Friday, June 8, 2018

Job: Director of Channel Development

Dominion Domains, a division of Dominion Enterprises (Norfolk, Virginia) is hiring a Director of Channel Development.


Dominion Domains is the Registry Operator for five Top Level Domains (TLDs) including .autos, .homes, .boats, .yachts and .motorcycles.

Saturday, June 2, 2018

Registered in 1998: Guillon.com is 20 years old

I registered guillon.com in 1998-06-02: that was 20 years ago.

It is my oldest domain name and at the time, I had no idea that I would use it for the rest of my life.

I now use the same ending in ".email"...for Email.

Wednesday, May 9, 2018

Introduction of .APP domains by Google

...and how to secure them
.app, the web's first secure-only open top-level domain (TLD) for mobile apps and developers, is launching on May 8. This in-depth technical talk covers use cases for .app domain names, HTTP Strict Transport Security (HSTS), best practices for secure website development, and the unique security benefits of .app domains thanks to TLD-wide HSTS.

Monday, April 30, 2018

How to index a redirection in Google?

I just hit "site:.sncf" to try to find out which are the two new domain names ending in ".sncf" which were just created and I found nothing new but www.wifi.sncf. The picture below is what appears, indexed in Google:


I clicked on it and noticed (again) that it is a redirection.

Question to Bill Hartzer (@bhartzer) : how do you index a redirection in Google?

Friday, April 13, 2018

UPDATE: Phishing, a few weeks after

I wrote a small article (in French) on several procedures that I just tried at the ICANN and at a Registrar hosting a domain name used for phishing.


What we did
Basically, ICANN offers 2 emails to write to and we also used two different procedures at the Registrar concerned: the abuse email and a dedicated form.

The result is the one expected: the ICANN created a case and answered us the below but none of the other two parties we contacted even answered us.

Answer received from ICANN
Dear Jean Guillon,
Thank you for contacting the ICANN Global Support Center.
I will be happy to provide you with further information. Please note, the 2013 Registrar Accreditation Agreement (RAA) requires ICANN-accredited registrars to provide abuse contact information, take steps to investigate reports, and respond appropriately to any reports of abuse. The full abuse contact requirements can be found in Section 3.18 of the 2013 RAA at: https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#3.18 .
For more information about Registrar Abuse Reports and the type of reports, please see: https://www.icann.org/resources/pages/abuse-2014-01-29-en .
If you wish to submit a complaint to our Contractual Compliance about the registrar failing to comply with the requirements, please complete the form at:https://forms.icann.org/en/resources/compliance/complaints/registrars/standards-complaint-form .
Please allow 3-5 business days for our Contractual Compliance Team to respond to your complaint submission.
I hope this information is helpful to you. Please contact us if you have any additional questions or concerns. This case will now be resolved. Thank you for contacting ICANN.
The ICANN form (...)
I submitted a complaint to the Contractual Compliance Team (as suggested in the answer received by the ICANN) but at this stage, I thought that ICANN would already have acted since I already sent all informations: this form is probably going to be sent to the Register.it

26 of March 2018
  • ICANN ask the same informations + a copy of the abuse email that I sent to Register IT with my authorization to contact them (...);
  • They also write that I did not fill in their form correctly (...).
I resend them all this (...).

13 of April 2018(and after informing the ICANN (who answered it would inform the Registrar))
I received an email from Register.it and here what it says: "Dear Sir according to ICANN request, here below a summary of actions taken by our Abuse Team with reference to your request, please be informed that":
  • "on March 8, 2018 we have received your abuse report (copies of emails received are attached)": I never received confirmation of this.
  • "In the following 24 hours our dedicated Abuse Team has examined the issue and taken the necessary steps to solve it": I seriously doubt it but surprisingly, after complaining several times to the ICANN and after more than a month, Register.it returned with this answer.
  • "Each abuse report requests of course different actions, in this case they intervened removing the dangerous involved folders": do I understand that you removed a client's folder hosted with you? I checked the sub-domain and it is still in place and not pointing to an error.
  • "Customer has been then accordingly informed. Just for your further information in this case RNH and AH are the same entity": I have no idea what this means and I would have expected the domain to be a little more investigated because the whois still shows a "Domain Status:ok".
16 of April 2018
After more than one month exchanging with registrar and ICANN and for one single domain name hosting a phishing operation, ICANN considers that the abuse complaint is closed:
"Dear Jean Guillon,
Thank you for submitting an Abuse complaint concerning the registrar REGISTER.IT SPA. ICANN has reviewed and closed your complaint because:
 
- The registrar demonstrated that it took reasonable and prompt steps to investigate and respond appropriately to the report of abuse. 
ICANN considers this matter now closed.
Please do not reply to the email. If you require future assistance, please email compliance@icann.org; if you have a new complaint, please submit it at http://www.icann.org/resources/compliance/complaints .
 
ICANN is requesting your feedback on this closed complaint. Please complete this optional survey at https://www.surveymonkey.com/s/8F2Z6DP?ticket=changed .
Sincerely,
 
ICANN Contractual Compliance
Let's be honest: WHO GOES AS FAR AS THIS WHEN RECEIVING A PHISHING EMAIL AND WHO UNDERSTANDS SUCH ANSWERS?

Score
Phishers / Gmail filter = 1
Icann / Register.it = 0

Useless procedures
This way to proceed against phishing for end users is an absolute nonsense: the ICANN procedures and rules for such common problems are useless.

Read my article in French.

Monday, April 9, 2018

Will it be .ONLINE or .ONL ?

I just noticed that the .ONLINE new gTLD has a competitor: there is a .ONL extension too. As the registry websites states: ".ONL provides limitless access to everything online. It's the natural domain for all of your online activities".


More about this registry can be found here.

A few numbers
  • The .ONLINE new gTLD has 812.000 domain names registered;
  • The .ONL new gTLD has 5,270 domains registered.
I didn't notice the .ONL Top-Level Domain meant "online" until today (...) so I added to it to the similar TLDs' list.

Friday, March 30, 2018

The .BMW new gTLD

While updating the CARS new gTLD report for the month of March 2018, I noticed that the .BMW new gTLD had 53 ".bmw" domain names registered in February to 108 at the end of March.

From the examples that I tested, most are not redirections anymore but real websites such as: http://ratzel.bmw

Monday, March 26, 2018

For .STEPHANE

I just learnt today that Stéphane Van Gelder passed away.

My friend Murielle called me.

Many of us in France have worked with and for Stéphane. I personally worked many years with Stephane to launch new gTLDs at INDOM (which was then acquired by another company). He is the person who taught me everything that I did not know about domain names: he actually taught me that Versign was a thin registry and not a thick one: I did not know the difference...

When I joined INDOM, years ago, he also was the first French guy to have delivered .BRAND new gTLD studies when we did not even know when the first round of the ICANN new gTLD program would start. Actually, we were very good at what we did but he was the guy to think years in advance.

Stéphane was a person of precision. I remember the number of times he asked me to re-write things because I would not have seen a mistake in a word or have missed an accent: I remember going to his office at Indom 10 times a day and getting back to mine ultra pissed because I would have I missed a correction in a study.

...I don't really know what to write in such circumstances...

Today is a sad day.
RIP Stéphane.

More covers here and here.

New gTLDs: homograph attacks on the rise?

The problem with homograph attacks is that the more we talk about them, the mode it gives ideas to frauders.

Note that it is also - and I believe this strongly - a super fantastic way for security providers to scare their clients reminding them to buy their services because if they don't, the world will collapse ;-)

Last May, I wrote (in a very limited english that only non-english speakers can understand) a post about it to explain what an homograph attack is.

This morning, I read a new updated post, written in words that even I understand: it is entitled "Homographs, Attack!": it explains homograph attacks in simple words with cool designs. This is a good read and this is something that operators of large domain name portfolios should read too.

Tuesday, March 6, 2018

New gTLDs: overarching issues

These are recent slides extracted from today's meeting. These topics will be discussed in the next ICANN meeting in Puerto Rico:

Something written about the next new gTLD applicant guidebook's format (the famous AGB):
Exciting, isn't it?
:-)

For action:
  1. Add to the slides for Council planning for PDP WG time at ICANN62 in Panama City.
  2. Take the list of topics in the Initial Report structure and send it to the WG in case we missed any topics.

Notes:
  1. SOI Updates:  No updates.
  2. Work Track updates:
    1. Work Track 1:
      1. Going through all of the topics and trying to make sure we reflected feedback from the calls and the CC2 responses.
      2. Getting that text into the Initial Report.
      3. Call scheduled for 06 March is TBD.
    2. Work Track 3:
      1. Finished meetings and going through topics.
      2. Making sure we've captured all of the input.
      3. Putting the language into the Initial Report.
    3. Work Track 4:
      1. Looked at preparing text for the Initial Report.
      2. Discussed Registry Testing System.
      3. Preparing topics for Puerto Rico.
      4. Name Collisions also will be a topic.
      5. ICANN Board resolution on a longer term study.  See: Draft Project Plan for Name Collision Analysis: https://www.icann.org/public-comments/ncap-project-plan-2018-03-02-en
    4. Work Track 5:
      1. Going through the different categories of Geographic names in the Applicant Guidebook.  Identifying pros and cons.
      2. Looking at how we may want to consider doing the same thing in future or changing the AGB.  Addressing variations between the initial policy work and the final AGB content.
      3. Look at categories that were not in the AGB.
      4. Working Session dedicated to WT5 in San Juan on 14 March 0830.
  3. Review of suggested Initial Report structure/planning for ICANN61
    1. Slide 2: Initial Report
    2. Slide 3:
      1. Complete the Final Report by the end of 2018.
      2. For the Initial Report we are not doing consensus calls. We are putting options out for public comment.  Not the time to take a consensus call on one or more of the recommendations.
      3. Goal is to get out the Draft Initial Report out by the end of March and then have the WG review it in April.
      4. Thinking of changing the meeting schedule to meet every week to help with the review of the Initial Report, starting Monday, 26 March.
      5. In the planning for Panama we need to understand if the PDP WG will need a good chunk of the time at ICANN62.
    3. Slide 4: Work Track 1-4 and overarching issues.
    4. Slide 5:
      1. Overarching Issues and Work Track Topics.
      2. Options and open questions have not gone through a consensus call.
    5. Slide 6:
      1. Status Update Overview.
      2. Overarching Issues.
      3. Recommendations on 4 topics.
      4. Options/questions on 3 topics.
      5. Community Engagement: a lot of overlap with predictability or where we have tried to get feedback on this PDP.
    6. Slide 7:
      1. Status Update Drill-Down.
      2. Overarching Issues.
    7. Slide 8:
      1. Status Update Overview.
      2. Work Track 1.
  4. AOB: ICANN FY19 Budget:
    1. Only a short mention of the Subsequent Procedures PDP, but statement that there are no funds allocated for implementing any GNSO policy on subsequent procedures.
    2. FY19 goes from 01 July 2018 to 30 June 2019.
    3. If the Board waits until FY20 to allocate funds some think this could delay the launch of the next round.
    4. No time for this WG to file formal comments.
    5. PDP WG Co-Chairs may file individual comments.

Structure of the Initial Report (chronological order):
  • Overarching issues
  • Foundational issues
  • Pre-launch activities
  • Application submission
  • Application processing
  • Application evaluation/criteria
  • Dispute proceedings
  • String contention resolution
  • Pre-delegation
  • Contracting
  • Post-delegation