Internet and e-mail policy and practice
including Notes on Internet E-mail


Click the comments link on any story to see comments or add your own.

Subscribe to this blog

RSS feed

Home :: ICANN

09 Aug 2006

Has Your Browser Been to Cameroon Lately? ICANN

A recent message on Circle ID notes that Cameroon in west Africa has added a wild card to its .CM country domain. This means that anyone who tries to type into his browser and types instead will in most cases end up at the web site the wild card points to, similar to what Verisign did with their infamous Sitefinder a few years ago. (I say most, because if you type the name of an actual .cm domain, you'll end up at that domain. More about that later.)

This wildcard differs from Sitefinder in several ways, most notably in that unhappy victims of typo-squatting have considerably less recourse. The .CM registry is run by Camnet, part of Camtel, which is the government controlled national telephone company. IANA has a firm rule of long standing that in practice makes each country's government the arbiter of who runs the country's ccTLD. (It dates from a controversial delegation of the Hatian TLD in 1997.) So no matter how unhappy people are with *.CM, it is utterly implausible that the government would agree to redelegate the domain away from itself.

I assume here that whoever is in charge of the .cm registry knows what's going on. They have registration rules posted on their web site, rather conventional ones that say that all registered domains must be 2 to 24 characters consisting of letters, digits, and hyphens. Since one character names and asterisks aren't on the list, at the very least someone persuaded them to bend the rules, if not pay an outright bribe, so some polite political pressure might work.

Another possibility someone mentioned was a WIPO action. It would certainly be amusing to see someone file a WIPO complaint against the government of a WIPO member state, but it's kind of hard to see it going anywhere.

A more productive approach would be to go after the beneficiaries of the typos. The wildcard record points to a server at Peer1 in Vancouver BC, an ISP with a long history of hosting dodgy customers from around the world. This particular customer is NameView, who is either part of Peer1 or pretty good friends since they're just down the street from Peer1 HQ. They say they manage large domain portfolios, but they're not accepting new customers, and they have a history of typosquatting. All the links on the landing page click through to Yahoo's Overture pay-per-click subsidary, another easy to find target.

I wondered whether there might be more typosquatting going on in Cameroon, so I took a look at the ccTLD zone file. It's not very big, only 188 domains. Most of them are plausible local domains pointing at local servers. A moderate number point at European companies like Air France and Standard Chartered Bank that do business in Cameroon. Several including,, and are defensive, registered by the owners of the corresponding .com and either inactive or pointing at their .com domains.

But then there are a bunch of straight typo-squats:,,,,,,,,, and They all point to the same server at Rackspace in Texas, which serves up pages full of links related to the corresponding .com. All but one have links that go to and also redirect through Overture, usually with one of those links leading to the corresponding .com page. (Someone forgot to set up I would think that many the .com sites would have a slam dunk case against these sites since,,, and all have registered US trademarks and the squatter is in Texas.

The lesson here is that something is fundamentally screwed up in the domain world when one server manager in Cameroon can enable this much confusion. But I still can't figure out what the right solution is.

posted at: 23:02 :: permanent link to this entry :: 3 comments
posted at: 23:02 :: permanent link to this entry :: 3 comments

comments...        (Jump to the end to add your own comment)

Even more ridiculous is the fact that they apparently added and then failed to comment it out from the zone file:

/* NS /* NS /* NS*/.cm. !!! /* NS host*/.cm has illegal name

(by Anonymous 07 Aug 2006 03:27)

Chairman Cameroon Federation of engineers Association
We are not sur that the government of cameroon in informed about all this. please, give us some few days for necessary inquiries. Thanks, cameroon is a proud country and don't want its name involved in bad actions. We believe that even if there are some bad guys in our country as in each on all over the world. There are also some cameroonians who are honest and are working hard on daily basis as civil society organisation, to built a strong country where live will be better for all, cameroonians or not. Dear John levine! Thanks a lot for this information.

(by Appolinaire NOUMBI 09 Aug 2006 16:40)

The wildcard record is no more in effect, I think...

(by Magobei 11 Aug 2006 09:10)

Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

Email: you@wherever (required, for confirmation)
Title: (optional)
Show my Email address
Save my Name and Email for next time


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

Dave Piscitello on Ransomware
57 days ago

A keen grasp of the obvious
My high security debit card
603 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.