Today’s narrow range of so-called top-level domains (such as .com and .org) are about to be joined by an unlimited range of new ones. These could be used as corporate branding (.coke or .pepsi, for example), to organize multiple sites into categories (think .food, .bank, and anything else). But, while they could open new commercial opportunities and have some security benefits, the domains could also confuse some users, creating new opportunities for fraud artists.
For decades, the Internet has operated with just 21 top-level domains—the most common one being .com (which has about 200 million registered domain names)—plus country names like .jp for Japan and .de for Germany. But last week, the Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit body that governs the naming system, decided after years of discussion to allow the new custom top-level domains. The organization is about to launch a campaign to raise awareness about their availability, and will accept applications starting January 12, 2012.
Some companies are already lining up. The camera company Canon, for example, has said it will apply for “.canon” to create one central site, so users wouldn’t need to type “canon.com” in the United States, “canon.de” in Germany, and so on. Some global organizations might want to do the same, for similar reasons. Indeed, ICANN expects most applicants to be corporations. The new top-level domains will work in non-Latin alphabets, too.
ICANN says it expects the new domains to usher in new forms of marketing and, in some cases, to add a level of security. For example, a specialized top-level domain such as .bank might be secured with domain name security called DNS-SEC—which verifies that a domain name seen by a user corresponds to the numerical computer address assigned to a bank’s servers. This would require an additional vetting process for any company that applied for a .bank domain name. But then users could feel particularly confident that the site they are viewing is legitimate.
However, some observers expect the domains to introduce confusion—and perhaps some new security risks. User confusion already plays a key role in the success of many online scams, such as phishing, in which fraudulent websites that look like bank sites—and that have domain names that seem right—coax people into entering their account numbers. (Similarly, billion-dollar frauds like fake antivirus scams thrive in part on confusion about what a correct virus warning should look like.)