Click the comments link on any story to see comments or add your own.
Subscribe to this blog
09 Aug 2006
A recent message on Circle ID notes that Cameroon in west Africa has added a wild card to its .CM country domain. This means that anyone who tries to type something.com into his browser and types something.cm instead will in most cases end up at the web site the wild card points to, similar to what Verisign did with their infamous Sitefinder a few years ago. (I say most, because if you type the name of an actual .cm domain, you'll end up at that domain. More about that later.)
This wildcard differs from Sitefinder in several ways, most notably in that unhappy victims of typo-squatting have considerably less recourse. The .CM registry is run by Camnet, part of Camtel, which is the government controlled national telephone company. IANA has a firm rule of long standing that in practice makes each country's government the arbiter of who runs the country's ccTLD. (It dates from a controversial delegation of the Hatian TLD in 1997.) So no matter how unhappy people are with *.CM, it is utterly implausible that the government would agree to redelegate the domain away from itself.
I assume here that whoever is in charge of the .cm registry knows what's going on. They have registration rules posted on their web site, rather conventional ones that say that all registered domains must be 2 to 24 characters consisting of letters, digits, and hyphens. Since one character names and asterisks aren't on the list, at the very least someone persuaded them to bend the rules, if not pay an outright bribe, so some polite political pressure might work.
Another possibility someone mentioned was a WIPO action. It would certainly be amusing to see someone file a WIPO complaint against the government of a WIPO member state, but it's kind of hard to see it going anywhere.
A more productive approach would be to go after the beneficiaries of the typos. The wildcard record points to a server at Peer1 in Vancouver BC, an ISP with a long history of hosting dodgy customers from around the world. This particular customer is NameView, who is either part of Peer1 or pretty good friends since they're just down the street from Peer1 HQ. They say they manage large domain portfolios, but they're not accepting new customers, and they have a history of typosquatting. All the links on the landing page click through to Yahoo's Overture pay-per-click subsidary, another easy to find target.
I wondered whether there might be more typosquatting going on in Cameroon, so I took a look at the ccTLD zone file. It's not very big, only 188 domains. Most of them are plausible local domains pointing at local servers. A moderate number point at European companies like Air France and Standard Chartered Bank that do business in Cameroon. Several including yahoo.cm, synopsys.cm, and credit-swiss.cm are defensive, registered by the owners of the corresponding .com and either inactive or pointing at their .com domains.
But then there are a bunch of straight typo-squats: cheaptickets.cm, dictionary.cm, download.cm, flowers.cm, games.cm, lasvegas.cm, monster.cm, realtor.cm, refinance.cm, and rent.cm. They all point to the same server at Rackspace in Texas, which serves up pages full of links related to the corresponding .com. All but one have links that go to trafficz.com and also redirect through Overture, usually with one of those links leading to the corresponding .com page. (Someone forgot to set up refinance.cm.) I would think that many the .com sites would have a slam dunk case against these sites since cheaptickets.com, monster.com, realtor.com, and rent.com all have registered US trademarks and the squatter is in Texas.
The lesson here is that something is fundamentally screwed up in the domain world when one server manager in Cameroon can enable this much confusion. But I still can't figure out what the right solution is.
comments... (Jump to the end to add your own comment)
Chairman Cameroon Federation of engineers Association
Add your comment...
Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.
My other sites
© 2005-2018 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.