Domain Name Madness

Bummer, it is already occupied.

So are “.net” too and perhaps “.org” but the rest may be open. You can purchase “.co”, “.info” and some other dots too, but it would make no sense what so ever. Most people know “.com” and completely don’t care about the other TLDs. You need to make sure “.com” is free, even though perhaps you want to run your business on “.net”. If your business is a local one, you might settle for a local domain, but that has its own risks: what if your business grows large enough to go international, what if an international business comes to your country and you’ll be in a name conflict. There really is not much of an option.

Unfortunately there is an even bigger problem. As you reverse your naming technique and start from the domain name up, you will realize that most good name combinations are occupied, not by a legitimate business but by domain name sharks. Like real-estate sharks on the Internet, after all, a domain name is an estate in scyberland. They purchase domains by the bunch for nominal fees ($12/.com/year, or similar), and if you happen to want the domain they will gladly sell it to you for a thousand fold, or ten thousand fold, depending on what the potential of the name is. Nowadays, if you can prove legitimate business for a domain you could take it by force with a law suite, but who wants to start a business with a law suite, not knowing if the domain will be available within a month, a year or maybe three.

The TLD Scam

All in all, legitimate businesses plus hustlers, pretty much all the good names are taken. ICANN tried to address this by adding new top level domain names along the way. “.info”, “.pro” and one that really stands out, “.co”. Besides the massive marketing regarding the coolness of this latter top level domain name, it actually emphasizes the ridiculousness of these free to take added top level domain names. Let me give you an example: Suppose a legitimate business has the “.com”, I will now purchase “.co” and run my legitimate business there, how will that make me look like? Well, certainly like someone who is trying to hitch a ride on the back of an already successful business, a leach in colloquial words. For this very same reason all successful businesses felt complied to purchase the “.co” the very next day they were released. Let’s look at the alternative, perhaps a hustler has my “.com” domain name and I purchase and start my business on “.co”. I am sure he will be thrilled, because now that he sees that I am interested in that domain name he will gladly double his price.

Instead of opening more options to people who want to start a new business, all these new top level domains did nothing more but complicate the lives of old and new businesses and gave even more opportunity for hustlers and “legitimate domain registrars” to take their money. All this based on human psychology which is hooked on the “.com” name.

In a world with limited top level domain options these should really be closed, and should function on an all or nothing fashion. For instance, you could not get yourself a “.gov”, because you need to be a governmental institution to do that. This domain name is regulated and this is how they all should be. If you want a “.com” you should be able to prove you are a “.com” and then all others “.net”, “.org” should redirect to your “.com”. If you are a “.com” but you happened to have a branch or an affiliation that is an “.org” you now could be allowed to open up the “.org” too. This way the confusion would end. It really doesn’t matter to anybody what your TLD is, they will only look for the domain name and if they can’t get it right they will search engine your domain name to get to your domain but nobody pays extra effort to remember it.

Unfortunately the new generic top level domain names that come out in 2013 are no better than this. With the slight difference that they are designed to grab even more money from all those business that already run and open up a completely new way to hustle people.

In early 2013 the world wide web will be flooded with a plethora of brand new top level domain names. “.bank”, “.music”, “.whatever”, you only have to have a truck load of money, sufficient patience and you can be the proud owner of an entire domain name hierarchy.

ICANN can even make you the the registry of the top level domain name of your own business, which is really cool because now you can run your website here:

• http://mybusiness.mybusiness

or if you don’t like the repetition you can just go for

• http://mybusiness

This is really cool because you don’t need the “.com” which didn’t matter any way to anyone but at least you can now pay $25,000 every year to be your very own registry instead of paying $12. Think of how many websites you could run with your business at the end; it is really an investment. But if you don’t do it, as in you are not willing to pay out that amount maybe someone else will and when you are successful make an honest buck on your back. It is hustling on a whole different level, it’s extortion.

But it doesn’t end with the TLD of your own business. Auctions for other generic domains start around $500,000 dollars and you could also be the registry of some cool top level domain, like “.cool”. This will make you a legitimate, ICANN authorized hustler. Now that you are the registry of a cool top level domain name, and after you paid handsomely to ICANN you can start to extort money out from all the legitimate businesses that are out there and don’t want a leach organization to start on

• “their-domain-name”.”your_tld”

Your success will only depend on how well you picked your gTLD.

It really won’t change anything else. Having a limited pool of domain names, people will continue paying no attention to TLDs, therefore this will only matter to those that own the business, to leaches and to hustlers.

The gTLD mindtrap

The FTC warned ICANN in an open letter about the dangers of what opening the top level domain name system would mean to people at large and asked ICANN to limit the number of generic TLDs to a dozen, and with good reason. Although The Anti-Phishing Working Group’s statics show a decline in phishing practices in the last years, this only means that crooks have found more effective ways to con people, “for the time being”. This does not mean phishing might not be back on track once gTLDs are in the open.

ICANN says that no ill willed organization will get their hands on a generic top level domain, which is most probably true. The sheer cost and time associated with the process will stop any such organization in its tracks but they don’t have to. Once the generic top level domain names hit the market, basic human psychology will favor the crooks to the legitimate organizations: Up until now, the domain name has been a very strict pattern of mostly three elements grouped together with two dots:

• something.name-that-actually-matters.tld

Because the TLDs are relatively few most people completely ignore its existence and automatically go to “.com”, this being the most predominant one. The attention shifts then to the middle component, which is the actual name that matters, the name that identifies the business. That is really the only one component worth remembering because the leftmost element is not regulated. It can be any anything and businesses use it to categorize branches or to simply emphasize importance to some particular aspect,

• for instance: blog.some-business.tld

With so little options, crooks had a really hard time to distract attention. They had to con people into thinking that the domain name (the middle part) is something else, even so there were plenty instances when they fooled people with similar domain names and identically crafted sites to steal credit card numbers, names, emails, the list is long.

With the generic TLD system however, their job will be a lot easier. As domain names will become more varied, slowly but steadily the human brain will ditch the pattern and will put more emphasis on the domain name as a whole, including the top level domain name and the sub domain, as they will count a lot more in the name itself. Many businesses will opt to run on the same name but different top level domain names. So people will tend to rely less on the middle component and more on the actual appearance of the site where they land. It will be a lot easier to fool someones eyes with a domain name

• like: legitimate-bank-name.distorted-legitimate-bank-name.some-tld,
• for example: bankxyz.bankxzy.bank

because when the brain seeks to to recognize the name in the typed sequence, it will put the same weight on any of the three components and it will consider equally good to find the legitimate name in the sub domain section, which is not regulated, as it was a year ago in the middle.

The open TLD

As businesses are multiplying in the world and domain names become more and more scarce, opening the top level domain name and as such, unlocking the mind from the “.com” domain is not only welcome but a necessary step. However, strategies on stopping fraud should not be based on controlling the names themselves but rather on regulations that allow automated identity recognition for sites such as secured protocols and SSL certification. Names by themselves don’t carry a lot of weight, the human brain is optimized to work with incomplete, degraded information. It relies on assumptions and not factual data. The more relaxed the standard the more errors it will make.

The only thing that would ease this pain would be a totally open TLD system. Top level domain names should be treated domain names are treated today, or if you will, the TLD should be pretty much eliminated. This way anybody’s business could end in “.anything” and so the combinations of names would be so great that people’s perception will change altogether in what regards with the domain name and the top level domain name. They would remember the domain name as it is, “some cool business” and knowing that it is totally open to append all sorts of crazy stuff at the end of it they will pay more attention to the name itself. It will not change much in regards with security, but then at least it will put an end to carnage that today exists and that is to come starting 2013.

But in early 2013 ICANN will collect anything between 50 and 500 million dollars from wannabe eager registries. Where is the money is going to come from in the end?