Donuts On Its Domain Protection Service, Mitigating Homographic Abuse And Better Protecting Brands And Individuals

Donuts, operator of 239 new gTLDs and managing 5.8 million
domain names, has developed its own service that helps to protect registrants in
its gTLDs from malicious registrations. The service, called Domains Protected
Marks List, or DPML, today protects 3,500 of the world’s largest consumer
brands.

The service was enhanced in 2018 to include logic that
prevents the registration of malicious homograph internationalised domain names
for the entirety of Unicode’s Confusables table, including Latin, Greek, and
Cyrillic scripts.

This week Donuts announced that the table contains more than 6,000 potentially confusing characters, 80 of which appear in both Donuts and Verisign’s ICANN approved Latin script tables. Thus, one can see that the issue stretches beyond the three characters identified by Soluble.ai.

Soluble.ai recently highlighted the ability to register
lookalike or homograph .com domain names. Their researcher Matt Hamilton was
able to register potentially malicious names, including domain names that mimic
global consumer brands, using homographs. After being notified of the
vulnerability, Verisign took action to combat its exploitation by removing
three potentially confusing characters from their Latin script table.

Donuts highlights in their blog post this week one of the domains Soluble focussed on in their study. In the Soluble research study, researchers used the term “Google” where the recent mitigation effort protected 7 potentially malicious domain permutations. But Donuts’ homograph detection identifies and protects 479 permutations of the same name, a sample of five of these permutations are included in the table below.

Donuts asks why not remove all confusable characters from
script tables? The answer is that, as Donuts explains, even though some
characters have the potential to be adopted for malicious use, the characters
themselves are not inherently dangerous.

As Donuts goes on to explain there are many legitimate use
cases for these characters and removing them altogether would leave multiple
localised alphabets incomplete. For example, they note the “dotless i” Unicode
character “ı” (U+0131) is one of the most commonly used malicious character
substitutions for IDN homographs. However, in regular language expressions,
this character has valid uses in Turkish, Kazakhand, and Azerbaijani. These
languages treat the dotted & dotless “i” as separate characters in their
alphabet, and outright removal would prevent full localization of those
languages online.

Donuts recognises that while large brands have resources to
enforce trademarks, individuals and brands of all sizes need protection. So
Donuts are working to expand homograph security coverage so that brands,
individuals, and the rest of our community are better protected from day one.

Donuts plans to roll out comprehensive, sustainable
homograph protection by the middle of 2020. This algorithmic blocking product
will be applied to all existing and future domain registrations. During the
development process, the Donuts compliance team will be working closely with
all registrar partners to remove existing malicious homographic registrations
in the Donuts name space. Additionally, any attempts to register new malicious
homographs in the interim will be identified and resolved in a timely manner.

This latest Domain News has been posted from here: Source Link