December, 2016

now browsing by month


What You Should Do If You Receive A Suspected Fraudulent ICANN Email


Fraudulent ICANN emails

Criminals impersonate trusted senders in email to gain your trust so they can obtain access to sensitive data. These phishing emails may appear to come from various sources including ICANN, your registrar or registry, or other business partners.

The security of our community remains one of our key priorities. While ICANN takes steps to investigate certain types of misuse, you must take steps to protect your personal information at all times. Fortunately, there are ways you can make sure a specific email really comes from ICANN.

Suspicious emails

Phishing and scam emails typically use deception such as forging a trusted sender’s address or domain or using a similar or lookalike domain. Scam messages typically ask for the reader to reply, call a phone number, click a link or open an attached file to steal personal information.

If you receive a suspicious email, please FORWARD it to Our team can take a look to determine if it's a fake. If it is, we'll work to get the source of the email shut down if possible. Reporting these emails helps protect the entire ICANN community.

Note: Please FORWARD the suspect email –– don’t cut and paste the contents, because valuable tracking information about the source will be lost.

We've provided some hints about identifying fake email below, but scammers adjust their tactics. So, if you have any doubts, please forward suspicious email to our Global Support team for review.

If you receive a suspicious email appearing to come from ICANN:

  • Avoid clicking on links or opening attached files.
  • Forward suspected scam messages immediately to with "suspected phishing" in the subject line.
  • If possible, include a copy of the suspicious message with headers (see links to guides below). Our support team will reply to your message as soon as possible.

Things to consider in reviewing email from ICANN:

  • Legitimate email messages sent from ICANN will not come from another domain, such as "" or "".
  • Be suspicious of any email that offers domain renewal services from ICANN. ICANN does not process domain registrations or collect fees from registrants directly. All fee collections are transactions between the registrar and the registrant.
  • ICANN will not send domain registrants WHOIS Data Reminder Policy (WDRP) messages directly. If you receive an email about your domain that purports to come from ICANN, contact your sponsoring registrar directly for any concerns about the status of your account.
  • Ask your email provider if they can use the ICANN SPF record to check which senders are authorized to use our domains and help filter out spoofed senders.

Ways to spot fake email:

  • A false sense of urgency. Scams often tell you that your account will be in jeopardy if something critical is not updated right away.
  • Fake links. These may look real, but they can lead you into trouble. Check where a link is going before you click by hovering over the URL. If it looks suspicious, don't click.
  • Attachments. A real email from ICANN will never include an attachment or software. Attachments can contain malware, so you should never open one unless you are 100% sure it's legitimate.

To learn more about phishing:

Guides for viewing Email Headers:



ICANN59 Fellowship Application Round Now Open

ICANN launches the application round for ICANN59. This round is open only for Fellowship Program Alumni, those who have previously completed an ICANN Fellowship, as it is a Community Policy Forum The meeting takes place from 26-29 June 2017 in Johannesburg, South Africa. The deadline to apply 27 January 2017 at 23:59 UTC. Successful candidates will be announced on 24 March 2017 on

The Fellowship Program

The ICANN Fellowship Program seeks out those who are interested in, or already engaged in, the various components of ICANN's work in policy building, the operation of the Domain Name System and the security and stability of the global Internet. The goal of the Program is to help create a broader base of knowledgeable constituents to engage in the ICANN multistakeholder process and become the new voice of experience in their regions and on the global stage.

Since its creation in 2007, the Fellowship Program has built a strong group of individuals who are actively participating in all of the ICANN communities as well as various Internet governance entities within the Internet ecosystem. Their engagement ranges from writing articles and blogs, providing online or in-person public comment in regard to bottom up policy building, engaging in Internet conferences and panel discussions, lifting a pen in working groups, mentoring newcomers, assisting our regional leaders and becoming leaders themselves.

Click here for more information »

Proposed Renewal of .MOBI Sponsored Registry Agreement

Open Date: 23 December 2016 Close Date: 1 February 2017
Originating Organization: Global Domains Division
Categories/Tags: Contracted Party Agreements
Brief Overview: ICANN is posting for public comment the proposed agreement for renewal of the 2005 Registry Agreement for .MOBI, which was originally set to expire on 19 October 2015. The Registry Agreement for .MOBI was extended to permit additional time for the parties to finalize the proposed terms for renewal. Accordingly, the Registry Agreement for .MOBI will expire on 31 March 2017. The renewal proposal is a result of bilateral discussions between ICANN and Afilias Technologies Limited (the Registry Operator for the .MOBI TLD).

Информация об отчетности, касающейся обеспечения прозрачности ICANN

Прозрачность является основой успешной работы модели с участием многих заинтересованных сторон, а в условиях, сложившихся после передачи координирующей роли в исполнении функций IANA, обеспечение прозрачности приобрело еще большую важность. Понимая это, ICANN считает обеспечение прозрачности одной из своих стратегических целей наряду с подотчетностью и этическим поведением — все это тесно связанные между собой и чрезвычайно важные компоненты деятельности организации. Глобальное интернет-сообщество продолжает свою работу по обеспечению подотчетности и прозрачности ICANN в рамках деятельности сквозной рабочей группы сообщества по обеспечению подотчетности: рабочий поток 2 (группа CCWG WS2), однако и ICANN как организация также реализует определенные улучшения. К ним относятся выполнение рекомендаций второй группы по анализу подотчетности и прозрачности (ATRT2 [PDF, 3,46 МБ]) и усовершенствование отчетности, касающейся достижения связанных с этим стратегических целей.

Группа ATRT2 выявила необходимость подготовки «некоего отчета, который затрагивал бы широкий круг вопросов, связанных с обеспечением прозрачности ICANN, а также содержал бы соответствующие показатели, облегчающие обеспечение подотчетности», а также предложила насколько дополнительных рекомендаций по усовершенствованию прозрачности. Различные улучшения, направленные на усовершенствование прозрачности, уже были реализованы. К примеру, всеобъемлющее разъяснение практики публикации документов ICANN опубликовано в настоящее время на сайте, а отчеты о продвижении в выполнении рекомендаций по итогам целевой проверки публикуются ежеквартально (см. ATRT2, SSR, WHOIS). В рамках выполняемой параллельно работы ICANN усовершенствовала отчетность о ходе достижения стратегической цели [PDF, 1,65 МБ], заключающейся в обеспечении этического поведения, подотчетности и прозрачности, предусмотренной для панели управления ключевыми показателями эффективности (см. цель 5.2).

В дополнение к этим улучшениям ICANN до начала конференции ICANN58 опубликует первый ежегодный отчет об обеспечении прозрачности, чтобы заинтересованным сторонам было проще находить и понимать информацию об усилиях ICANN, направленных на обеспечение прозрачности. В этом отчете будут представлены общие сведения о деятельности, проводимой в связи с обеспечением прозрачности по всей структуре организации, с возможностью просмотра детализированной информации в тех случаях, когда это практически осуществимо. Этот отчет будет содержать информацию, относящуюся к практике публикации документов ICANN, а также к многочисленным другим направлениям работы, демонстрирующим прозрачность, например, к публикации прошедших аудит финансовых отчетов, операционных планов и бюджетов, к ходу выполнения задач по удовлетворению потребностей сообщества ICANN, говорящего на разных языках, а также к сведениям о ежеквартальных конференциях заинтересованных сторон ICANN.

В рекомендациях ATRT2 также содержался призыв к ICANN «проанализировать, актуальны ли и полезны ли в настоящее время существующие показатели прозрачности, и предложить рекомендации по внедрению новых показателей». ICANN в своей отчетности по ключевым показателям эффективности (KPI) для измерения продвижения в достижении стратегических целей за периоды времени использовала панель управления KPI ICANN. Мы продолжаем искать возможности для использования более актуальных и значимых измерений, а также усовершенствования способов обмена информацией и предоставления отчетности о работах и ходе их выполнения. Одним из ключевых условий реализации полезных улучшений является обеспечение обратной связи с сообществом. К примеру, представленные недавно на 57 конференции ICANN предложения сообщества послужат информационной базой для дальнейшего развития ежегодного отчета об обеспечении прозрачности, а также усовершенствования панели управления KPI. Члены сообщества внесли ряд полезных предложений, в том числе:

  • разработать возможность интерактивного просмотра детализированных данных;
  • включить деятельность сообщества в отчеты, касающиеся обеспечения этического поведения, подотчетности и прозрачности;
  • реализовать обучение по вопросам этического поведения для сообщества, а также предоставить сообществу возможности для широкого обсуждения темы измерения хода выполнения задач по обеспечению прозрачности, а также этического поведения и подотчетности.

В соответствии с этими предложениями ICANN планирует усовершенствовать текущую панель управления KPI к моменту запуска ориентировочно в июне 2017 года.

Работа по усовершенствованию подотчетности — это постоянная проверка на практике нашего партнерства с глобальным сообществом заинтересованных сторон. Мы ознакомились с мнениями и предложениями сообщества и продолжим анализировать и реализовывать улучшения для усовершенствования информационной поддержки процедур обеспечения прозрачности в нашей организации, а также способов измерения и публикации хода достижения нами наших целей в том, что касается прозрачности.

ICANN привержена принципам постоянного развития нашей ежегодной отчетности с тем, чтобы включить в нее новые актуальные виды деятельности, например, результаты работы сообщества в рамках рабочего потока 2. Мы будем рады в сотрудничестве с сообществом ICANN найти новые способы усовершенствовать наши усилия, направленные на обеспечение прозрачности в нашей работе.

Update on ICANN Transparency Reporting

Transparency is foundational to the success of a healthy multistakeholder model and even more essential in the post-transition environment. Recognizing this, ICANN has a strategic goal to address transparency, along with accountability and ethics, which are essential and closely related components. While the global Internet community continues its work on ICANN’s and the community’s transparency and accountability through the work of Cross Community Working Group on Enhancing Accountability: Work Stream 2 (CCWG WS2), ICANN as an organization is also making improvements. This includes the implementation of recommendations from the second Accountability and Transparency Review (ATRT2 [PDF, 3.46 MB]) and enhanced reporting on the progress toward related strategic goals.

ATRT2 identified the need for “a report on the broad range of ICANN Transparency issues with supporting metrics to facilitate accountability” and included several additional recommendations for improving transparency. Various transparency enhancements have already been implemented. For example, a comprehensive explanation of ICANN’s Publication Practices is now posted in and progress reports on implementation of Specific Review recommendations are published on a quarterly basis (see ATRT2, SSR, WHOIS). On a parallel track, ICANN has improved reporting of progress toward strategic goal [PDF, 1.65 MB] to promote ethics, transparency and accountability, included on the Key Performance Indicator (KPI) Dashboard (see goal 5.2).

In addition to these enhancements, ICANN will publish the first Annual Transparency Report before ICANN58 to make it easier for stakeholders to find and understand relevant information about ICANN’s transparency efforts. The report will provide an overview of transparency-related activities from across the organization with the ability to view detailed information, where feasible. The report will cover information included under ICANN’s Publication Practices as well as numerous other activities which demonstrate transparency, such as the published audited financial statements, operating plans and budgets, progress toward addressing the needs of ICANN’s multilingual community, and information about ICANN’s quarterly stakeholder calls.

The ATRT2 recommendations also asked ICANN to analyze the “continued relevance and usefulness of existing transparency metrics [and to] provide recommendations for new metrics.” ICANN has been reporting Key Performance Indicators (KPI’s) using the ICANN KPI Dashboard to measure progress on strategic goals for some time. We are continuously looking for more relevant and meaningful measures as well as improvements to the way we communicate activities and progress. Community feedback is key to making useful improvements. For example, recent community input from ICANN57 will inform the evolution of the Annual Transparency Report as well as the KPI Dashboard. Community members provided useful suggestions such as:

  • The development of interactive “drill-down” capability;
  • Bringing community activities into the reporting on promoting ethics, transparency and accountability;
  • Incorporating ethics awareness training for the community and opportunities for community wide discussions on the topic of measuring progress toward transparency, as well as ethics and accountability.

In line with these suggestions, ICANN is planning enhancements to the current KPI Dashboard to be launched around June 2017.

The work of improving transparency is a continuous exercise in partnership with the global stakeholder community. We have heard community feedback and will continue to analyze and incorporate improvements to enhance the information around the organization’s transparency, and how we measure and report progress made toward our transparency goals.

ICANN is committed to evolving our annual reporting to incorporate new relevant activities – such as the outcomes of community work on WS2, and we look forward to working with the ICANN community to find ways to improve all our transparency efforts.

ICANN Publishes Updated Staff Report on Proposed Amendments to Base New gTLD Registry Agreement

LOS ANGELES – 22 December 2016 – ICANN today published a revised Staff Report of Public Comment Proceeding regarding Proposed Amendments to Base New gTLD Registry Agreement.

Read the Reissued Report [PDF, 544 KB].

The reissued report supplements the staff report published on 17 August 2016 and includes additional explanatory text in Section I and a revised Section IV to reflect an analysis of the public comments by ICANN and the Working Group.

More Information

Public Comment: Proposed Amendments to Base New gTLD Registry Agreement


ICANN's mission is to help ensure a stable, secure and unified global Internet. To reach another person on the Internet, you have to type an address into your computer - a name or a number. That address has to be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation and a community with participants from all over the world. ICANN and its community help keep the Internet secure, stable and interoperable. It also promotes competition and develops policy for the top-level of the Internet's naming system and facilitates the use of other unique Internet identifiers. For more information please visit:

Puerto Rico and Barcelona Identified as ICANN Meeting Sites for 2018

The ICANN Board has approved San Juan, Puerto Rico as the location in North America to host ICANN's 61st public meeting to be held 10-15 March 2018. Barcelona, Spain has been selected as the European city to host ICANN63 | Annual General Meeting to be held 20-26 October 2018.

ICANN holds three public meetings each calendar year in different regions of the globe. ICANN Meetings are a central principle of ICANN's multistakeholder model because they provide a venue for progressing policy work, conducting outreach, exchanging best practices, conducting business deals, interacting among members of the ICANN community, including Board and staff and learning about ICANN. Usually comprised of more than 400 different sessions, these meetings are the focal point for individuals and representatives of the different ICANN stakeholder groups to introduce and discuss issues related to ICANN policy. Participants may attend in person or remotely. Meetings are open to everyone and registration is free.

More Information

Draft Report of the Competition, Consumer Trust and Consumer Choice Review Available in January

In early December, members of the Competition, Consumer Trust & Consumer Choice Review Team (CCT-RT) completed a three-day drafting meeting in Washington D.C. On the back of a busy schedule of meetings at ICANN57 and weekly plenary meetings, the drafting meeting was extremely productive. We were able to refine our findings and recommendations as well as identify areas where additional data is needed to support our work.

Although we initially planned to release the draft report in December, we believe it is prudent to take additional time to obtain additional information that will allow us to support our analysis. Before the end of the year, we expect to receive a report on a survey of new gTLD applicants as well as a response from Analysis Group (the study authors) to the public comments on the Phase II Assessment of the Competitive Effects Associated with the New gTLD Program.

We intend to publish the draft report for public comment here in January 2017. Stay tuned!

The Competition, Consumer Trust and Consumer Choice Review Team is examining the extent to which the introduction or expansion of generic top-level domains (gTLDs) has promoted competition, consumer trust and consumer choice. It is also assessing the effectiveness of the application and evaluation processes, as well as the safeguards put in place by ICANN to mitigate issues involved in the introduction or expansion of new gTLDs.

IMPORTANT UPDATE: the Competition, Consumer Trust and Consumer Choice Review Team Report of Draft Recommendations for Public Comment is now scheduled for February 2017.

ICANN Publishes Updated gTLD Marketplace Health Index

LOS ANGELES – 21 December 2016 – Today, ICANN published an update to the gTLD Marketplace Health Index (Beta), which presents statistics and trends related to generic top-level domains (gTLDs).

View the Health Index [PDF, 1.91 MB].

The gTLD Marketplace Health Index (Beta) was first published in July 2016. ICANN plans to publish these statistics twice a year to track progress against its goal of supporting the evolution of the domain name marketplace to be robust, stable and trusted. A community Advisory Panel is working with ICANN to refine the Index in preparation for publishing version 1.0.


ICANN's mission is to help ensure a stable, secure and unified global Internet. To reach another person on the Internet, you have to type an address into your computer - a name or a number. That address has to be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation and a community with participants from all over the world. ICANN and its community help keep the Internet secure, stable and interoperable. It also promotes competition and develops policy for the top-level of the Internet's naming system and facilitates the use of other unique Internet identifiers. For more information please visit:

Successful Candidates Announced for ICANN58 Fellowship

ICANN announces 56 individuals from 41 countries have been selected to participate in ICANN's Fellowship program at the 58th Public Meeting in Copenhagen, Denmark 11-16 March 2017. 35 of the selected candidates will be attending their first ICANN meeting. Seven have attended an ICANN Meeting in the past but now will be part of the Fellowship program and fourteen are Fellowship Alumni with various levels of ICANN experience. Nine of the Alumni will take on the additional role of coaching Newcomers. These successful candidates represent all sectors of society including; civil, government, ccTLD operations, academia, facets of the business community, technical, security and end user groups.

The Fellowship program seeks to create a broader and more diverse base of knowledgeable constituents with priority given to candidates currently living in underserved and underrepresented communities around the world, those who represent diversity of gender, sector, region, experience, expertise and/or have established financial need. An independent selection committee assessed the 424 Fellowship applications received for this meeting.

Click here to see the list of selected candidates and learn more about the Fellowship program:

At-Large Community Announces the Slate of Candidates to Proceed to the Next Stage of the ICANN Board Director Position Selection

The Board Candidate Evaluation Committee (BCEC) has now concluded its Candidate evaluation process for the ICANN Board Director position selected by the At-Large Community. On behalf of the BCEC, we are pleased to announce that the following Candidates will go forward to the next stage of the selection process. The Candidates, listed in alphabetical order of the last name, are:

  • Alan Greenberg (Canada)
  • Leon Felipe Sanchez Ambia (Mexico)

That next stage of the selection process is planned and managed by the Board Member Selection Process Committee (BMSPC).

The process involves calls across Regional At-Large Organizations (RALOs) to discuss the BCEC Slate of Candidates, the option of possible petitions by RALOs to add to this Slate additional Candidates who have submitted Expression of Interests (EoIs) but were not selected by the BCEC, and the agreement on the Final Slate of Candidates. This process will culminate in an election among the Final Slate of Candidates by the At-Large Advisory Committee (ALAC) Members and Regional At-Large Organization (RALO) Chairs.

The selection process is planned to be completed by Friday, 21 April 2017, with the announcement of the successful Candidate on that date. View the detailed timeline here.

Details of the full process are contained in Section 19 of the ALAC Rules of Procedure [PDF, 217 KB] (version adopted on 20 September 2016).

For more information, please visit the At-Large Board Member Selection wiki workspace.

Heidi Ullrich, Ariel Liang, Terri Agnew, and Yesim Nazlar
At-Large Board Member Selection Program Admin Staff

Cybersecurity Topics on a Whirlwind Tour of Eastern Europe: Take 2

Dave Piscitello presenting at the Eastern European DNS Forum in Kiev, Ukraine.

During the first weeks of December 2016, I continued a series of Identifier Systems Security, Stability and Resiliency (IS SSR) team and Global Stakeholder Engagement (GSE) cybersecurity engagements that began in September.

My journey began in Kiev, Ukraine, where I participated in the first Eastern European Domain Name System Forum, a regional meeting of members of the domain name and DNS communities, which was held from 1-2 December. This event emerged from UADOM, the annual international conference of the domain name market that is held by Hostmaster.UA. With ICANN's support, Hostmaster.UA was able to expand to this year's regional format.

The event gathered over 200 experts in Kiev, and the diverse audience demonstrated knowledge from business, government, operational and technical areas. There was an eagerness to debate and share views on the Internet of Things, cybersecurity and cybecrime, and how the DNS will affect or be affected by these emergent or important challenges. ICANN's presence was quite strong on the agenda. Those attending included George Sadowski, ICANN board member, David Olive, Senior Vice President, Policy Development Support And General Manager, ICANN Hub in Istanbul, Mukesh Chulani, Senior Manager, Registrar Services and regional GSE staff – Michael Yakushev, Vice President, and Alexandra Kulikova, Manager, for Eastern Europe and Central Asia.

My hosts kept me busy throughout this two-day event, and scheduled me for three sessions. On day one, which was devoted to technical tutorials, I discussed IOT security (a.k.a., The Internet of Threats) and the role that ICANN's Internet Identifier SSR plays in operational security, identifier system threat awareness and mitigation and capability building. On day two, I gave a talk about distributed denial of service (DDoS) attacks in a panel discussion entitled 'Threats to the DNS'. The conference presentations and photos are available at EEDNSUA. Videos for day one (1 December) and day two (2 December) are available on YouTube.

During the event, I also had an opportunity to meet with several Ukrainian public safety communities, including the Service on Special Communications, Service of Security of Ukraine, Cyberpolice, Communications Department of the Armed Forces, and the National Telecommunications Regulation Commission, where I explained the training programs that the ICANN SSR team offers to abuse investigators or ccTLD operators. We also discussed the challenges of multi-jurisdictional cyber attacks. This was an introductory meeting where I saw a lot of interest from the audience. We are optimistic that we can come back for a full training sometime in 2017.

My tour continued in Tbilisi, Georgia, from 5-6 December, where I did a day and a half training on Investigating DNS Abuse for 18 participants from several agencies including the Data Exchange Agency, Office of the Personal Data Protection, Prosecutor Office, Ministry of Internal Affairs, National Bank and Georgian National Communications Commission. The training, hosted by the Internet Development Initiative (IDI) and the Georgian Foundation for Strategic and International Studies (GFSIS), introduces or reinforces strategies, techniques and tools that infosec professionals use to identify Identifier Systems abuse (DNS, IP, ASN). On day two, I gave attendees opportunities to apply what they'd learned in a hands-on investigation of a live malware campaign. The training was very well accepted, and the participants seemed eager to see a follow-up with a more customized program tailored to local needs.

Our Eastern European hosts have been incredibly welcoming and highly complimentary about our activities in 2016. We have received many expressions of interest to have us return or to expand our engagements further into Eastern Europe in 2017. We look forward to future, equally successful engagements.

President’s Corner: Closing Out 2016

It's been a big year – for ICANN – and for me, personally. I've traveled around the world, meeting and working together with many of you. It has been a pleasure, and I want to thank all of you for your hard work this year.

This year, the ICANN community came together, trusting each other, to create the final proposals and complete the IANA stewardship transition, after many years of compromise and collaboration. The success of this effort is a real testament to the strength of the multistakeholder model in tackling issues like this.

The result of these efforts is that ICANN is truly rooted in accountability. The entire ICANN ecosystem is more accountable to each other and to you. Thank you for that.

As we look ahead at what the next year will bring, my focus, as CEO of the ICANN organization, is on doing what we do even better, under the new mission and bylaws, and supporting our strategic objectives. And as one final bit of business this year, to further our commitment to ICANN's long-term financial accountability, stability and sustainability I want to announce that Chief Financial Officer (CFO) Xavier Calvez will now be reporting directly to me.

Thank you for your patience and support over the course of the past year. I'm looking forward to 2017 – to meeting more of you and to continue working together. Happy holidays to you and your family. I wish you all the best in the New Year.

Göran Marby
ICANN President and CEO

What’s the Difference Between a Domain and Web Hosting?

If you’re launching your first website and are completely new to it, you may have heard terms like “domain” and “web hosting” being thrown around. But what are they, and what’s the difference? Take a look at this brief overview.

The Makeup of a Website

Every time you visit a website, your computer goes through a process to display that site for you. It starts by entering the domain name into the browser, which can be done through clicking on a link, for example. Then the domain is translated into the owner’s server IP address. That server sends the user the site files, which display as a web page.

Broken down, websites are made up of three components:

  • Domain name
  • Web hosting server
  • Site Files

Some people use the metaphor of a house to describe how these pieces come together. Essentially, your domain name is your address, your web hosting is the house, and your site files are your furniture.

What is a Domain?

Your domain name is your website’s address, such as This address is a lot like a mailing address. It tells computers where to find the site on connected servers so they can send and receive information. Without a domain name, it’d be like trying to call someone on the phone when they don’t have a phone number. They could have a phone, just as you might have a website, but you’d have no way of reaching them.

What is Web Hosting?

A server is a device that’s connected to the Internet and stores site files. When you pay for web hosting services, you’re renting out a space on their hard-drive so that users across the world can access your site files. Many hosts have multiple server locations so they can back up your site files, which helps prepare you both for emergencies like natural disasters.

Web hosting is storage space. It alone cannot stand as your website. Instead, you use that space to store your site files, which save your layout, content, images, etc. Content management systems like WordPress make it easy to work with those files without going into the backend of your hosting account. The best WordPress hosts make it easy to get your site on the web through one-click WordPress installs.

Without web hosting, your domain name would act as a disconnected telephone number—there’d be no way to reach you.

There are multiple types of web hosting. The most common are:

  • Shared: Shared hosting has multiple users on the same server, all sharing the same resources. It’s a lot like renting an apartment. You all share the building and common areas, but you have your own “space” to call your own.
  • VPS: VPS refers to “virtual private server.” With this, multiple sites are on the same server, but the resources are divided up rather than all shared at once. It’s like owning a condo. You share the building with everyone, but you own the part that’s yours. That means you have a specific amount of resources allotted to you and only you. The benefit is that your site will be much faster than with shared web hosting, and it’s scalable.
  • Dedicated: Dedicated hosting means you’re the one on the server. It’s like owning a house. That means all the resources are yours and you can control your server. That makes for lightning-fast websites, and it’s great for people with high traffic numbers.

The best web hosts offer all three types of web hosting so that you can scale your site as your traffic grows.

Do You Need to Use the Same Company for Both?

One thing that confuses people about the difference between web hosting and domains is that many companies in the industry offer both services. That said, you don’t have to use the same company for both. You can use one company to register your domain name and another to host your site files.

This means that you’re not stuck with your first choices if you want to change things down the line. You can always choose a different domain name and point it to the same website. In fact, you can point multiple domain names to the same site at once.

You can also change web hosts without losing your domain name or your site files. You may need to contact support for this to get everything transferred over properly. However, if you find you need a better web host, you don’t have to start all over.

Some people choose to register their domain name through their web host because it’s more convenient. Others choose not to keep everything in the same place to make transferring to a new host easier and to improve site security. Be sure to weigh the pros and cons yourself before deciding which companies to work with.

Hopefully you have a better understanding of domain names and web hosting now to make setting up your site easier.

The post What’s the Difference Between a Domain and Web Hosting? appeared first on Domain & SEO News.

What Is a DNS Covert Channel?

In the first part of our covert channel series, I explained that a covert channel is an evasion or attack technique used to transfer information in a secretive and typically unauthorized or illicit manner. I also explained how one could create a covert channel using the Internet Protocol (IP) or the Internet Control Message Protocol (ICMP).

In this part, I will explain why the Domain Name System (DNS) is also an attractive protocol for covert channels, and illustrate how the DNS could be used to create a covert download channel.

Why Use a DNS Covert Channel?

Network administrators often block traffic to Internet services that they do not want their users to access with Internet firewalls. DNS queries and responses are rarely blocked, because users must ask the DNS questions to resolve domain names to Internet addresses. This makes DNS a strong candidate for someone who wants to transmit or receive information without detection. DNS covert channels can be used to bypass a Wi-Fi paywall to avoid paying a service fee, or to run an unapproved application from a work computer. They can also be used to tunnel other Internet protocols such as Secure Shell, IP or even Tor. Cyberattackers can use a DNS covert channel in a more dishonest way, such as a communications channel between a computer they have compromised and a computer they operate. Sadly, malware writers are increasingly using the DNS for covert communications between infected computers and command-control hosts.

A DNS Covert Channel in 3… 2… 1…

Setting up a DNS covert channel requires very little investment or infrastructure. You need a domain name, a name server to host name resolution for that domain name (a "real DNS server"), and a fake DNS server to communicate with clients over a covert channel using artificial DNS queries and responses.

Let's consider how cyberattackers might download malicious software from a server they operate to a computer they have infected with an installer or dropper malware. They could:

  1. Choose a domain name, e.g.,
  2. Configure a "real" DNS name server to host this domain: This is where the cyberattacker will host the zone file for this domain name. The cyberattacker could do this during their domain registration and choose any public DNS operator for this purpose.
  3. Add an address record to the zone file for for a computer that will behave like a DNS server, but will be used to download malware covertly. Let's call this, for example: 600 IN A

At this point, the cyberattackers have a working name service that will resolve the host name to a fake DNS server hosted at

Covert Communications Use DNS Query and Response Data

The cyberattackers next define the format of DNS queries that covert channel clients running on infected computers will ask and the format of corresponding answers that fake DNS server software operating at will return. The cyberattackers in this example use a sub-label to identify a request in a DNS query, e.g.,, and they use a text (TXT) record to return the answer, so a conceptual exchange between the covert channel client on an infected computer and the fake DNS server would be:

ANSWER: 0 IN TXT "there is new malware software for you"

This is a pretty basic exchange. It's also not very covert, so cyberattackers could choose to hide the plain text by using an encoding scheme called Base64 (try it yourself here). If the cyberattackers were to use Base64 to encode question and answer, anyone who examined this exchange would see the following:

ANSWER: 0 IN TXT "dGhpcyBpcyBuZXcgbWFsd2FyZSBzb2Z0d2FyZSBmb3IgeW91"

Cyberattackers often decide that Base64 is not sufficiently covert. In these cases, they could use a third-level label to convey encryption key derivation information, i.e., information that would allow the covert channel client to calculate (derive) a key to decrypt the response data in the TXT message answer.

Using messages that conform to DNS protocol standards is an important part of operating covertly. Length limits for labels (63 bytes) and TXT records (255 bytes) would constrain the message exchange in this example. Cyberattackers could overcome these length limits by using the third-level label as a parameter that identifies and distinguishes "chunks" of data in the request. The covert channel client is now able to make multiple DNS queries to download a larger "payload" by assembling the "chunks" of malware software returned in TXT message answers.

The mechanisms I've described here are used by the Feederbot malware [PDF, 220 KB], whose DNS queries are of the form:

Random data Chunk identifier Encryption key derivation data Delegated Name TLD

The Feederbot malware DNS TXT record response is composed as follows

DNS TXT rdata
Base64 encoded data
Checksum Chunk of malware software

Joe Minieri produced a four-minute YouTube video that describes a covert channel similar to what I've described, entitled Stealing Corporate Data Undetected.

The DNS Is a Green Field of Covert Channels

I've chosen to illustrate one of several DNS covert channels and, in particular, one that is purposely designed for malicious or criminal use. Software for DNS covert channels is available for download from public repositories. Several popular DNS covert channel software are "general purpose", i.e., they create bidirectional tunnels to support a variety of Internet protocols. If you're curious, you can read how Dan Kaminski's OzymanDNS can be used to create a TCP tunnel for Secure Shell (SSH) or how NSTX or Iodine can be used to tunnel IPv4 traffic. I even found a paper that describes how to use the time-to-live (TTL) field of the DNS protocol to support a covert channel.

DNS is a necessary service, and few organizations examine DNS traffic for security threats.

In a future post, I'll discuss measures to detect or mitigate DNS covert channel threats.

Customer Confidence Increases with Cybersecurity

As data breaches continually hit the news, consumers are increasingly concerned about their information. The problem is that while most people are worried about cybercrime, they often don’t protect themselves. In a survey released by Symantec, 45 percent of the 20,907 consumers surveyed felt overwhelmed by the amount of information they need to protect. With consumers overwhelmed, they look to businesses to offer assurances regarding the protection of this information. This means that online businesses need to focus on how to protect information to be able to build their customer base.

Training employees are the easiest and more important thing that a business can do to protect information. The top mistakes that employees make are things like sharing passwords or leaving work computers unattended when they bring them home. In addition, over 87 percent of business owners upload information to a personal cloud or storage server. While this may seem like a way to work efficiently, it means that the information is moving to and from different types of security levels. Most businesses use servers that are developed to professionally protect information while most individuals use servers like Dropbox and Google. This means that sharing the information to these servers puts the customer information at risk.

Employees using personal devices in the workplace is rapidly becoming one of the biggest risks for businesses. Legal experts at Steinepreis Paganin suggest writing policies for employees to try to keep these risks down. When employees bring mobile devices into the workplace, they often bring viruses and other possible breach access points with them. A mobile phone with a virus that gets plugged into a work computer to charge can cause a security breach that can affect customer information.

Making sure to update application and operating systems regularly seems mostly geared towards having them work correctly. However, many of these intend to close gaps in systems. In addition, many times hackers are aware of the updates and work quickly to find ways to exploit them. Updating systems and applications and then restarting computers takes time and feels annoying. Not updating, however, can leave customer information at risk.

Finally, think about the ways in which protecting your business protect your customers as well. Simple solutions such as using strong passwords and making sure that emails, texts, and instant messaging programs are encrypted can give your customers confidence when they work with you.


Protecting yourself means protecting the information in your care, and sometimes that information belongs to customers. Easing people’s fears about how your business handles their information can be the first step towards building their trust as customers.

The post Customer Confidence Increases with Cybersecurity appeared first on Domain & SEO News.

New Contracting Statistics Released