Category: News

Let’s talk about DNSSEC

DNSSEC has taken shape, and has become essential in security process recommended by ANSSI as well as the web in general. And yet, it’s a barbaric term that is often scary as we don’t know how it works and what it’s used for. This article will focus on clarifying this term.

The Domain Name System Security Extensions is a standardized protocol of communication allowing to resolve security problems related to DNS. We will begin by a reminder of what is the DNS.

What is the DNS?

Simply put, the Domain Name System is quite like an Internet directory. It’s a service translating a domain name into IP addresses. It relies on a data base distributed to millions of machines. Humans identify, memorize and differentiate more easily names than series of numbers. The DNS has been defined and implemented in the 80’s and has become an essential element of Internet.

 

How does the DNS work?

The DNS will allow web user to inform a domain name in his web browser to access a website. The browser will then “resolve” this domain name to obtain the IP address of the web server which hosts this website and displays it. We call this the “DNS resolution”.

 

DNS resolution 

 

What are the risks related to the DNS?

If the DNS goes down, your websites and emails are going to be unavailable, which is unthinkable nowadays. Other applications can be impacted in the companies: VPN access, intranet, cloud, VOIP… all that potentially needs a names resolution to IP addresses. DNS must be protected and stay highly available.

If the DNS protocol has been created with security in mind, many security flaws of the DNS protocol have been identified since its creation. The mainly flaws of DNS have been described in the RFC 3833 published in August 2004. Queries package interception, fake answer, data corruption, DNS cache poisoning and Denial of service.

To deal with this vulnerability, DNSSEC protocol has been created.

 

DNSSEC issues

DNSSEC prevents these different attacks, particularly cache poisoning, by securing the integrity of the DNS resolution. DNSSEC issues are:

  • How to secure the data integrity and authenticate DNS (resolver, server with authority) and keep backward compatibility with the DNS at the same time.
  • How to secure access security at the resource asked to billions web users?
  • How to find a solution light enough so it won’t surcharge names servers?

 

DNSSEC process

To secure the integrity of the DNS resolution, DNSSEC develops a chain of trust that goes back to the DNS root (refer to the DNS root server image above). Data security is done by keys mechanism (KSK for Key Signing Key & ZSK for Zone Signing Key) which signs DNS records in its own zone. Public keys are sent to the corresponding register to be archived; the register being linked by DNSSEC to the root server, the chain of trust is developed. Each DNS parent zone ensures the keys authenticity of its child zones by signing them.

 

Without DNSSEC                                  With DNSSEC

DNSSEC process

DNSSEC, Nameshield and you:

DNSSEC operates like an essential protection for your strategic names, which secures DNS’ answer authenticity. It would be advisable to identify names that need to be protected. All TLDs don’t propose DNSSEC yet. Here is a list of principal TLDs that does, it can change with many more coming:

TLDs supporting DNSSEC: .fr, .com, .be, .net, .eu, .pl, .re, .pm, .yt, .wf, .tf, .info, .li, .ch, .biz, .de, .sx, .org, .se, .nl, .in, .us, .at, .nu, .la, .ac, .cz, .me, .sh, .io, .uk, .co.uk, .me.uk, .org.uk.

All news gTLDs, like .paris, .club, .xyz, .wiki, .ink, support also DNSSEC.

DNSSEC is included without supplement in Nameshield DNS Premium offer. Nameshield supports you in this process to secure your immaterial assets and manages the integrality of the DNSSEC protocol for you, from keys creation, to storage and renewal.

It’s not the only answer to set, registry lock system, DNS Premium service, SSL certificates are complementary solutions to implement, we will have the opportunity to discuss it in other articles or in the next nameshield.cafe.

 

What is the appropriate way to deal with inappropriate content on the internet?

The internet is a great place to find content of all sorts. Videos of cats doing crazy stunts, memes, thought provoking lifestyle messages. But this rich availability means ease of access to a wide variety of inappropriate content.

Inappropriate content means any material that is disturbing, improper, and just wrong. It can be images of real or simulated violence or of a sexually explicit nature. Recently there have been concerns raised around disturbing YouTube videos. These strongly resemble videos of popular cartoons but contain disturbing and inappropriate content not suitable for children. In some cases the videos are parodies, some are clear cases of copyright infringement where unauthorised use is made of authentic cartoons or characters, most are simply not aimed at an audience of children.

So what is the best way to deal with cases that you discover?

Google and social media sites offer reporting tools highlighting inappropriate content and copyright or trademark infringement cases.

A copyright infringement submission is a legal process and only accepted from the right owner or their authorised agent.  But it is essential to consider if the content is being used fairly. Fair use generally covers adaptations of original works for the purpose of parody or comment. Parodic uses of copyrighted works are normally justified by freedom of expression but the key factor is that the public must be able to differentiate between the works. If the content is being used fairly then it is best to avoid submitting what might be considered a false claim and maybe even provoking further parodying activity. In summer 2015 the artist Banksy launched the clearly satirical Dismaland, an obvious play on words and “look and feel” of Disneyland, but Disney (sensibly) remained silent.

 

Dismaland

 

Inappropriate disturbing content should be flagged using the platform system. YouTube takes feedback very seriously and they appreciate people drawing attention to problematic content and make it easy for anyone to flag a video.  Flagged videos are manually reviewed 24/7 and any videos that don’t belong are removed within hours.  In addition they have a YouTube Kids app which helps limit access to flagged content.

Of course no filter is 100% accurate and nothing replaces vigilance. Careful monitoring can help ensure that your copyright protected content is not being used unfairly and allow you to submit takedown notices. But there is no product which can ever replace parental awareness.

 

YouTube

Towards a 100% encrypted web, the new challenges of HTTPS

Between Mars, 2016 and Mars, 2017, Let’s Encrypt has issued 15 270 SSL certificates containing “PayPal” term, 14 766 of these certificates were issued for domains leading to phishing websites. It’s the result of the recent analysis led by Vincent Lynch, SSL expert.

 

Paypal fake or real

 

Lynch was closely interested in this case, after an interesting article published by Eric Lawrence (Google Chrome Security Team) in January 2017, the image above is from this article named “Certified Malice “which exposes deceitful SSL certificates and counts “only” 709 cases for PayPal and much more for big American brands: BankOfAmerica, Apple, Amazon, American Express, Chase Bank, Microsoft, Google…

What’s the impact on web users?

In January 2017, Google and Mozilla have updated their browser with Chrome 56 and Firefox 51, and a major change has appeared for web users: “Secure” and “Not secure” have appeared in the address bar.

In 2015, the initiative Let’s Encrypt, supported by big names of Internet (EFF, Mozilla, Cisco, Akamaï…) was created with the purpose of massively and freely spreading SSL certificates to the whole world. One year and a half later, Let’s Encrypt issued millions of certificates and other initiatives have followed.

Who says free, says few or no verification for delivering certificates, and an army of cybercriminals who rush towards these certificates to secure their illicit contents: phishing, malware… and show the term “secure” on their address bar. How can the random web user easily differentiate between real and fake?

For reminder, there are three verification levels for certificates allowing to show HTTPS: Domain Validation (DV) considered as low authentication, Organization Validation (OV) with high authentication and Extended Validation (EV) with strengthened authentication.

Free certificates are DV, and represent almost 90% of certificates, most of the time on “small” websites. OV certificates (9%) and EV certificates (1%) are fewer but protect almost all websites with high traffic. GAFA (Google, Apple, Facebook, Amazon), are all in OV or EV for example.

SSL Certificates - DV OV EV

The problem for web user is the lack of distinction in browsers between DV and OV certificates. These two types are shown the same way, as being “secure”, but EV certificates display the name of the certificate’s owner in the address bar.

By looking at the image at the beginning of this article, we understand easily the concern on EV for PayPal: to easily differentiate real from fake. This is the reason why Nameshield will systematically advise the use of EV for display website, in particular for their clients exposed to cybersquatting, phishing or counterfeit.

 

Two forces opposed for the future of HTTPS

Sadly, things aren’t so simple, and where logic would like to differentiate clearly between the three types of certificates, or at least two types (DV/OV), Google disagrees and wishes, on the contrary, to suppress the EV display altogether. Chris Palmer (Senior Software Engineer for Chrome) subtly confirms this point in his article published here.

Today we are in a situation where Historical Certification Authorities, Microsoft and to a smaller extent, Apple, are facing Google, Mozilla and Let’s Encrypt in a perspective resumed here:

 

Google/Mozilla/Let’s Encrypt perspective:

 

HTTP = not secure

 

HTTPS = secure

 Historical Certification Authorities/ Microsoft/Apple perspective:

HTTP = not secure

HTTPS DV = no sign in the address bar

HTTPS OV = secure

HTTPS EV = company’s name in the address bar

 

Inside the higher authority of SSL, the CAB/Forum, the discussion is still opened at this moment. We can easily understand that Certification Authorities look unfavorably at the end of the visual distinction between DV/OV/EV in browsers, it’s their purpose to deliver certificates with high authentication, but is it wrong? It’s to reassure the web users by securing the identity of the website they visit.

In the opposite, Google and Let’s Encrypt don’t hesitate to say that phishing and guarantee of website content, don’t depend on Certification Authorities, and that there are other systems responsible for that (for example, Google Safe Browsing). Therefore we have to have a binary perspective: exchanges are encrypted and inviolable (= HTTPS = secure) or they aren’t (= HTTP = not secure). We can simply wonder by this perspective, which defends itself, if it’s not a semantic problem of the used term “secure” instead.

What does “secure” mean for web users? By seeing “secure” in their address bar, do they enter their login/password or credit card numbers? We can think that yes, they do, and in this case, actual risk does exist. Kirk Hall (Director Policy and Compliance – SSL, Entrust) has done a noticed intervention at the last RSA conference on this subject (if you have time, the record is here).

You can’t neglect financial industry weight and big companies which look unfavorably at the growth of fraud online risk, Google can’t ignore that.

 

How to reassure web users?

For the time being, we can only encourage you to choose Extended Validation certificates for your display websites and/or your e-shop in order to facilitate web users’ tasks and to stay informed of what’s going on on the web. To reassure and educate web users by mentioning on your website the choice you have made in security and authentication.

As you probably monitor domain name registrations on your brands, today you can also monitor certificates registrations so you can react quickly.

And as web user, when the term “secure” is mentioned in the address bar, systematically control the certificate’s details to see who the owner is.

The launch of .AFRICA

After more than five years of legal dealings and battles, South African organization .ZA Central Registry (ZACR) is now designed to commercialize the internet extension “.AFRICA” which will be opened to all. As presented by Koffi Djossou, member of UNIFORUM ZACR, future domain names in .AFRICA will “promote African companies, people and culture on Internet”. President of the African Union Commission Nkosazana Dlamini Zuma, has already saluted the end of this battle as the moment when Africa “has finally acquired its own digital identity”.

 

new gTLD .africa

 

We will go back to present the facts: in the application call for new extensions launched by ICANN, they were two to claim the .AFRICA. On one side, we have South African national extension operator .ZA (ZACR). On the other side, we have an African/American business woman Sophia Bekele, the DotConnectAfrica (DCA) founder.

With the geographical and cultural nature of the .AFRICA, the extension couldn’t be sold by bidding. So ICANN has required the participants to obtain the support of at last 60% of the concerned region governments. After this, ZA Central Registry (ZACR) has benefited from many official supports (39 African governments) like the African Union. While DotConnectAfrica (DCA), has been the object of many mails opposed to this “dissident application”.

In early 2014, ICANN has finally given the delegation of the .africa domain to ZA Central Registry (ZACR). At that time begins this unprecedented judicial marathon, after DotConnectAfrica (DCA) submits a claim against ICANN for fraud and unfair business practices. DotConnectAfrica (DCA) has requested to the United States Federal Court to stop ICANN from giving the delegation of .africa domain to ZA Central Registry (ZACR) during the trial.  Even if the last request was finally denied, the claim against ICANN is still ongoing…

This highly political saga has ended in February 15th, 2017 but for ZA Central Registry (ZACR), the work begins now: to make of .Africa a real banner of the African continent.

Find more information on http://nic.africa/ or contact Nameshield regarding the conditions and the open period for the registration of your .AFRICA.

Alibaba’s use of technology to fight counterfeit reaps first rewards

In December 2016 Alibaba was placed on a US blacklist for fakes. A US industry watchdog called the company’s Taobao website (the world’s largest e-commerce platform) a “notorious” market for counterfeiting and piracy. Now Alibaba is diligently combatting this label. Via a program called Operation “Cloud Sword” big data technology such as advanced algorithms, machine learning, optical character recognition (OCR), and mapping technologies, is used to generate clues to help identify and take down fakes.

In January Alibaba sued two fake Swarovski watch sellers who allegedly link merchants with people willing to falsify purchases and write positive comments on its Taobao e-commerce platform for violations of goodwill and contract. The company claimed 1.4 million yuan, or about $201,000, in damages. Shenzhen police raided the seller and confiscated about 125 counterfeit watches after Alibaba’s claim. Alibaba used gathered and analysed data to identify the counterfeit Swarovski merchants and subsequently purchased a watch from the seller in a test-buy program.

Zheng Junfang, chief platform governance officer of Alibaba Group said. “We will bring the full force of the law to bear on these counterfeiters so as to deter others from engaging in this crime wherever they are.”

Has President Trump’s executive order on ‘Public Safety’ killed off Privacy Shield?

Governments rightly accord great attention to the importance of privacy and human rights but are also cognisant that there are situations where public authorities require access to the content of electronic communications. Three decades of negotiations and agreements on what constitutes acceptable levels of sharing of personal data and communications between the US and Europe resulted at the start of 2016 in the Privacy Shield agreement which provided obligations to protect and monitor the shared personal data of Europeans.

In his first week in office President Donald Trump signed six executive orders (Obama managed 5 in the same period). The order “Enhancing Public Safety in the Interior of the United States” has caused a huge reaction and controversy due to the attempted ban on citizens from seven countries but there are also important implications for data protection and human rights beyond those boarders.

Section 4 of the Executive Order instructs agencies to employ “all lawful means to ensure the faithful execution of the immigration laws of the United States against all removable aliens”. And Section 14 states that “agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information”.

These sections relate to all visitors and foreign nationals irrespective of nationality. A removable alien refers to all non-USA citizens. The Order makes it quite easy for any non-USA national to be considered a risk to public safety and therefore become a legal subject for agencies to access the content of electronic communications and personally identifiable information.

Fundamental stipulations of the Privacy Shield agreement are that companies operating in the EU can only share and send personal data to “third countries” outside the EEA if they guarantee adequate levels of protection, ensure equivalence of privacy protections for European citizens’ data in the U.S. and that the monitoring remains necessary and proportionate (unlike the U.S. Government mass surveillance programs which led to the invalidation of the Safe Harbour agreement). The essence of the fundamental right to respect for private life must not be violated.

By considering any non-USA citizen as a removable alien it is difficult to see how the equivalence of protection for US and EU citizens can be ensured.

HTTPS and SSL: Google continues its offensive

https-chromeChrome 53 launched on 31 August 2016 and with it Google is continuing its offensive for a safer internet.

With its Chrome navigator, Google signals even more clearly when as site does not use httpS on its landing page. And the version to come will continue in this vein barring purely and simply HTTP with a Red cross. This  ‘ugly defacement’ will be difficult to accept on corporate websites, in particular well-known brands.

Http Cdiscount
Website http
Https Amazon
Default httpS website
Https Nameshield
Website httpS EV (Extended Validation)

Firefox has already announced a similar measure. Add to that the httpS as an additional factor in SEO and the inclusion of httpS for personal data entry pages in the results for Google shopping, if you have not yet considered it, it’s time to prepare to migrate your web site to a more secure environment.

Why adopt HTTPS now?

  • It is becoming essential.
  • It is good for your online image, especially with Extended Validation (Green Address bar).
  • The transition from HTTP to HTTPS is becoming more pressing and it is better to prepare for it now rather than as a matter of urgency.

What will the navigation bar look like in January 2017?

On the pages of websites offering HTTP password entry or accepting credit card details there will be a small warning graphic and will feature the text  “Not Secure”.

Going forward, What Chrome proposes to display

For all websites, Google’s ultimate goal is to display the not secure wording for all HTTP pages.

Note secure

Source : https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html

The Nameshield team can assist you in selecting the most appropriate SSL certificates for HTTPS, contact your account manager to discuss.

Sponsored Links – an opportunity and a threat to your brand

21666662780_27f0e79d81_bTitle : Adwords – Author : Christophe Benoit – Photo : licence CC BY 2.0 – www.tyseo.net

What is a “Sponsored Link”?

It’s a paid advertisement in the form of a hypertext link that shows up on search results pages. The ads are typically for products and services that are generally or very specifically related to the keywords in the search query.

The most well known sponsored links, Google Adwords, is an advertising service offered by Google for businesses wanting to display ads on the search engine and its advertising network. Businesses set a budget for advertising and pay when people click the ads.

Google Adwords, is an advertising service offered by Google for businesses wanting to display ads on the search engine and its advertising network.

What appears on your screen when you use an online search engine?

Results returned by a Search Engine typically fall into 2 categories:

  • Sponsored links (adwords): The customer bids on keywords and the advert (usually a small amount of text and a hyperlink) is displayed in a priority position, but only if the searched keywords match those that have been purchased by the advertiser.
  • Organic search listing: The results in this listing are based upon the relevance of the content on websites that have been referenced by the search engine being used.

On Google’s search results page, the two types of results are displayed differently

  • Sponsored links (adwords) are posted at the top of the list of results with the heading “AD”
  • Organic results are displayed in an order that depends upon how well they match the search query.

google_linksThe criteria taken into account by Google in order to display sponsored links are the same as organic listings in addition to taking into account the geographic location of the searcher.

Adwords can be purchased on a specific geographical area (a continent, country, region or city). Google uses the IP address of the computer on which the search request is being submitted to determine which sponsored results to return.

“Google designed Adwords to be a fully automated service that facilitates the selection of keywords and advert creation.”

Google’s Adwords service

The search engine that is targeted the most by unauthorised practices is Google that, for scalability reasons, designed Adwords to be a fully automated service that facilitates the selection of keywords and advert creation.

Given that, in the last quarter of 2014, sales of Google Adwords were estimated to be $10.50 bn on a net total revenue of $16.96 for the year, we can better understand the importance of this service.

Google is acting only to host the advert on its advertising network and therefore its responsibility is limited.

In order to avoid abuse, it is essential that the advert which appears after having typed a search term allows the normal internet user to know whether the Adword, which is promoting products or service, belongs to the brand owner, is a business linked to the brand or a third party organisation. It sits with the advertiser to choose one or more keywords, which determine when the advert is displayed. Therein lies the subtlety of Adword definition.

In this case, Google is acting only to host the advert on its advertising network and therefore its responsibility is limited with respect to inappropriate or adverts linking to counterfeit goods. Indeed, to determine the liability of a search engine, a judge must look at the degree of automation in order to determine whether the role of the operator   is neutral or not. If there is no control of stored data, liability of the search engine operator cannot be proven.

Various court rulings have declare that Google was not a counterfeiter despite proposing keywords, which reproduce distinctive marks (including registered trademarks) by storing and displaying adverts based on keywords. According to the courts, Google does not use these Keywords “in its own business communications”. That is to say, that Google makes keywords available to third parties but does not use that in its own publicity.

Court cases related to Adwords

With most Pay-Per-Click (PPC) programs on search engines, it is easy to buy competitors’ brand names as a keywords. For ethical reasons, this practice is not recommended. However, some less scrupulous companies do not hesitate.

Internet abuse, such as traffic diversion, cybersquatting, copycat website and counterfeiting products and services are still widespread on the Internet. However, on sponsored links, brand hijacking remains the most prevalent.

On sponsored links, brand hijacking and traffic diversion are the most common forms of abuse.

Brand hijacking can take two forms:

  • An advertiser buys a registered trademark as a keyword in order to have its adverts displayed when Internet users are searching for a particular brand
  • An advertiser places the brand in the text of its sponsored link advert which appears prominently on the search engine results page

These infractions have resulted in a number of well-publicised court cased where the definition of an Adword was recalled, such as:

These cases demonstrate the importance of the presentation of the advert so that it does not reproduce, in any way, a trademark registered by a third party in the Advert. In doing so it must not deceive the average consumer of the essential representation and functioning of the mark (as a function of its origin, as a function of its promotion, as a function of the investment in and reputation of the mark).

In the face of these very real threats, what steps should brand owners take?

It is essential that a brand owner files one or more trademarks for their brand. In order that proof of registration can be submitted in any complaint to the search engine or Advertising Network provider or in launching a legal action.

Recent court cases reinforce the importance of presenting an advert so that it does not reproduce, in any way, a third party registered trademark.

Reduction of brand risk is all about speed. It is as much about speed of detecting an infringement or fraudulent practice as it is about selecting the appropriate remedial action.

It is therefore important to actively monitor sponsored links for infringements rather than waiting to be made aware of an infringement by a disgruntled prospective customer who has purchased a counterfeit product in error.

Monitoring of Adwords should be a part of a multi-layered brand protection programme that is right for your business. Such a programme may include some or all of the following elements: Trademark monitoring, domain name monitoring, website discovery, search engine monitoring, content monitoring, sponsored link discovery, social network monitoring, and affiliate control.

Monitoring of Adwords should be a component in a multi-layered brand protection programme that is constructed for your particular business needs.

Building a brand protection programme that fits the needs and risk profile of the brand puts you in control of threats to your brand and allows you to respond with an appropriate level of rapidity and robustness.

If you have discovered a brand infringement on a Sponsored link network, it is important to know that it is possible to request that the hosting network remove adverts that misrepresent or use identical or near identical terms contained in a registered trademark. If your brand is suffering from widespread infringement and abuse such activities can be outsourced to specialist online brand protection which can handle as much or as little of the brand protection operation as the brand owner desires, from a simple detection service to a full suite of detection, analysis and enforcement capabilities.

Building a brand protection programme that fits the needs and risk profile of your brand puts you in control of threats to your brand and allows you to respond with an appropriate level of rapidity and robustness.

Why are Dot Brands dragging their feet?

Ok so here’s the thing, we’re over 2 years into the new gTLD rollout now, a new era of the Internet, and everything seems to be going swimmingly…. Or is it?

On the face of it, momentum is building. Over 16 million domain names registered in the past 2 years and 60% of them would still have been available under a .com e.g. nameshield.website and its .com equivalent nameshieldwebsite.com. That’s great because it means that New gTLD domain names are being registered instead of the equivalent .com.

But there is still one thing lacking, something I have been quite vocal about in the past, and that is the fact that very few people actually know that there has been a fundamental shift in the naming infrastructure on the Internet.

To put in another way – the general public don’t know about new gTLDs.

Two years down the line and society is still living in the dot com age and will continue to do so until the .BRAND applicants start to use their gTLDs in their marketing, promotional and operational activities.

“WWW, shhhh, dot com, dot org.”

                      Dr. Evil, Austin Powers Goldmember 2002

What has changed in 14 years?

A new .brand of concern

Here is where things start to get a bit more worrying. Of the 589 .BRAND applications received, 558 of them have signed their ICANN contracts, 289 of them have been delegated and are live on the Internet but only 64 of them are in active use and most of those still redirect to the corporate homepage, usually a .COM!

One of the most prolific .BRAND registrants is Bradesco (a Brazilian Bank) and that has an underwhelming 90 .bradesco names under management. Despite this poor showing, it is the banking sector which is leading the way. BNP Paribas, for example, has been very active promoting its .bnpparibas domain extension e.g www.histoire.bnpparibas and www.mabanque.bnpparibas

www.Epic.Fail?

One notable, and unfortunately a rather embarrassing, example of how the .BRANDs should be promoting their domain extensions is www.booking.com which spent a fortune on its highly successful booking.yeah advertising campaign.booking.yeah-pr-still-5

The booking.yeah campaign is a shining beacon to .BRAND owners, lighting the way with a clear, concise and powerful example on how to use your new gTLD to maximum effect.

Unfortunately, no-one thought to inform the Booking.com marketing department that they could actually own the .YEAH domain extension and so this multi-million dollar advertising campaign, which is centred around a really great and very memorable domain name ‘booking.yeah’, does not and cannot resolve to a website because no one actually applied for .YEAH.

use it or lose it!

The clock is ticking for those that own a .BRAND. Not simply because there is a time limit before the registry has to be operational, nor because domain extensions have to be operated for a minimum of 10 years, but because there will undoubtedly be another round of applications.

At present owners of a .BRAND are in a privileged competitive position online when compared to counterparts which failed to apply for a .BRAND. For example, Nike owns .NIKE whereas Adidas did not apply for .ADIDAS.

There is a limited window of opportunity to steal a march on the competition in a big way by ushering in the Not Com era.

.BRAND owners know that while they procrastinate, dither and generally do nothing with their expensive and highly valuable Internet asset they are frittering away the opportunity to put clear water between themselves and their competitors online.

So why then aren’t more .BRAND owners rushing to promote their new internet address?

If I’m honest, I believe it is because to date, the champions in the majority of .BRANDs applicants have been those that understand and are responsible for the legal, technical and risk reduction benefits of owning and operating a Top Level Domain rather than the outward facing sales, marketing and strategic positioning benefits that operating a .BRAND can bring.

In my experience, when the Sales and Marketing functions truly understand what you can actually do with a .BRAND, when it is closely aligned with marketing campaigns and business development strategies, the real power of the Not Com era becomes blindingly obvious.

Andy Churley,
CMO Nameshield Group

Car Brands: are they taking a leading role in the new Internet?

A ‘plethora’ is defined as a “large or excessive amount of something” and is usually followed by the qualifier “of.” Car manufacturers certainly fall into that category, as I found out recently when looking at replacing my worn-out old jalopy.8992635580_89a79ce84b_n

A plethora can also be used to describe domain extension, with the advent of new gTLDs (where the term after the final ‘dot’ can be almost anything) there is certainly a plethora of those nowadays! This naturally led me to pose the question “How many of one plethora is a part of the other plethora?”

So, after comparing the complete list of new gTLD applicants against the complete list of car manufacturers we find a surprising result …40!! Yes 40!

If BMW is an indicator of what is to come in the evolution of the automotive industry online (with its innovative new .Brand websites, notably www.next100.bmw) other car brands have already pulled the plug. Take, for example GMC which, for reasons known only to itself, pulled the plug on 5 applications. While the French car industry did not submit a single application, at least they didn’t withdraw any!

The list of new gTLD applications for auto brands is as follows:

  • .SEAT
  • .AUDI
  • .VOLKSWAGEN
  • .BUGATTI
  • .LAMBORGHINI
  • .大众汽车 (“Volkswagon” in Chinese)
  • .FORD
  • .LINCOLN
  • .CHRYSLER
  • .DODGE
  • .JEEP
  • .RAM (application status ‘on hold’)
  • .FIAT
  • .ALFAROMEO
  • .MASERATI
  • .LANCIA
  • .FERRARI
  • .ABARTH
  • .BENTLEY
  • .BUICK (application withdrawn)
  • .CADILLAC (application withdrawn)
  • .CHEVROLET (application withdrawn)
  • .CHEVY (application withdrawn)
  • .GMC (application withdrawn)
  • .DATSUN
  • .NISSAN
  • .INFINITI
  • .HONDA
  • .HYUNDAI
  • .JAGUAR
  • .LANDROVER
  • .KIA
  • .LEXUS
  • .TOYOTA
  • .MINI
  • .BMW
  • .MITSUBISHI
  • .SUZUKI
  • .TATAMOTORS
  • .VOLVO

A little stir of the pot

Other related generic internet extensions exist (which don’t belong to the car brands) such as .CAR – .CARS – .AUTO – .AUTOS – .CARINSURANCE – .RACING – .LIMO et .GOLF (presumably related to the sport rather than the VW car).

There are also a number of auto related .Brands such as .DUNLOP – .GOODYEAR, as well as auto parts makers such as UCONNECT, .MOPAR et .SRT.

All in all, the auto industry is well represented for their online future. Far more so than many other industries.

So, when the brands, whether they are car manufacturers or not, begin to use these domain extensions as a core element of their online presence, we can all hope that other new gTLD owners such as .NIKE follow their lead and we can all leave the ‘Dot Com’ era behind us and welcome in the ‘Not Com’ epoch.

As for the absent French car manufacturers, there is nothing to do but prepare for the next application round. But make sure you start your preparations now!!