Email Scams Put Brakes on Non-English Domain Name Rollout

Rhett Pardon
LUXEMBOURG CITY — ICANN’s top official said Friday that concerns about phishing email scams will delay the expansion of domain names beyond non-English characters.

Vint Cerf, chairman of the Internet's key oversight agency, would not speculate on when such characters might appear but said Internet engineers must now spend time “trying to winnow down, frankly, the number of character [sets] that are allowed to be registered.”

Security experts warn of a potential exploit that takes advantage of the fact that characters that look alike can have two separate codes in Unicode and can appear to the computer as different. Therefore, scammers can register a domain name that looks to the human eye as a legitimate domain but tricks users into giving passwords and other information.

“It became clear we had opened up the opportunity for registering very misleading names,” Cerf said. “This kind of potential confusion leads to parties going to what they think are valid websites.”

Cerf made comments as he and ICANN’s board wrapped up a conference in Luxembourg City. He responded to a U.N. panel study on Internet governance that “insufficient progress has been made toward multilingualization.” Thursday’s U.N. report cited the lack of international coordination and technical hurdles as among the problems.

The Internet currently supports only 37 characters — the letters of the Latin alphabet, 10 numerals and a hyphen — through a character system called Unicode.

With high demand outside the United States for non-English domain names, engineers have been working on ways to trick the system into understanding other languages, such as Arabic, Chinese and Japanese.

Last year, operators of the German .de domain began offering 92 accented and other special characters, including the umlaut common in German names.

But ICANN has yet to approve domain names entirely in another language.