Opening Phishing Holes with New Top-Level Domains
By Leo Notenboom
You’re used to seeing domains ending in .com, .net, and many other of what are called the top-level domains.
But … .bank? .microsoft? .paypal?
Perhaps even .leo? .askleo?
ICANN, the Internet Corporation for Assigned Names and Numbers, is in the process of rolling out the ability to purchase your own top level domain. It’s not cheap (you won’t be seeing .askleo any time soon), but it is happening.
Unfortunately, one of the expected side effects is a massive increase in phishing attempts. And if you’re not careful, you could fall victim.
New top-level domains
The concept is very simple: there’s no technical reason that the internet should be limited to domains that all end in one of a small set of tightly controlled top-level domains or TLDs.
They are somewhat useful – aside from the ubiquitous .com, .net, and other generic TLDs (gTLD) – most of the existing TLDs be used to identify the country of registration. Even though some countries don’t restrict registration (Bit.ly, for example, is not related to Libya, and about.me has nothing to do with Montenegro), many, if not most, do.
But those are all standards of convenience – there’s really no technical reason that TLDs need to be limited to only that set.
And, beginning this year, they won’t be.
For the modest sum of $185,000 US, you can apply for a new, generic top-level domain (there is an application process and certain requirements must be met).
Assuming that you are successful and gain ownership of that domain, then you control what happens on that entire top level domain. Were I to own .leo then I could create ask.leo as a domain for my website or mail. (Don’t worry, I don’t have a spare $185,000 to do it.)
This post is excerpted with permission from Leo Notenboom.
About Leo Notenboom
Leo A. Notenboom is the owner of Puget Sound Software, LLC and the Leo in Ask Leo!. Leo has been in the personal computer and software industry since 1979, as a software engineer, a manager of software engineers, and as a consultant. In 1983 Leo joined what was then a medium sized local company called Microsoft and spent the next 18 years in a wide variety of groups working on a wide variety of software. If you're running Microsoft Windows, if you've used a Microsoft development tool or Microsoft Money, or if you've ever purchased a ticket through Expedia, there's a good chance you've been touched by some of his work. And of course, since 2003, Leo has been answering your tech questions on Ask Leo!