Today’s narrow range of so-called top-level domains (such as .com and .org) are about to be joined by an unlimited range of new ones. These could be used as corporate branding (.coke or .pepsi, for example), to organize multiple sites into categories (think .food, .bank, and anything else). But, while they could open new commercial opportunities and have some security benefits, the domains could also confuse some users, creating new opportunities for fraud artists.

For decades, the Internet has operated with just 21 top-level domains—the most common one being .com (which has about 200 million registered domain names)—plus country names like .jp for Japan and .de for Germany. But last week, the Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit body that governs the naming system, decided after years of discussion to allow the new custom top-level domains. The organization is about to launch a campaign to raise awareness about their availability, and will accept applications starting January 12, 2012.  

Some companies are already lining up. The camera company Canon, for example, has said it will apply for “.canon” to create one central site, so users wouldn’t need to type “canon.com” in the United States, “canon.de” in Germany, and so on. Some global organizations might want to do the same, for similar reasons. Indeed, ICANN expects most applicants to be corporations. The new top-level domains will work in non-Latin alphabets, too.

ICANN says it expects the new domains to usher in new forms of marketing and, in some cases, to add a level of security. For example, a specialized top-level domain such as .bank might be secured with domain name security called DNS-SEC—which verifies that a domain name seen by a user corresponds to the numerical computer address assigned to a bank’s servers. This would require an additional vetting process for any company that applied for a .bank domain name. But then users could feel particularly confident that the site they are viewing is legitimate.

However, some observers expect the domains to introduce confusion—and perhaps some new security risks. User confusion already plays a key role in the success of many online scams, such as phishing, in which fraudulent websites that look like bank sites—and that have domain names that seem right—coax people into entering their account numbers. (Similarly, billion-dollar frauds like fake antivirus scams thrive in part on confusion about what a correct virus warning should look like.)

So in theory, scam artists could register something like .savingsbank and confuse people. “You can probably imagine that if someone registers .wellsfargobank and customers erroneously try to go to http://wellsfargobank/; then the end user customer is maybe not going to get the ‛wellsfargobank’ they thought they were asking for,” says Paul Vixie, chairman and chief scientist of Internet Systems Consortium, a nonprofit developer of Internet software and protocols.

There is a limiting factor on such concerns, of course; would-be creators of new top-level domains will have to fork over $185,000 and go through a bureaucratic process to win approval, notes Richard Lamb, who is in charge of domain-name security deployment at ICANN. By contrast, it’s far easier to set up a similar domain name—say, wellsfargobanc.com—to fool people. But the consensus of ICANN’s board is that the overall security risks of the new effort are low. The details of their discussions can be found here.

But Lamb adds that glitches might arise if users try to reach new top-level domains without typing any dots—such as http://canon or similar addresses.

Some operating systems will first look to see if “canon” exists as part of the local domain (for example: canon.technologyreview.com) and then send you there. Similar problems could pertain to e-mail systems. “Fresh from the meeting floor this week, there have been discussions about how the lack of dots in the new top-level domains may get misinterpreted by existing software,” Lamb said. 

Either the new top-level domains will need to be preceded by dots, or software will have to change.

The process that led to the new top-level domains was years in the making, and involved the full range of Internet participants from around the world: governments, businesses, technology experts, and end users.

Steve Crocker, vice chair of ICANN’s board of directors and an architect of the Internet’s original protocols, says it will be fascinating to see how all of these participants adopt and react to new top-level domains. “I hope that this is studied in business schools going forward and analyzed in many ways,” he said in his remarks last week. “And we’ll look back and try to understand what the results were compared to what we expected.”