This is my personal opinion on this matter.
To be clear, speaking in the context of an ICANN-accredited registrar, this is not DNS abuse.
This unfortunate scenario fuels a narrative that often comes from parties seeking to bring trademark policing into the DNS abuse category so that registries and registrars absorb these burdens.
It’s really inappropriate.
Yes, the domain name was used as one of the components of this scam, but it was one of many moving parts, just like phones, their hosting provider, job sites and other more targeted moving parts. The content hosting provider played a bigger role in delivering the actual payload than the registrar.
Third-party DNS providers and hosting companies are not under the dominance of ICANN’s rulesets or oversight. Additionally, ICANN’s Bylaws exclude website content from being within scope.
A domain name registration cannot be presumed to be of malicious intent any more than a person needing to suspect someone of buying a hammer at the time of purchase from their hardware store as a deadly weapon.
This registration could just as well have legitimately been a staff member from the company’s human resources department setting up a local recruiting “pop-up” event, because this type of scenario happens all the time – where the benefits frictionless registration processes enable use cases of good actors more universally.
This sounds like a terrible situation for those who have been scammed, but in the context of the other moving parties involved in the author scam, there is no possible screening or registration action that could have prevented this to be possible at the time of registration. There’s also not a whole lot of technology dedicated to mind reading, and assuming your customer is a thief until they prove otherwise doesn’t create a very appealing business vibe as a user experience.
At best, the argument has been made that there could be better screening information on registrants. It is expensive to win a new (potential) customer and cheap to lose one. Nowadays, people don’t like to be followed in a store. They end up shopping elsewhere.
But let’s entertain a ridiculous notion that a registrar should be expected to actively review and monitor its registrants – which wouldn’t necessarily have included that. There are tools and systems that reactively report how domains are being used. These often result in legitimate websites being taken down under “friendly fire” when they contain too many false positives.
It is not entirely clear that this particular reported scenario would have been captured by this type of data research products or services, as they are largely automated with respect to the sensor data or indicators they use to notify or report problems. In this case, the website, if legitimately hosted and presented as future technology, would likely not be interceptable until an affected party reports it.
While activating the domain name, if the scammers were able to put up enough frontage to be effective for their campaign, but how would a registrar know that this domain is not in use by futuretest.com, even if compelled to do so to absorb the burdens of what would have been necessary to have some responsibility to do so.
Marketing, human resources or other departments of companies launch domain names legitimately all the time. Unless one is familiar with the specific company (such as the company itself), trade name and TM usage rights issues in domain names are a thorny issue for which dispute mechanisms are in place.
Did futuretech.com have a trademark registered with the TMCH?
Registrars use certain techniques to reduce credit card fraud that are commercially reasonable to put in place, but a fair balance is needed to go beyond that. Going too far can harm legitimate users and customers, and existing solutions to use forms of AI to predict/filter are either expensive or require too much data to share with third parties (often in violation of certain privacy rules) . law).
The registration parsing for strings in the registration process is not something that scales, and putting shorter terms in the registration parsing causes issues like ‘catsonyourhose.com’ to have a positive match with the term ‘sony’, let alone the complexity of the dictionary words, class of goods and services related to the intention of use (how many companies are said to be united or delta?) that can coexist in the real world.
Thus, the costs involved in solving this problem, if categorized as DNS Abuse, are hard to sell to registrars, especially in the presence of a small advantage, and because too much friction to the point of sale will reduce customer purchases.
Registrars need net registration growth to afford all the staff needed to meet growing compliance loads.
My little registrar verifies every new customer, so I have no fraud. It’s not to scale, and I call it my “get rich forever plan”.
The benefit of any form of filtering as I do on a large scale for larger registrars is unlikely to bear fruit.
The brand that monitors its own brand may have understood this, and if it hasn’t, that’s unfortunate, but don’t put it in the domain name registration business as another liability .
A malicious individual or group who might seek to perpetrate something as described in this situation would have had no qualms about misrepresenting their intent or the future purpose of the domain at the time of registration.
Be very careful not to put too much in the “DNS Abuse” category.
Comments are closed.