top | item 42307424

(no title)

The implication that gTLDs are bad and new ones shouldn't be introduced because of this is a bit silly to me. The argument that they somehow have lower registration requirements makes no sense, .shop .top and .xyz registrations involve the exact same amount of verification as .com (none). Prices aren't really that different and plenty of gTLDs are more expensive than traditional ones.

Registering a domain is frustrating these days, too many already taken and a lot of them by squatters not even intending to use it. I'd love to see more options personally even if it makes it slightly easier to create a phishing domain. We need better tools than memorizing a domain name to deal with that anyways.

discuss

NotSammyHagar|1 year ago

I think the issue is you can register a known company name on one of these and plenty of people will think it's legit. Companies have to register on all these random domain to protect themselves.

dell.shop, that's probably the dell computer I know, right?

zanderwohl|1 year ago

The people who would fall for that would probably also fall for `dell.computerdealshop.com` though

throitallaway|1 year ago

I'm doubtful that most non-technical people familiarize themselves with TLDs/domain names. They use a search provider for whatever they need. As far as emails/phishing goes, it's a game of cat and mouse; it will never be over. Basically, don't trust unprompted email links and just go to the site if it's something you really want.

drew-y|1 year ago

I wonder if we could add some type of verification registry. It would be nice if browser's could have a big indicator saying that this website is verified to associated with Dell inc.

hamandcheese|1 year ago

> Companies have to register on all these random domain to protect themselves.

"Nice business you got there. Shame if a scammer bought your name on my new TLD."

xelamonster|1 year ago

Yep that's the issue, I'm just saying I'd rather have that problem than the one where I can't register a clean looking personal domain because every idea I have is already registered (with 95% of them leading to a parking page untouched for years except to pay the bill). Feels like we just need more names available and I don't see how else we could get them.

friendzis|1 year ago

Is dell.com, dell.co.uk and dell.ee owned and backed by the same corporation?

gtldexplosion|1 year ago

[deleted]

boogr|1 year ago

[deleted]

reaperducer|1 year ago

The implication that gTLDs are bad and new ones shouldn't be introduced because of this is a bit silly to me.

That wasn't what the article stated. The article stated that the problem is that the new TLDs are so cheap as to be disposable, and the registration requirements are lax. The combination makes them attractive to criminals.

It's literally the first sentence of the article:

"Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as .shop, .top, .xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds."

gtldexplosion|1 year ago

[deleted]

michaelt|1 year ago

The problem is the new gTLDs don't increase the useful supply of domains.

For casual usage like personal blogs and whatnot? Sure, use whatever.

But if I was starting a web-based business and couldn't afford the .com? I'd rename the company before I'd use .xyz - if your business takes off the squatters will notice and raise their prices, so the .com will never be cheaper.

If you got an "urgent e-mail" saying your employer needed you to confirm you're legally allowed to work, and they directed you to experianrtw.app - would you go there and send them a photo of your passport?

mrsilencedogood|1 year ago

There are a few options, though. The fact that .io got so popular shows that we are not forever chained to .com. It's just that a lot of the nuTLD options are honestly hilariously bad, most of them are just lame. My personal top picks are ".online" and ".software" with mention to ".network" but they're all WAY too long. I actually use ".cafe" for my personal stuff because it's short and cute. Obviously can't use that for your SV rocketship company though.

Would it have been so hard to sit down and pick a couple short ones - yknow, ones people might actually use?

yawaramin|1 year ago

If I got an 'urgent email' I wouldn't go to any domain, I would contact my employer directly and confirm with them before doing anything. The people who would fall for this phishing scam would fall for almost any domain, because it's not about the domain.

poincaredisk|1 year ago

What it you get an email from [yourbank].bank? Or if your mother got one?

It's never a single signal, and the more legitimate a domain looks, the bigger a chance is that someone fells victim to a scam.

ToucanLoucan|1 year ago

The lions share of issues with domains would go away if we made squatting illegal, or at the least, extremely expensive.

Tbh I'm increasingly thinking that just about any speculative instrument in the economy is just grift and drag. If you want to make money, make things. Stop trying to extract rent or exorbitant prices for land, for domains, for PS5s, etc. Feels like 9/10ths of the economy now is nothing but fucking middlemen, when we have a dearth of need of ANY middlemen at all anymore.

gruez|1 year ago

>The lions share of issues with domains would go away if we made squatting illegal, or at the least, extremely expensive.

How do you define squatting? Is the owner of nissan.com "squatting" on it because he wouldn't sell to the japanese car company? How much interest do you need in a given domain before it's not squatting?

foxglacier|1 year ago

If you're starting a new company, squatters are not a real problem. Just pick another name. If your favorite name is so valuable that it's squatted, then it's valuable! The squatter was reserving it for you, the only company that could really make good use of it, instead of some random personal blogger who happened to walk in first and would wasted its high value.

Also, what's the difference between a squatter and a personal blogger?

unknown|1 year ago

[deleted]

humanfromearth9|1 year ago

What looks like squatters might also be people who just want their own domain only for email, not hosting.

allset_|1 year ago

Or are hosting non-public services and want TLS certs that all my devices trust automatically, like me.

mrweasel|1 year ago

That's certainly an issue. There have been a number of cases where companies have demanded that people hand over domain that they "where not using". Not using being defined as "does not have a website".

It feels like there should be some way of determining if a domain is actively being used, to combat squatters, but when ever someone tried to make a rule it ends up being something stupid, like not having a website.

seabass-labrax|1 year ago

Email is one of the easier services to detect; not only does SMTP specify that the server sends a greeting before authentication occurs, but there's also a bunch of DNS records just sitting there in full view. I'd say it's easier to detect real usage with email than with HTTP, because, to my knowledge, nobody runs an MTA just to say 'this domain is for sale' like they do on the Web!

aidenn0|1 year ago

Including me.

foxglacier|1 year ago

gTLDs don't really solve the problem of running out of domain names any more than doing it yourself like myname-shop.com There are too many gTLDs for anyone to remember so they're really just an arbitrary extension on the 2nd/3rd level name.