The Domain Name System was developed more than 30 years ago as a way to ensure that the brilliant network we now know as the Internet could scale and see adoption. Before the DNS existed, Internet users would need to remember the IP address for every website on the Internet. Research has shown that seven digits tends to be the capacity for human memory (think phone numbers, sans area code) and IP addresses can be twelve — more now with IPv6. The DNS is part of the Internet’s infrastructure, earning it the somewhat unflattering analogy of the plumbing of the Internet. But in truth, its primary role has traditionally been that.

Recently ICANN, the global body that oversees the Internet and authors its policies, announced a plan to make available a throng of new top-level domains. Preexisting TLDs include .com, .net, .org, .co.uk, among many others. Twenty-two in total. The new ones are seemingly designed primarily to help businesses and spur economic activity. The new domains can be grouped into two classifications:

- .xxx: Designated for websites that include pornographic content as a way to easily differentiate them from non-pornographic sites.

- Generic TLDs, or “gTLDs”: Basically turns any brand or term into its own TLD. .Pepsi, .Apple, .Football or .Money, for example.

The release of both new groups of TLDs raises interesting issues for OpenDNS. Today we are the largest recursive DNS provider in the world, with more than 30 million people using our service. (Nearly doubling our traffic in the past 1.5 years.) We’re the innovator in the DNS space, as we introduced the concept of building security directly into the Domain Name System. Phishing protection came first, followed by typo-correction that helps people route around typo-squatting. Then Conficker protection and most recently, the most game-changing malware-blocking service, available to users to OpenDNS Enterprise.

But as we’ve seen countless times, with more ground to cover comes more fraud and crime. Many critics of ICANN’s move to add more domains see the potential for more:

- Cyber squatting, which is the practice of registering a domain using a trademarked brand that doesn’t belong to you. Highly annoying to Internet users and costly to brands.

- Typo squatting, which is like cyber squatting, but using a typo’d variation of the trademarked brand. Also highly annoying to Internet users and costly to brands.

- And generally more cyber crime and confusion among Internet users created by a change to the way domains are structured.

We’ve often said that the bad guys on the Internet tend to be one step ahead of the good guys, making the task of delivering an effective security service both very challenging and in a constant state of evolution. So when supporters of ICANN’s move argue that ICANN has no intention of allowing the new domains to act as a platform for crime, we can appreciate the perspective, but have little confidence that will ultimately be the case. Cyber squatting and cyber crime account for more than $1B in revenue annually, and when that kind of money is at stake, the bad guys find a way to be effective. Scott Pinzon, director of marketing and outreach at ICANN offers the perspective that, “new gTLDs represent a platform for innovation.” And goes on to say, “no one can predict what smart people will do with them. Lots of new business models will be invented. Some will work. Some won’t.” We agree with Scott, but also have a front row seat to the counterpart, sophisticated criminal activity that follows innovation.

Some of you will remember when the country of Cameroon was opportunistically assigned the .cm TLD and wildcarded all .cm domains. The country made a nice profit, but it confused masses of Internet users who’d accidentally made a typo when trying to get to a .com. We acted swiftly and delivered a feature that automatically redirected you to .com when you typed .cm.

In relation to the recent ICANN changes, there’s a great deal we can do as your DNS service to help ensure the Internet remains a safe place for you and yours to browse. It’s unclear at this point how successful these new domains will be and how much traction they’ll see, especially because at an upfront fee of $185k, the new gTLDS are not accessible to everyone.

Have thoughts on the topics above? Agree, or passionately disagree? Predictions for what kind of repercussions the Internet will see? We’d love to hear them in the comments.

How to Block .xxx Using OpenDNS:

In the immediate term, users of OpenDNS services with content filtering that want to block all .xxx domains on their networks can follow a few simple steps. Simply locate your “always block” or blacklist and add “xxx” (without the dot). Hit save and the change will take effect.

We don’t often take to the blog to talk about some of the more advanced OpenDNS Enterprise security features, like our malware and botnet protection, but we know a lot of organizations rely on them to keep their networks secure. Today, I’d like to talk a little more about how our malware and botnet protection works, and why we’ve started seeing so many organizations move to OpenDNS Enterprise primarily for that added layer of internet security.

As with all of the advanced functionality OpenDNS has built atop our superfast recursive DNS service for businesses and schools – like the Web content filtering, phishing protection, and stats available in OpenDNS Enterprise –  our malware and botnet protection innovates on traditional offerings, and it works on any device connected to the network (including, say, an iPad that an employee brought from home).

OpenDNS blocks malware and botnet attacks before they can infect a network. We aren’t terminating an existing malicious connection, or cleaning up a breach that’s already occurred; as soon as OpenDNS sees an attempted connection to a malicious domain or IP address, we block it. A side benefit is that if an infected device is brought on to a protected network, OpenDNS can make sure that the infection doesn’t spread to other connected devices on the network if they do so via external command and control.

OpenDNS Dashboard Malware Notice

If you’re wondering why this matters: when Vanderbilt University switched to OpenDNS Enterprise in 2010, they blocked 1.5 million malware attacks in the first four months following the deployment. That’s 1.5 million potential data leaks thwarted, and 1.5 million device cleanups avoided.

It’s certainly something to think about, as the threat of malware and botnet attacks continues to escalate.  If you don’t have any malware or botnet protection for your organization, or you’re thinking about adding another layer of protection to your network, consider trying out OpenDNS Enterprise as your first line of defense.

We’ve been hearing some pretty exciting stories from our customers lately and (though we’d love to share them all with you) we’ve selected some of the most interesting to showcase right here on the blog. We’ll be sharing these unique use cases of OpenDNS Enterprise with you over the next few months in a new series we’re calling Field Reports.

We couldn’t wait to share the story of Shafer’s Tours, which flexibly accommodates custom charters and tours for nearly-endless East Coast and Mid-Atlantic destinations. Operating more than a dozen luxury motor coaches, and serving a wide variety of groups that charter the buses and join the tours, the Safer’s Tours IT team was faced with an interesting challenge: How do you secure the Wi-Fi hotspot on a moving target? The team exhausted countless ideas for how they could conserve precious bandwidth onboard the buses, and prevent malware from being downloaded over the network, but they continued to encounter the same two issues: Installing appliances on every bus is cost prohibitive, and no adjustments or monitoring could be made to the network while the buses were in motion.

As luck would have it, Tim Watson, IT manager and safety director for Shafer’s Tours, was separately evaluating OpenDNS Enterprise for use on Shafer’s Tours corporate network. He quickly realized that the unique way OpenDNS Enterprise handles content filtering and malware protection makes it the ideal solution for securing his moving targets, too. In no time, his team was able to set up OpenDNS on both Shafer’s Tours’ corporate network and the individual WI-Fi hotspots for the buses without installing any appliances or provisioning any software. And, because OpenDNS Enterprise settings can be changed remotely, and updates are delivered in real-time in the cloud, they don’t have to worry about waiting for buses to return to home base to make changes.

Since setting up OpenDNS Enterprise, the Shafer Tours IT team hasn’t looked back. But don’t take our word for it. The Shafer’s Tours IT team tells us, “OpenDNS Enterprise is the only service that makes sense.” You can read more about how Shafer’s Tours is using OpenDNS here.

If your company is using OpenDNS Enterprise to solve an interesting problem, give us a shout at Success@OpenDNS.com. We’d love to share it right here.

Technology user groups are awesome. That’s why OpenDNS is announcing a new program dedicated to celebrating the innovation and education taking place at user groups everywhere, and making life a little more delicious for their members. Even though programmers, engineers, IT professionals and SysAdmins are notoriously over worked and under appreciated, many still somehow find time to gather together, share insight and explore new tech tips on a regular basis. There are thousands of user groups around the world that are independently organized and run where people join to share hard-won knowledge and experiences and have a blast doing it.

Each month, OpenDNS wants to buy dinner for a different user group that’s focused on technology. It makes no difference to us whether your group discusses hardware or hacking, speaks JAVA, PHP or Ruby, prefers servers or the cloud, or is a Mac or a PC (or Linux/Unix/Other for that matter). All we care about is that you’re well-fed while you’re talking tech and that you’ve got plenty of caffeine to keep the discussions lively. And, we’ll provide plenty of sought-after OpenDNS stickers to pass around and a few t-shirts to give away!

If you’d like OpenDNS to help feed the hungry crew at your next meeting, just give us the basic details - how often you meet, how many members, focus for the group, helpful links, etc. – and we’ll take care of the rest. In addition to providing some hearty chow, we also want to feature your user group in an upcoming issue of the OpenDNS newsletter, so we can highlight your awesomeness for the masses. This is your chance to share details of your group with millions of OpenDNS users so go ahead and boast.

One of the best things about the OpenDNS Domain Tagging system is that it’s a community effort, and anyone who uses OpenDNS has the opportunity to get involved and make the Internet safer. Each day, the Domain Tagging Community is submitting, voting on and moderating thousands of domains into neatly organized categories. This makes it easier for parents, teachers, business owners and other OpenDNS users to get easy-to-use and comprehensive content filtering. You can read a quick synopsis of OpenDNS Domain Tagging here.

We’ve always tried to make the process of Domain Tagging so easy that anyone – from IT Pros to parents to academics – who wants to get involved can do so easily while committing as much or as little time a they’d like. And now we’ve taken that one step further.

Behold! The Domain Tagging Firefox Toolbar!

Until just recently, voting on domains was done by visiting the OpenDNS Domain Tagging community page.  Now, with the help of the Domain Tagging Firefox Toolbar, anyone can easily vote on domains on the fly!  The process is easy.

1. Get the OpenDNS Domain Tagging Firefox Toolbar.
2. Choose how you’d like to vote on domains. You can either tag the domain you’re currently visiting or you can get more involved by switching to “Random Domain” mode.
3. Once you’re on the domain you’d like to tag, select from one of the 56 categories available from the drop-down menu.
4. Click “Vote Yes.”
5. Pro tip:  Clicking the “Auto-Cycle” checkbox will automatically take you to a new website to vote on once you cast your vote!

That’s all it takes to make the Internet safer! Once a domain gains enough votes, it moves its way into a separate queue where it is then reviewed and finalized by the OpenDNS team and our worldwide army of OpenDNS Domain Tagging Moderators.  The more votes you cast, the more you help to strengthen the OpenDNS Community and sharpen the content filtering blade.

It’s important that before you use the toolbar, you read through the category descriptions to make sure that you fully understand them and read through the toolbar info page for smooth sailing.

So come on down and cast some votes!  The more you vote, the more you help.  And the more you help, the stronger OpenDNS gets for 30+ million OpenDNS users around the world!

In a show of solidarity with the Internet community, a group of popular websites will “black out” tomorrow to demonstrate what the world might look like if SOPA and PIPA pass. Participating websites include Wikipedia.org, Reddit.com, Mozilla.org and BoingBoing.com.

As the world’s largest DNS provider, more than 30 million people rely on OpenDNS to connect to the Internet. Without functioning DNS, you’d need to know the IP address for every website you visit. And lots of parents, schools and businesses rely on our website to manage their DNS and Web security settings. All that said, taking our service or website down for a day is not an effective way for OpenDNS to show our firm opposition to the bills. Since folks on Twitter and elsewhere are asking, we will be showing our support tomorrow, but we will not be taking OpenDNS offline.

What is an effective way for us to show our opposition is to censor search results on our Guide. One component of our service, OpenDNS Guide, helps give users a more thoughtful next step when navigating the Internet than the dead end of a 404 error. So when users of our free services attempt to visit a website that’s having technical issues, we show them search results that are based on what they entered in their search bar.

For one business day starting at 8 AM Eastern time tomorrow, we will randomly redact the text of search results appearing in OpenDNS Guide pageviews. This is not a decision we take lightly and we’re fully aware it can, and will, create a frustrating experience both for our users, and for owners of websites being censored. But with 30 million+ users we have the equivalent of a megaphone on the Internet. We feel it’s our responsibility to demonstrate the near-random methodology SOPA and PIPA propose to determine those websites contributing to piracy, and also what the Internet would look like if their fate was to be blocked.

It seems the efforts of the Internet community are making progress in the fight against these ill-informed bills. The White House issued a response, and now Lamar Smith has followed Patrick Leahy’s example, backpeddling and vowing to remove the DNS-blocking component of SOPA. Keep it up, friends.

The Stop Online Piracy Act (SOPA) and its senate-version counterpart, PROTECT IP (PIPA), are poorly thought-out, ineffective measures that completely miss the mark in their aims to address Internet piracy and copyright infringement. And yesterday, the amassing opposition to these bills won a small victory: Senator Leahy, one of the main sponsors of PIPA, blinked. He backpedaled. Senator Leahy officially committed to an amendment that would investigate the effects of his bill before it’s instituted:

“Through this process, [I] have continued to hear concerns about the Domain Name provision from engineers, human rights groups, and others. I remain confident that the ISPs — including the cable industry, which is the largest association of ISPs — would not support the legislation if its enactment created the problems that opponents of this provision suggest. Nonetheless, this is in fact a highly technical issue, and I am prepared to recommend we give it more study before implementing it.”

It would seem the most knowledgeable people in the world about the Domain Name System and how the proposed technology would impact the Internet — whom are vocal in their opposition to the bills — are finally getting through to Leahy and other legislators. This list of folks includes us, the world’s largest DNS provider. OpenDNS stands firmly against SOPA and PIPA. I’ve spent time in Washington D.C. in an effort to educate decision makers about the detriments that lie ahead should the bills pass. I’ve authored and signed letters. I’ve blogged and spoken out. And our efforts are working.

It’s critically important that Leahy follows through on his commitment, and that everyone in the technical community continues to use their expertise to educate non-technical government officials associated with the bills. Because while Leahy appears to be acknowledging that his bill is imperfect, SOPA co-sponsor Rep. Lamar Smith is standing his ground. “It is amazing to me that the opponents apparently don’t want to protect American consumers and businesses,” he told Reuters. Sadly, his rhetoric couldn’t be further from the truth. Hopefully someone on his staff will show him this blog post to point out the ridiculousness of his bill.

So, a small victory, but for now the battle against both bills rages on.

If you want to get involved, AmericanCensorship.org is an excellent resource.

The holidays are upon us, but it’s not all gift giving, tree trimming and eggnog drinking. This is also the time of year when scammers come out in force. While OpenDNS is the single best way to protect yourself and your loves ones from phishing and forgeries, education is key. To complement our great phishing quiz my colleague Erin posted about here, we’ve compiled a list of the most common, and tricky, holiday phishing scams. Brush up, take note and avoid getting duped.

Scam: Air Travel Deals

With so many travelers still scrambling to buy last-minute air tickets, it’s important to be extremely careful when clicking through to an airline’s website from a promotional email. Phishing websites like this one spoofing American Airlines are not legitimate. The URL for this one, www.aa-advantager.com, is the giveaway — even though it’s close to the real domain (www.aa.com).

Scam: Holiday Shopping

If you’re like me, you’re doing most of your holiday shopping online this year. So it’s no surprise that scammers are spoofing websites like eBay (one of the most spoofed brands in phishing scams all year long) and trying to trick shoppers into entering their login credentials. When doing shopping online, the safest way to get to your destination site is to type its URL directly into your address bar.

Scam: Money Transfers

For better or worse, lots of people skip the gift buying altogether and just give cash. That’s why we’re including money transfer-themed phishes on our list. We can’t stress enough: any time you deal in currency online, be extra careful. The safest way to get to a website is to type its URL straight into your address bar.

Scam: Connect with Loved Ones

No doubt Skype usage increases during the holidays when the revolutionary service is used to see the smiling faces of family members abroad. But we all need to take great caution when phishes this sophisticated exist. Note that while the URL (http://skype.host.org/account/signin_form.php) is very convincing, it’s not the real Skype domain.