.US Harbors Prolific Malicious Link Shortening Service

Sat Nov 4 18:29:46 UTC 2023

On 04/11/2023 15:54, borg at uu3.net wrote:
> Yeah. I wonder why this cannot be reversed really?
> First domain registration should cost more.. 50 USD maybe? Dunno.
> And then, when you want to extend the domain, price should be
> around 5 times lower?

Most of the new gTLDs that are using this heavy discounting model would 
not be commerically viable with normal .COM registration fees.

It is a very cynical business model that relies on a very small 
percentage of discounted domain names renewing at full fee (typically 
between $10 and $30) so that in addition to the registry covering costs 
on each first year registration, it makes more on a renewal for the 
second year. The typical renewal rate is 5% or below and it like sieving 
for plankton. One of the new gTLDs has a renewal rate for 2022 new 
registrations of 1.53%. It is regularly priced at less than $1 per new 
registration.

When the heavy discounting business model started being widely used by 
struggling new gTLDs, a lot of the abusive registrations shifted from 
.COM/NET because the economics of DNS Abuse had changed. The .ORG 
registry had been working on cleaning its zone and had stopped heavy 
discounting offers. It is now in a much stronger position than either 
.COM or .NET in terms of renewals.

Most registrants in a country will either consider their local ccTLD (if 
outside the US) as a first choice and then the .COM as a second choice. 
Market awareness and familiarity generally play a larger part in driving 
registration trends than pricing.

The .US ccTLD is up against the .COM in the US market and the .COM is 
the de facto US ccTLD. The .US has had discounting promotions before and 
most of the discounted registrations did not renew.

> Those who want to use it for legal activity will chew that little CAPEX.

That brings up another problem. When a registry starts to use a heavy 
discounting model with its gTLD, it kills development and usage rates in 
the gTLD because the gTLD gets a reputation for being a junk TLD and the 
rising level of spam and phishing cause the gTLD to be blocked on 
mailservers. It is very difficult for a gTLD to recover from this. One 
of the earlier heavy discounting new gTLDs had about 2 million domain 
names in its zone at the peak. Five years later, approximately 2K were 
still in the zone. A new registry team took over the gTLD and other 
Famous Four Media gTLDs in 2018 and they have still not recovered.

A high registration fee will act as a barrier to entry for a TLD and it 
will take longer for the TLD to grow. Prospective registrants will often 
opt for the cheaper close alternative. (Registrants and tend to be aware 
of their local ccTLD, .COM, .NET, .ORG and perhaps the ccTLD for 
adjacent countries.) For much of the late 1990s and early 2000s, that 
was .COM rather than the ccTLDs. Many ccTLDs were run by university 
Computer Science departments that couldn't compete. In the mid 2000s, 
the ccTLDs started to improve due to ICANN's failure to deal with 
problems in .COM/NET/ORG and abuse of the Add Grace Period.

Even with the DotCOM bubble, the initial fee of $50 per year kept 
registration volume relatively low but it was a very different market 
compared to today's more global one. The advent of the registrars model 
and its competition reduced the registration and renewal fees and helped 
grow the market. The problem today is that the growth in .COM has 
plateaued.

There is web usage in the .US ccTLD but it is at a lower rate than in 
.COM or in European ccTLDs. A lot of .US registrations are brand 
protection registrations and redirect to the registrant's primary 
website in .COM. It isn't a truckstop or gateway TLD like .EU where 
there are more redirects to other TLDs than active websites.

Regards...jmcc

> 
> 
> ---------- Original message ----------
> 
> From: Eric Kuhnke <eric.kuhnke at gmail.com>
> To: goemon at sasami.anime.net
> Cc: NANOG list <nanog at nanog.org>
> Subject: Re: .US Harbors Prolific Malicious Link Shortening Service
> Date: Thu, 2 Nov 2023 20:39:17 -0700
> 
> Not specific to .US really
> 
> Pretty much every new gTLD that can be registered on "promotional" first
> year prices below .com/.net/.org harbors a large than usual proportion of
> phishing domains and suspicious things, because one of the sole operational
> criteria for phishers registering disposable domains that might have useful
> lives of only hours or a few days, in bulk, is the cost per unit.
> 
> 
> ".us" is in much the same situation because I am seeing promotional prices
> of $4.50 to $5 per domain for the first year.
> 
> 
> 
> 
> 
> On Thu, Nov 2, 2023 at 1:31˙˙PM goemon--- via NANOG <nanog at nanog.org> wrote:
> 
>>
>> https://krebsonsecurity.com/2023/10/us-harbors-prolific-malicious-link-shortening-service/
>>
>> "The NTIA recently published a proposal that would allow registrars to
>> redact all registrant data from WHOIS registration records for .US
>> domains. A broad array of industry groups have filed comments opposing the
>> proposed changes, saying they threaten to remove the last vestiges of
>> accountability for a top-level domain that is already overrun with
>> cybercrime activity."
>>
>> What hope is there when registrars are actively aiding and abeting
>> criminal enterprises?
>>
>> Are there any legitimate services running solely on .us domain names?
>>
>> -Dan
>>

-- 
**********************************************************
John McCormac  *  e-mail: jmcc at hosterstats.com
MC2            *  web: http://www.hosterstats.com/
22 Viewmount   *  Domain Registrations Statistics
Waterford      *  Domnomics - the business of domain names
Ireland        *  https://amzn.to/2OPtEIO
IE             *  Skype: hosterstats.com
**********************************************************

-- 
This email has been checked for viruses by Avast antivirus software.
www.avast.com