Domain registrars are warning customers that their domain names could become easier to hijack as a change in domain transfer rules takes effect Friday. Under new rules set by the Internet Corporation for Assigned Names and Numbers (ICANN), domain transfer requests will be automatically approved in five days unless they are explicitly denied by the current registrar.

This is a change from current procedure, in which a domain's ownership and nameservers remain unchanged if the current registrar receives no response from a domain owner to a transfer request. Update: Some domain providers say concerns about fraudulent transfers are overblown, noting that ICANN's guidelines still require registrars requesting a transfer from another provider to seek approvals from a domain owner.

The changes could mean trouble for domain owners who don't closely manage their records. Registrars are warning that domains with incorrect e-mail addresses and outdated administrative contact information could be at particular risk, as the domain's WHOIS database information will be used to inform domain owners of transfer requests.

(more...)

Another large hosting company has hitched its growth ambitions to cheap domain pricing, and seen an immediate payoff. Interland dropped its one-year domain price to $7.95, and was rewarded with a gain of 132,147 new sites (hostnames not listed in last month's Web Server Survey).

The price cut snaped a period of mediocre growth for Interland, which had averaged just 10.3K new sites per month over the previous five months. That's considerably less than the average monthly gain of 36.7K new sites over the same period for Yahoo, one of Interland's chief competitors in the small business shared hosting market. Yahoo's numbers have strengthened since August, when it lowered its domain pricing to $9.95 per year.

Interland's move continued a trend in which leading hosting companies are using aggressive domain pricing to acquire new business. Seven of the top 20 hosting providers (as measured by hostnames) now sell domain names for $9.95 a year or less.

Retail Domain Name Prices, November 2004 Company One-year .com price &nbspPrimary Business&nbsp Primary Region 1&1 Internet AG $5.99 Mixed Hosting Europe EV1Servers $6.49 Dedicated Hosting America Hostway $6.95 Shared Hosting America Sipence (eNom) $6.95 Domain Registrar America AIT Domains $6.95 Mixed Hosting America Interland $7.95 Mixed Hosting America Web.com $7.95 Mixed Hosting America Go Daddy Inc $8.70 Domain Registrar America Yahoo $9.95 Shared Hosting America RegisterFly $9.99 Domain Registrar America Netcetera $12.98 Mixed Hosting Europe Dotster $14.95 Domain Registrar America FastHosts/UKReg $16.48 Mixed Hosting Europe Pipex/123Reg $16.67 Mixed Hosting Europe Network Solutions $34.99 Domain Registrar America Register.com $35.00 Domain Registrar America

(more...)

Diebold, whose electronic voting systems will be widely used in the U.S. presidential election on Nov. 2, continues to run its public web site on Windows NT4, forgoing newer Microsoft operating systems.

Windows NT4 was officially retired in 2001, and Microsoft is scheduled to discontinue security patches and all other support on Dec. 31. As a result, the number of holdouts running web sites on NT4 is dwindling. Only 1.5 percent of web-facing hostnames run on Windows NT4/98, according to this month's Web Server Survey, down from 5.3 percent at the start of 2003. Only one member of the Fortune 100 (Kroger) and eight companies in the UK's FTSE 100 continue to operate their web sites on Windows NT4.

Diebold's choice of operating system for its web site has no direct impact upon the security of its voting systems. But it seems a curious decision for a security company whose systems are under considerable scrutiny due to their importance in the upcoming election.

(more...)

Domain owners are protesting a move by domain registrar eNom to register the .info equivalents of nearly a million .com domains owned by eNom customers. Domain name statistics show that eNom registered 950,000 domain names between Sept. 27 and Oct. 4.

The domains were registered through Sipence, which has the same address as eNom in an office suite in Bellevue, Wash. The domains were reportedly registered with the name and contact details of the owner of the .com domain. Inquirers to Sipence and eNom say they are being told that the .info domains were registered "on their behalf" and will soon appear in their eNom accounts. Several report being told via email that the .info domains would "be available to you for a small fee if you choose to use them." Other customers say they've been told there will be no charge for the domains.

Some eNom customers are asserting that Sipence/eNom has effectively acted as a cybersquatter, registering domains associated with their brands. But the scenario is somewhat different from traditional cybersquatting, since the .com owner is the listed registrant. Nom has not yet responded to a request for comment.

(more...)

In a column a few months ago, I looked at the range of anti-spam measures that were being developed. It seems appropriate to review how things have progressed since then. Although the graph of spam as a percentage of total email appears to be flattening it is still rising: even if it flattens further, Internet users are still faced with a future where the vast majority of their email is unwanted, to say nothing of offensive and downright dangerous.

As many predicted, anti-spam legislation – both in the US and European Union - has proved a damp squib. It is true that lawsuits have been filed (and some even won), but these are mainly to make the companies concerned look good Internet citizens. The effect on the thousands of small-scale, anonymous spammers operating from faraway countries is zero.

More promising are moves on the technical front to combine two similar approaches to dealing with one aspect of spam, that of address spoofing. The idea is simple – which makes it more likely to succeed. Those sending email register lists of their servers that can legitimately do so; when a message is sent, recipients can check whether the purported email address corresponds to the real server of origin. If it does not, it is likely to be spam.

The idea seems to have surfaced first in a 2002 memo from Paul Vixie, the principal architect of the BIND program. It was picked up later by Pobox.com's Meng Weng Wong, who formulated what became Sender Policy Framework (SPF). There is an explanation of how it works as well as a FAQ.

(more...)