Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: ICANN "Reveal Day" Lists new TLD Applications - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ICANN "Reveal Day" Lists new TLD Applications

As announced before, ICANN today published a list of all new TLDs organizations applied for [1]. Applications had to be submitted by May 30th. Being included in the list does not yet imply that these TLDs will actually be approved and created. This is just another stop in the lengthy process. I counted 1930 new top level domain, which I think is a manageable number. Many of the TLDs use foreign character sets. For example companies like Volkswagen apply for their brand name in chinese (大?汽车). Some other interesting proposals I spotted:

.search : Multiple applicants (Amazon is the company that sticks out among them). and .secure has two applications, one from Amazon and one from Artemis Internet. Google, using a company named"Charleston Road Registry" applied for 101 different TLDs and is the top bidder, Followed by Amazon EU (76) and "Top Level Domain Holdings" (70). The most contested TLDs are "APP" (13 applications), "INC" (11), "Home" (11) and "ART" (10).

There is some criticism that ICANN not only published the TLD and the name of the applicants company, but also full contact details including e-mail addresses.



Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022


4473 Posts
ISC Handler
Jun 13th 2012
Maybe I'm too cynical, but I find it amusing that these companies who trade our personal information like baseball cards are now indignant that we have one of their email addresses.

24 Posts
Hopefully, TLDs like .ANTIVIRUS will not be limited to a single company and will be shared by legitimate providers of antivirus software.
10 Posts
There are many silly things about this whole thing, but some of these are completely redundant. .SCHOOL, .COLLEGE, and even .EDUCATION? What's wrong with .edu?

This is going to introduce a whole new layer of ambiguity.
8 Posts
I thought for sure the black hats would try to register .EXE its not like they don't have the 185k to do it.
1 Posts
@markR: For one thing, .edu is only available to institutions that are accredited by US standards. Very "old school", if I may say so. Details here:

For another thing, a cynic might say that ambiguity may be a design goal for some parties. After all, thanks in no small part to the accreditation requirement, the .edu namespace is comparitively unpolluted -- no fast-flux spammers and scammers in that part of the intertubes.

4 Posts

Sign Up for Free or Log In to start participating in the conversation!