Friday, 21 January 2022

Domain registrations associated with new TLD launches

by David Barnett and Nipa Patel

Introduction

One of the central goals of a brand protection programme is detecting infringing third-party activity that falls outside the firewall - that is, external to a brand owner's portfolio of official core and tactical domains. Brand threats occur across a range of internet channels, but domain name abuse is one of the most significant areas for concern, both in terms of the visibility and potential for confusion of branded domain names by potential customers, and the enforcement options available. For this reason, domain monitoring is considered a core component of a brand protection service.

One of the primary data sources for monitoring are zone files, which are published by registry organisations and contain lists of all registered domains across a top-level domain (TLD), also known as a domain extension. By comparing consecutive daily versions of the zone file, one can identify both new registrations and lapsed domains.

When a new TLD is launched, it progresses through several phases, including a Sunrise phase - where trademark owners can apply for new domains - and a subsequent General Availability phase - where all entities, including members of the public, can register domains.

In this study, we considered the following four TLDs that entered General Availability in 2021[1], and analysed the domain registration patterns following the launch date.

  • .cfd – General Availability began April 20, 2021 - Initially assigned to DotCFD Registry Limited by the original applicant, IG Group Holdings PLC, and delegated in 2015[2], the .cfd extension was initially intended to relate to 'contracts for difference' trading[3]. It was eventually acquired by ShortDot and entered General Availability in April 2021, being marketed as referring to clothing and fashion design[4].
  • .basketball – General Availability began June 15, 2021 - The Fédération Internationale de Basketball (FIBA) in partnership with TLDH and Roar Domains originally won the rights to serve as registry operator for the .basketball extension in 2014[5]. After an extended period of qualified launch programs, community priority registration phases, and Sunrise periods, FIBA eventually opened access to the extension, marketed by agency Roar Domains doing business as Roar.Basketball, in mid-2021[6].
  • .sbs – General Availability began June 15, 2021 - .sbs was originally managed by the Special Broadcasting Service Corporation (Australia) as a restricted dot-brand TLD in 2015. Following a termination notice by this registry operator in 2020, ShortDot acquired the extension and it entered General Availability in June 2021[7]. It is being marketed as referring to "Side by Side, perfect for social causes, charitable organizations, and other philanthropic initiatives"[8].
  • .zuerich – General Availability began December 2, 2021 - The government of Zurich was awarded management of the .zuerich extension ('Zürich') in 2014 to "promote local industry, scientific interests, tourism and marketing, and to highlight the high standard of living in the Zurich region"[9]. The Sunrise period, where registration applications were subject to residency restrictions, began in August 2021, before moving to General Availability in December[10].

Analysis

Figure 1 shows the patterns in domain registration activity in relation to the start date of the respective General Availability phases.

Figure 1: Daily numbers (solid lines, left-hand axis) and cumulative total numbers since the start of April 2021 (dotted lines, right-hand axis) of domains registered for the four TLDs entering General Availability in 2021 (dates shown as dashed lines).

As expected, there are generally lower activity levels in the early phases of each TLD release. This primarily represents authorised parties registering domains for official use, and legitimate trademark holders applying for defensive registrations. A rapid increase in domain registrations generally follows, comprising domains intended for legitimate use as well as potentially infringing domains.

Across the four TLDs, more than 32,000 domains were registered between the General Availability launch phases and the date of analysis (17 December 2021). Across these datasets, several themes are evident. Several domains incorporate popular brand names (Figure 2) and may have been registered with intent to infringe (e.g. phishing or fraud, traffic misdirection to third-party content, or the sale of counterfeit items).

Figure 2: Number of domains registered with names containing each of the top 10 most valuable brand names in 2021[11]

Many of the brand-specific domains did not resolve to any significant site content at the time of analysis, though may be worthy of ongoing monitoring for future infringing content. Furthermore, several had already been flagged as dangerous at a browser level, potentially indicating malicious content may have been present previously, but subsequently removed. Two of the domains resolved to the same website, for a company purporting to be one of the brand's official 'product service centers'. In such cases, any false claims of affiliation can damage a brand's reputation. Of the remaining domains, some were found being used for revenue generation, with some examples featuring pay-per-click links, and others explicitly advertised for sale.

Other popular domain keywords[12] are also represented within this dataset - e.g. 'coin' (156 domains); 'life' (66); 'home' (59); 'your' (54); and 'online' (123). Other examples are related to specific areas of content. For example, references to e-commerce appear repeatedly via the keywords 'shop' (89 domains) and 'store' (51). Other keywords raising greater potential for concern include: 'casino' (48 domains); 'porn' (22); and 'download' (6). Other popular or topical areas are also represented, for example: 'crypto' (56 domains); 'bitcoin' (24); 'blockchain' (9); and 'covid' (4).

Conclusion

Observations and recommendations

The analysis shows the high speed at which potentially infringing domains are registered following a new TLD launch. This highlights the importance of employing a comprehensive brand monitoring program that can cover new extensions as they launch.

Monitoring should also be accompanied by an enforcement program against infringements. Ideally this should incorporate a 'toolkit' with a range of enforcement approaches, so that the most effective methodology can be selected, while reserving other options for escalation.  

Both monitoring and enforcement can be made more efficient using automated technology. This can analyse and prioritise targets, monitor domains for content changes over time, and use clustering and other artificial intelligence (AI) features to establish links between infringements, thereby streamlining the enforcement process.

Country-code launches

Another type of launch which has happened over the past few years is where a country code begins offering second-level domains, where it was previously only possible to register domains at the third level (e.g. the launch of .uk, where previously only .co.uk was available). When these launches take place, an additional Grandfather Phase is added to the process. During this phase, current owners of third-level domains are given first refusal to the second-level domain. The most notable launches in recent years have been .nz (New Zealand) and .uk (United Kingdom). Many brand owners failed to register relevant domains in the Grandfather Phases, resulting in high numbers of third-party registrations. The number of disputes filed with Nominet for .UK domains rose by more than 230% between 2018 and 2019, for example[13]. Second-level domains now account for 20% of all registrations for .nz[14], and 13% for .uk.

The Grandfather Phase for .au (Australia) will launch on 24 March 2022. Brand holders will therefore need to decide whether to defensively register the names they currently hold in .com.au, or employ an effective monitoring programme.

With thanks also for contributions by Justin Hartland.

References

[1] https://tld-list.com/launch-schedule

[2] https://icannwiki.org/.cfd

[3] https://cp.enom.com/domains/cfd-domain-registration

[4] https://financefeeds.com/what-is-in-a-domain-name-cfd-specific-top-level-domains-soon-going-live/

[5] https://icannwiki.org/.basketball

[6] http://www.domainincite.com/27161-basketball-domain-emerges-under-godaddy-with-fewer-hoops

[7] https://icannwiki.org/.sbs

[8] http://www.domainincite.com/26488-shortdot-bought-another-gtld-guess-what-sbs-stands-for-now

[9] https://icannwiki.org/.zuerich

[10] http://www.domainincite.com/tag/zuerich

[11] https://brandirectory.com/rankings/global/table

[12] https://onlinedomain.com/2021/06/04/domain-name-news/domain-name-trend-report-may-2021/

[13] https://www.nominet.uk/wp-content/uploads/2020/06/Nominet-2019-in-.UK-Domain-Dispute-Resolution.pdf

[14] https://docs.internetnz.nz/reports/

This article was first published on 21 January 2022 at:

https://www.cscdbs.com/blog/domain-registrations-associated-with-new-tld-launches/

Also published at:

https://circleid.com/posts/20220218-domain-registrations-associated-with-new-tld-launches

An extended version of this article, targeted at a Chinese audience, was published at:

https://mp.weixin.qq.com/s/HCLzG52ccCI3ZH6ZSA83gg

No comments:

Post a Comment

Phishing trends 2024 - and a look at some new data for domain threat quantification

Overview This year's annual phishing report by Internet technology consultants Interisle [1] has provided a number of key insights into...