The RSA Conference is a respected and well-attended Internet security conference that brings security experts together from all over the world. This year’s main event in the United States is currently being held in San Francisco, California through April 24th. I learned that there is a panel focusing solely on domain names, and as one might expect, it’s not one that puts the domain name space in a positive light.
On Thursday, April 23 at 9:10am, there is a session called “Domain Name Abuse: How Cheap New Domain Names Fuel the eCrime Economy.” The panel will be led by Paul Vixie, CEO of a company called Farsight Security, Inc.
Here is how the panel is described on the RSA Conference website:
“To stay agile and avoid detection, cybercriminals need plentiful and “too cheap to meter” domain names and the DNS industry is only too happy to comply. The result is that most new domain names are created for wicked purposes. Dr. Paul Vixie will provide examples of the critical role domain name abuse plays in today’s cyberthreat landscape and technical advances designed to mitigate this problem.”
I think this panel will be informative, and I would be interested to know how domain registries really feel about this issue. On one hand, they are probably happy to sell their domain names, but they are also likely tarnishing their own brand/extension in doing so. I presume the vast majority of domain registrations that are “created for wicked purposes” are purchased cheaply for one year, so the margins are likely very slim. That said, I am sure it would be nearly impossible to determine what domain names are created for nefarious purposes at the time of registration, and selling inexpensive domain names is a marketing tool used by just about every domain registrar.
Given the nature of this conference, I presume there are representatives of domain registries and other domain name companies who are in attendance. I would be interested to get their take on this panel and see if any changes are made to the way some registries operate.