Dot-Name Becomes Cybercrime Haven

Found on Wired on Thursday, 27 September 2007
Browse Internet

The company that controls the .name registry is charging for access to domain registration information, a step that security researchers say frustrates their ability to police the internet and creates a haven for hackers who run internet scams.

ICANN, which sets the rules for the internet's top-level domain names such as .com and .net, has traditionally required registrars to make Whois data publicly searchable as a condition of the companies' right to sell domain names.

But Global Name Registry, or GNR, which administers domain names ending in .name (that are intended for use by individuals e.g., johndoe.name), won the right to create tiered levels of Whois access, where public searches show very little information beyond what registrar sold the name and what name servers the site uses.

"What they have done is made sure the .name TLD is free haven for bad guys to lurk on," Evron said. "If I need to report 1,000 domains, I'm not going pay $2,000."

That's hardly a problem: just configure your e-mail filters to reject everything coming from a .name TLD. Additionally, reject those e-mails that contain .name URLs. If a lot people and providers do this, legitimate users will complain to their ISP (or switch to a better TLD) and GNR will end up with lots of problems. Since .name never really reached an important level, you won't miss anything.