A Domain Name Wire post, Time to pay attention to the next round of new TLDs, begins with an ominous:
They’re coming. Eventually.
While not as dramatic or enduring as Arnold Schwarzenegger's "I'll be back", the reporter cites policy activity at ICANN as evidence that new TLDs are coming. Eventually.
In a September 2019 post, and in response to the ICANN memorandum, Readiness to Support Future Rounds of New gTLDs, I asked,
Has enough been done to study and rectify the concentration of security threats in the new TLD space?
In that post, I quoted correspondence from ICANN's security advisory committee (SSAC) to ICANN's Senior Vice President of Global Domains Division. In its communique, SSAC expressed concern that "the last round of new gTLDs appears to have introduced the phenomenon of TLDs with exceptionally high rates of abusive registrations."
SSAC's concerns were well founded. ICANN's January 2019 monthly DAAR report noted that 48% of the domains identified as security threats were registered in the legacy TLDs. The legacy TLDs represent 88% of the the domain names resolving in the DNS at the time of the report. ICANN also reported that 51 percent of the domains identified as security threats were in new gTLDs, noting that the new gTLDs represented 11% of resolving domains. In simple speak, domains registered in the legacy TLDs far outnumbered domains registered in the new TLDs (an 8:1 ratio), yet there were more domains associated with security threats in the new TLDs than in the legacy TLDs.
The Cybercrime Information Center has reported phishing activity in the gTLD space since May 2020. As the trendline in the image indicates, the number of domains reported for phishing continues to grow..
The yearly measurements reported in Interisle's Phishing Landscape 2021 are even more troubling. The new TLDs' share of phishing domains reported was 3.5 times the new TLDs’ market share of 6%.
In February, 2021, in Comments on the GNSO New gTLD Subsequent Procedures Draft Final Report, SSAC was again expressed concern: "Given the serious problems that some new gTLDs had with DNS abuse, it is clear that these issues need to be understood and mitigated prior to the launch of any new gTLDs under a new policy regime."
DNS abuse - or more correctly, cybercrimes that employ domain names - has flourished in the new TLD era. ICANN has done little to address this problem. ICANN policy development to mitigate DNS abuse is stuck in a definitional infinite loop. Registration data is redacted and access is rate limited. Domain names are weaponized in volume.
Since 2012, ICANN has not adopted meaningful policies, service level agreements, or contractual compliance tools to mitigate DNS abuse. ICANN's security, government, and at large advisory committees have made numerous recommendations to the Board and organization but the policy process is controlled by the service organizations, who benefit most from expanding the top level of the domain name space.
The military uses the phrase danger close when friendly forces are in extreme proximity of a target; simply put, friendly forces are at great risk of harm when the artillery, air, or naval gunfire support begins.
Guess who the friendly forces are?
Sarah Connor image by Helgi Halldórsson, Terminator image John Lawlor