dec 19, 2008, "Joe St Sauver" <joe@xxxxxxxxxxxxxxxxxx>
wrote:

>
>
> So after thinking a bit about TLDs that have abuse issues under control,
> the ones that come to mind include:
>
> -- .gov, .mil, .edu, .int
>
> -- .us, .uk (and many other ccTLDs, although there certainly are some
>       noteworthy exceptions)
>
> I'd be happy to hear suggestions from others, however.
>
> Regards,
>
> Joe