Consumer protective strategies thwarted by large influx of tasting domains

[<Douglas_Otis@xxxxxxxxxxxxxx>]

Various enterprises offer a range of Internet protective services.  Many of 
these services attempt to leverage information collected of the domain holder's 
behavior.  As new domains are introduced, a sizable process is in place to 
correlate domain  information to discover possible associations with prior 
domains.  Domain histories and data correlation thereby identify potential 
threats which often results in additional analysis.  The product of this effort 
is often an assessment made available to the protective service subscribers.  
Domain tasting will delay and significantly increase the costs associated with 
all phases of a protective process.

Registries accommodate a flood of speculative domain registrations and appear 
to recoup expenses from an extremely small percentage of completed 
transactions.  Protective services must evaluate this influx that now exceeds 
the number of existing domains in as little as a few weeks.  Protective 
services need to publish their assessments in a timely fashion.  Even when 
limited to changing domains, this now represents a large amount of data to be 
made available to subscribers.  Unfettered registration of millions of domains 
without a reasonable fee must end, as this seriously impairs, delays, and 
increases the costs related to consumer protections.

If consumer protections were to become a paramount concern, advanced 
notification of changes should be provided prior to publication in DNS.  Domain 
holders should be able to anticipate their registry publications.  When there 
is an emergency or exigent situation, some accommodation can be made, but at a 
fee that makes such exceptional activity uncommon.  Existing domain owners and 
enforcement agencies should be allowed to flag potential problems as part of an 
advanced publication process.  Notifications of publication thereby affords 
enforcement agencies time to monitor and perhaps prevent criminal activity.  
While milli-second delays in publication are technically feasible, this ability 
is being abused by a growing criminal element and must be reconsidered.  Just 
as delays in processing are common in the hand gun trade, so should there be 
delays in processing of domain information for comparable reasons.  While 
registries and registrars may not vet who is permitted access, protective 
services and enforcement agencies should be afforded an opportunity to curtail 
rampant criminals instead.

While domain tasting might generate marginal revenues for registries, it 
creates at a sizable cost for protective services.  Avoiding additional network 
traffic is critical, as publication represent a substantial component of 
overall overhead.  Additional network traffic and associated delays also 
diminishes the user's experience.  For the Internet and related protections to 
flourish, the infrastructure must ensure criminals are afforded few places to 
hide.  End the domain look-alike and typo-squatting.  End the smash and dash 
tactics made possible by ill conceived rapid registry services.  The registries 
must better consider the role they play as a network citizen, and whether their 
tactics foster or obscure criminal activity. 


Douglas Otis
Trend Micro, Inc.

TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential and 
may be subject to copyright or other intellectual property protection. If you 
are not the intended recipient, you are not authorized to use or disclose this 
information, and we request that you notify us by reply mail or telephone and 
delete the original message from your mail system.