The Domain Name System was developed more than 30 years ago as a way to ensure that the brilliant network we now know as the Internet could scale and see adoption. Before the DNS existed, Internet users would need to remember the IP address for every website on the Internet. Research has shown that seven digits tends to be the capacity for human memory (think phone numbers, sans area code) and IP addresses can be twelve — more now with IPv6. The DNS is part of the Internet’s infrastructure, earning it the somewhat unflattering analogy of the plumbing of the Internet. But in truth, its primary role has traditionally been that.

Recently ICANN, the global body that oversees the Internet and authors its policies, announced a plan to make available a throng of new top-level domains. Preexisting TLDs include .com, .net, .org, .co.uk, among many others. Twenty-two in total. The new ones are seemingly designed primarily to help businesses and spur economic activity. The new domains can be grouped into two classifications:

- .xxx: Designated for websites that include pornographic content as a way to easily differentiate them from non-pornographic sites.

- Generic TLDs, or “gTLDs”: Basically turns any brand or term into its own TLD. .Pepsi, .Apple, .Football or .Money, for example.

The release of both new groups of TLDs raises interesting issues for OpenDNS. Today we are the largest recursive DNS provider in the world, with more than 30 million people using our service. (Nearly doubling our traffic in the past 1.5 years.) We’re the innovator in the DNS space, as we introduced the concept of building security directly into the Domain Name System. Phishing protection came first, followed by typo-correction that helps people route around typo-squatting. Then Conficker protection and most recently, the most game-changing malware-blocking service, available to users to OpenDNS Enterprise.

But as we’ve seen countless times, with more ground to cover comes more fraud and crime. Many critics of ICANN’s move to add more domains see the potential for more:

- Cyber squatting, which is the practice of registering a domain using a trademarked brand that doesn’t belong to you. Highly annoying to Internet users and costly to brands.

- Typo squatting, which is like cyber squatting, but using a typo’d variation of the trademarked brand. Also highly annoying to Internet users and costly to brands.

- And generally more cyber crime and confusion among Internet users created by a change to the way domains are structured.

We’ve often said that the bad guys on the Internet tend to be one step ahead of the good guys, making the task of delivering an effective security service both very challenging and in a constant state of evolution. So when supporters of ICANN’s move argue that ICANN has no intention of allowing the new domains to act as a platform for crime, we can appreciate the perspective, but have little confidence that will ultimately be the case. Cyber squatting and cyber crime account for more than $1B in revenue annually, and when that kind of money is at stake, the bad guys find a way to be effective. Scott Pinzon, director of marketing and outreach at ICANN offers the perspective that, “new gTLDs represent a platform for innovation.” And goes on to say, “no one can predict what smart people will do with them. Lots of new business models will be invented. Some will work. Some won’t.” We agree with Scott, but also have a front row seat to the counterpart, sophisticated criminal activity that follows innovation.

Some of you will remember when the country of Cameroon was opportunistically assigned the .cm TLD and wildcarded all .cm domains. The country made a nice profit, but it confused masses of Internet users who’d accidentally made a typo when trying to get to a .com. We acted swiftly and delivered a feature that automatically redirected you to .com when you typed .cm.

In relation to the recent ICANN changes, there’s a great deal we can do as your DNS service to help ensure the Internet remains a safe place for you and yours to browse. It’s unclear at this point how successful these new domains will be and how much traction they’ll see, especially because at an upfront fee of $185k, the new gTLDS are not accessible to everyone.

Have thoughts on the topics above? Agree, or passionately disagree? Predictions for what kind of repercussions the Internet will see? We’d love to hear them in the comments.

How to Block .xxx Using OpenDNS:

In the immediate term, users of OpenDNS services with content filtering that want to block all .xxx domains on their networks can follow a few simple steps. Simply locate your “always block” or blacklist and add “xxx” (without the dot). Hit save and the change will take effect.

One of the many reasons more than 30 million people around the world choose OpenDNS is a feature called automatic typo correction.  It works by automatically redirecting common typos in top-level domains (.com, .net, .edu, etc.) to the right place, so if you type www.google.cmo, and that domain doesn’t exist, we just automatically take you to www.google.com.

Although this feature helps with a tremendous amount of typing mistakes and enables people to stay on-course online, an increasingly popular phenomenon called typosquatting means there are still typos we can’t fix, some of which are much more precarious than a dead end.  Typosquatting is what happens when someone registers a domain that’s nearly identical to that of a popular brand: Twtter.com and Twitter.com, for example. It banks on the idea that a fast-fingered typist may not notice that she’s arrived at the unintended site due to an omitted “i”. And since the typo exists in a real, registered domain, we don’t interfere.

Twtter.com is a particularly tricky example. In the case of this site, the typo — an omitted “i” — might not even be apparent at first glance.  The people who run this site are clearly trying to capture typo traffic destined for Twitter.com.  And regardless of the fact that the site has a URL redirect (the domain in the address bar changes after the site has been resolved), the blatant use of Twitter’s well-known design themes prove the site is aiming to fool people into thinking it’s the real website of Twitter.

Typosquatting is not new, but this sort of high-polish, branded version seems to be on the rise.  In the case of Twtter.com, the Twitter.com imposter, the site’s entire function is to get your contact information. A very appealing offer is presented to answer two survey questions and get what is, by all accounts, an awesome prize: an iPad2. It’s unclear what will happen with your personal information once it’s in the wrong hands — it could range anywhere from being used to send SMSs to your cell phone that you get charged for or simply selling your email address.

As with any online threat, protecting yourself and those people using the networks you manage starts with education.  Here are three tips for outsmarting typosquatting:

1. Use OpenDNS:  It’s the only service that will automatically correct common typos in TLDs, and help ensure you end up at the website you want.  OpenDNS solves a large portion of the problem, and also automatically blocks phishing websites.

2. Watch the address bar:  Legit websites rarely do redirections like Twtter.com does.  Keep an eye on what the site is doing and note suspicious redirects.  Also simply note the URL of the website you’re visiting after you’ve been taken there. Is the site the one you wanted? Did you make a typo?

3. Don’t share your personal information:  If a website offers you a chance to win a prize, simply for providing personal information or taking a survey, be skeptical.  You should never share your personal information online unless you’re on an extremely trusted website.

For businesses, schools and households alike, online safety is of the utmost importance. And it’s all about education.  Know what to look for and you can outsmart much of the bad stuff.  And use OpenDNS and tell others to do the same.

We’d love to hear your thoughts:  We’re considering an opt-in service that would let people avoid these kinds of unintended redirections.  Even in cases like that of Twtter.com, where technically it’s a real, registered website.  What do you think?  Would you use such a service?

OpenDNS’s typo correction feature helps smooth one of the Internet’s daily annoyances. But for URIBLs (a kind of blacklist used by mail servers), typo correction has always been a deal breaker.

No longer!

Back in August 2006, we enhanced our nameserver software to stop doing typo correction for DNSBLs. Now, URIBLs can get the same special treatment. In fact, the popular URIBLs hosted at these three domains already do:

• surbl.org
• uribl.com
• uribl.org

If you previously disabled typo correction so you could use one of these URIBLs, you can now re-enable it.

And if you run a URIBL and would like us to add your domain to our URIBL list, please provide us with details either in the comments here or via our contact form. We’ll keep the latest list in our knowledge base.

By the way, our thanks go to the folks at SURBL and URIBL.COM for their assistance with this project.

I’m doing this blog post in two pieces; a short explanation up top and then a more technical explanation down below. Pick one or read both and learn a bit.

Just the facts

If you want to use OpenDNS nameservers and DNSBLs (DNS real-time Blacklists) on the same server, computer or network, go right ahead. We’ve rolled out a new feature today that allows you to use our much-loved typo-correction service without worrying about blocking email if you’re running a mail server, too. We went ahead and rolled this out as as a system upgrade so there’s no new preference for it. We’ve updated the FAQ entry on mail servers accordingly. Now DNSBL spam prevention and typo-correction go together like peanut butter and jelly (or chocolate… your choice).

If you were previously not using the typo-correction service because you also ran a mail server then head on over to the preferences page and re-enable it.

Talk nerdy to me

DNSBLs carry information about known IP addresses in their zone of DNS. This is often used to combat spam because a mail server can ask a DNSBL “Do you know anything about this IP?” They cleverly use the DNS to make this process quick and seamless. A mail server that gets a request to deliver mail from 192.168.1.2 asks a DNSBL: “Do you know anything about 2.1.168.192.in.yourdnsbl.tld?” and the DNSBL either says “yes I do” or “no I don’t.” The problem is created because when a mail server is using OpenDNS and asks us to correct typos, we interpret the “no I don’t” answer (called RCODE=3 or NXDOMAIN) as a typo that should be forwarded off to our typo-correction service. This causes a mail server to not see the “no I don’t” and instead believe that the answer was “yes I do” which can cause a mail server to block a message thinking it’s from a spam sender. Previously, the only way to fix this was to disable typo correction, one of the benefits of using OpenDNS.

Our solution has been to disable typo-correction for DNSBL-matching requests. What’s a DNSBL-matching request? Any request greater than six labels which has four numerical octets within the IPv4 addressing space for the last-most labels is considered a DNSBL-style request. This wasn’t offered as a preference as turning this off would only lead to confusion, especially with typo-correction enabled.

End of the story? You can get the typo-correction you want and run a mail-server that uses DNSBLs without worrying. Enjoy!