DomainsKenya Website Hacked

One of Kenya's top domain registrar's website has been hacked. Hackers have been having on an open season for the last few months and websites must invest in extra security especially if you are dealing with sensitive users' information eg during domain registrations.

Work can be republished with attribution. Email Us africadomainnames@gmail.com

Final Notice to Renew .Ly Libyan Domains

Registrants of .LY domains had a silver lining during the Libyan war. The .LY registry unilaterally extended the redemption period for .LY domains until the end of 2011, which meant that even domains that had expired early in the year were given an extended grace period until the end of 2011. Well, the end of 2011 is tomorrow! So better pay up and help Libya rebuild its registry and country :) Here is a release from Libyan Registrar Libyan Spider:


The .ly registry has informed us that all domains that have passed the redemption period and that have not been renewed by their .ly domain owners will become available to the public for registration.

As many of you already know, the redemption period was extended to allow for Libyan clients, who were disconnected from the internet during the war, enough time to renew their domains. The redemption period was extended to not only Libyan clients but also for international clients as well. Instead of the redemption period being 2 months, it was extended until the end of 2011.This extension was put into effect since June 2011.

Now that the end of 2011 is fast approaching, the .ly registry has let us know that beginning of 2012, all .ly domains that have not been renewed which have passed the redemption period will be available to the public for sale.

We strongly advise you to renew your domains, that have expired and passed the redemption period, before January 1, 2012 so as to not lose your domains to other buyers. We also strongly advise those who own 3 or less letter domains and that do not have a physical presence in Libya to renew your domains as once they become available you will not be able to buy them back if you do not have a physical presence (address) in Libya.

Libyan Spider will not be held responsible for any losses if a domain (3 letter or less) that has expired and passed redemption period becomes available and is no longer available for registration simply because the original owner does not have a physical presence in Libya. Libyan Spider will also not be held responsible for any losses should a .ly domain become available and registered to a new owner if the original owner failed to renew in time (including due to technical difficulties should the server fail, etc). This is why we are strongly advising you to renew your domains as soon as possible to avoid any problems or losses.

Please consider this notice as a final notice to renew your domains. Please do not hesitate to contact us should you have any queries or comments.

We appreciate your business and wish you all a happy new year. We look forward to serving you in 2012 and thank you for your patronage.
Sincerely,
Libyan Spider team


Work can be republished with attribution. Email Us africadomainnames@gmail.com

KENIC's .ME.KE Promo a Smashing Success!!!

KENIC's December Promotion for the .me.ke second level domain has yielded fantastic results. Just over a month ago, there were 241 .me.ke domains(On 23rd Nov, 2011) in the .ke namespace. The number is now 551, an addition of 310 domains in just one month for a single second level domain namespace!

This has proved that Kenyans will buy and use a .ke, you only have to give them a good reason why(Price Plus Awareness, PPA)

Consumers love Promos and Special Offers and continuous marketing and special offers by registries always goes a long way in increasing domain uptake. I hope there will be more surprises from KENIC in 2012, particularly on the .co.ke second level domain :)

Work can be republished with attribution. Email Us africadomainnames@gmail.com

Watch Out for Cyber Monday Domain and Hosting Offers!!!

Bargain Hunting for Hosting and Domain Offers? Watch out for Cyber Monday

According to Wikipedia, "Cyber Monday is a marketing term for the Monday immediately following Black Friday, the Friday following Thanksgiving Day in the United States" when Americans go on a shopping craze.

But the internet has made the world much flatter and it's not only the Americans who enjoy the privileges of Black Friday Offers and Cyber Monday from the American retailers but the global internet market. Given the global reach of American businesses especially the tech businesses in the Domain industry, many people outside the US will have a chance to grab bargain offers on Monday, the Cyber Monday. Name.com has already promised hot domain offers on Monday but I will be waiting for alerts on my email from more registrars offering domain and hosting offers. Namecheap will also be offering limited time domains for $0.99 , great if you have good bandwidth.I think the November/December months are the best months to purchase your domains and hosting given the never ending red hot offers.


The Cyber Monday has been clouded by some high profile Domain seizures targeting websites selling or streaming pirated or counterfeit merchandise by US authorities but this will  not deter me from grabbing several cheap domains from some of the biggest US Registrars. US stores raked in 52 billion dollars in sales on Black Friday, and on Monday some 76 million Americans are expected to spend $1.2 billion shopping online. They will be joined by one Kenyan :) or maybe more....

CAUTION: Watch out for fake websites, scams and malware. Cybercriminals are also preparing for Cyber Monday.... This website should help you determine if a business is legitimate: http://www.bbb.org/

Work can be republished with attribution. Email Us africadomainnames@gmail.com

Why American Internet Entrepreneurs are so Successful

Busy week but with T.R.A.F.F.I.C. conference commencing in Fort Lauderdale, Florida, I would like to comment on American entrepreneurship culture. American internet entrepreneurs are the most successful in the world. 

A part from the supreme confidence in themselves, Americans also have an open innovative atmosphere that allows entrepreneurs to come together and share ideas and help each other out. Something we lack. Kenyans particularly are evolving into superindividualists, a sharp contrast to our African brothers in the rest of Africa. Old entrepreneurs should mentor the young and share the experiences with the new generation.

This week domain investors from all over the world gather at the TRAFFIC conference in Fort Lauderdale, Florida the biggest gathering of domainers to share ideas on the industry, sign deals, sell domains and party until the wee hours.

As the organizers have said "No conference in the world has ever matched the T.R.A.F.F.I.C. Show for its opportunity and dedication to business; no show has ever made that business happen in a setting so befitting the most profitable investment industry ever!"

 I am wishing for the day we will have a T.R.A.F.F.I.C.  Nairobi for Kenyan Internet Entrepreneurs.


Email Us africadomainnames@gmail.com

COCCA Request for comments : Best Practice Recommendations for Minimising Harm ( and increasing trust ) in small ccTLDs.

Status: Draft Recommendations, posted August 17th, 2011, comment period ends September 03, 2011.

Email your comments to rfc@cocca.org.nz
 

As part of its strategic review to improve security and trust among small ccTLDs, CoCCA is seeking input from interested parties on a number of draft recommendations that reflect the views of the administrators of the Christmas Island, Norfolk Island and Heard Island and McDonald Islands TLDs ( CX / NF / HM - external territories of Australia ) in relation to potential practices available to registry operators seeking to limit potential harm caused by domain registrants.

The recommendations, while appropriate for small ccTLDs, may not be appropriate for large gTLDs or all ccTLDs (such as those which are better positioned to ensure appropriate controls at registrar level).

Recommendation One: "Trust but Verify",  applicants for new registrations must confirm to the registry that they agree to be bound by the registrant agreement and confirm the accuracy of contact details provided by the Registrar to the registry.

Until the Registrant or Administrative contact confirm their contact details with the Registry - and accept the Registrant Agreement  a domain should be excluded from the DNS zone.

Rationale: The CoCCA model differs from the "classic" gTLD shared registry system in that Registrants are bound by a collateral agreement between themselves and the Sponsoring Organization (TLD manager). This collateral agreement binds them to the ccTLD AUP policy, WHOIS policy and Complaint Resolution Service.

Although registrars are required to advise registrants of the TLD policies and conditions, with the prevalence of highly automated registration systems and expansive reseller networks it cannot be guaranteed that registrants have reviewed or agreed to the policy.  A challenge notified to the registrant by email from the registry, ensures that new applicants are made aware of and confirm their agreement to the policies.

In response to the registry’s email notification, the registrant must visit the registry website, acknowledge acceptance of the policies and verify the accuracy of the registrar supplied customer data.

The same process therefore allows the registry the opportunity to verify the accuracy of customer data supplied by the registrar, use dynamically generated images as a challenge-response verification to prevent automated processes activating domains and to directly collect and store additional identifying information about registrants, which can be utilised to control fraud.

Recommendation Two: Ensure that registration policies and terms and conditions limit registrants’ rights to a limited licence to use (but not to sub-license the use of any portion of) the allocated SLD, subject to continuing compliance with all policies in place during that time.

Registrants must warrant they will not assign the licence or sub-license any sub-domain without:

(a) securing the sub-licensee's agreement to the T&C, AUP and all other applicable policies; and

(b) obtaining the registry's consent in writing.

Rationale: It has occurred that registrants have registered a second level domain in order to set up what amounts to a third level registry, effectively sub-licensing to third parties the use of portions of their allocated second level domain..

TLD policy is generally recursive however combating criminal activity in a TLD is complicated if the registry has no information as to the user of the subordinate domain OR any way to suspend a domain in a third level. By way of example in the .CC registry the registrant of "co.cc" reportedly gave away tens of thousands or more subordinate domains for free and these were reportedly often-used for spam or malware. The practice of sub-licensing in an uncontrolled fashion should be prohibited.

Recommendation Three: Fast flux mitigation - queue for manual intervention of any DNS modifications in excess of four in 28 days.

Rationale: This minimises a registrant’s ability to frequently redelegate a domain, in order to overcome service limitations imposed by internet service providers. Frequent redelegation may also assist a malicious user to obscure their identity.

Limiting frequent redelegations enhances the effectiveness of service termination as a sanction by an internet service provider.  In the shorter term other internet users can apply temporary IP address filters.

Recommendation Four: Require manual intervention by the registry operator before domains that contain various strings such as "bank", "secure", "PayPal” etc., go into the zone.

Recommendation Five: Establish and act upon the results of a regular poll against one or more trusted databases for phishing sites operating ( in second level or subordinate domains ) within the ccTLD. Phishing activity most often occurs through a subordinate domain, rather than a directly registered second level domain.  For this reason the registry should query for any wild-card occurrence of a domain that has been flagged as a phishing site or one that contains malware.

Recommendation Six: Explore the possibility of bi-lateral arrangements with local security agencies and law enforcement (eg CERT).

One form of cooperation may take the form of early notification by security agency of malicious content.  Another form of cooperation may be the provision of user information (including historical and non-publicly available information, where available) to the security agency, to assist identification of wrongdoers.

Rationale: The existence of existing arrangements for dealings between security agencies and the registry operator facilitates the ability for both registry and law enforcement to react promptly to threats, promptly minimising harm.

Recommendation Seven: Automated Suspensions ( not seizure or transfer ). The registrant should be given an opportunity to remedy via automated processes, given the time sensitive nature of criminal activity automated suspension based on triggers / flags, or at the request of law enforcement should be enabled.

Critical domains can be manually "Super Locked" in the registry to ensure they are not removed from the zone or suspended inadvertently by automated suspension technology.

Automated suspensions will only be initiated when required to protect the public interest or network integrity. They should not be initiated to simply protect an entity’s or individual’s intellectual or other property rights - those sorts of disputes should be dealt with via a formal complaint resolution service.

Recommendation Eight: Where commercially sensible, or a risk factor has been identified, automated and regular scanning for malware of all domains (or a subset of domains ) in the registry.
CoCCA's  "pamoja" TLD registry solution from CoCCA supports the technical receomendations above. If you are a current or prospective user and need help configuring pamoja please email software@pamoja.tl

Libya's .Ly Domains hit the 10,000 registrations mark

Libya's .Ly Domains are some of the most popular domain names on the web, at least amongst "domain hackers", domain hacks are domain names for which the name plus the extension can be read as a whole word or a sentence. Example is successful.ly tru.ly plus more.

The Libyan .Ly domains is perhaps most recognizable in Twitter's URL shortener bit.ly and other popular social media websites. According to the latest registration numbers, the number of .ly domains is now at around 10074 names. Contrary to what's often reported, many of the .ly domains have not been affected by the war since the .ly rootservers have been distributed across three continents but renewing domain names might be an issue since domains can only be bought via Libya Telecom and Technologies.I will have to confirm with Libyan Spider President Hadi Naser and update accordingly.