Yesterday, The Secure Domain Foundation sprung to life. I have been following them on Twitter since first catching wind of their intent a while back and yesterday things started happening.
SDF launched at ICANN’s 49th public meeting, which was held in Singapore. The Secure Domain Foundation is founded by security research Chris Davis, famous for helping take down the Mariposa botnet, and domain industry expert, Norm Ritchie. It is a Canadian incorporated not-for-profit organization. They have an impressive list of partners already on their team.
The Secure Domain Foundation is providing free API access to a reputation and validation tool for domain registrars. The use of the API comes from a new ICANN initiative, the WHOIS Accuracy Program. Some might see it as destroying anonymity and ruining legitimate domain holders. The purpose behind the SDF is to provide these tools to domain registrars to make it more difficult or even put a stop to botnet, phishing, and malware-driven use of domain names.
If implemented well, the legitimate domain buyer should not notice any difference but the general health of the web ecosystem should be improved. We will just have to wait and see.
With their launch, The Secure Domain Foundation provided this press release:
SINGAPORE, March 23, 2014 /PRNewswire/ — ICANN 49 — Leading experts and companies in the cybersecurity, Internet and Domain Name infrastructure industry today announced the formation of the Secure Domain Foundation (SDF), a new, non-profit, community-driven organization devoted to the identification and prevention of Internet cyber crime.
Launched at ICANN’s 49th Public Meeting in Singapore, the SDF is backed by some of the industry’s leading Internet and Domain Name infrastructure companies and organizations including: Facebook, Verizon, Verisign, Enom, Name.com, CIRA(.ca), CO Internet(.co), CrowdStrike, the Anti-Phishing Working Group (APWG), Emerging Threats, ESET Anti-Virus, DomainTools, Internet Identity, CoCCA, Mailshell, Blacknight Solutions, Foreground Security, and the SecDev Group.
Founded by world-renowned security researcher Chris Davis who was responsible for taking down the infamous Mariposa botnet, and domain industry expert, Norm Ritchie, who has been designated as one of 7 trusted individuals in the world to hold the key to secure the Internet DNS root zone in the event of a catastrophe, the SDF was formed to help prevent criminal abuse on the Internet. Grounded in the spirit of cooperative efforts and sharing of information on bad actors, the SDF will provide no-cost tools, technology, research, and security intelligence to an initial market segment of Internet domain name registrars, registries, ccTLD operators, and gTLD operators. In the coming months, the SDF plans to expand services to hosting providers, DNS operators, CERTs, law enforcement and other Internet infrastructure operators.
Today, the SDF is launching a free API service to obtain an instant domain or registrant “credit score” based on security reputation and contact data validation. This API is made available to domain name registrars and registries for use during domain name transactions such as new account creation, domain registration, and record updates. Criminals have long used domain names to control botnets, distribute malware, and compromise unsuspecting visitors, and the purpose of the SDF API is to rapidly identify and shut down those activities at the time of domain registration.
“ICANN has recently mandated that domain registrars must validate postal addresses, phone numbers, and email addresses that are provided as contact information during the domain registration process,” said Norm Ritchie, Chairman of the SDF. “And many new gTLD registries have already pledged to take a more proactive role in combating domain abuse within their TLDs. The SDF provides an entirely free service that not only validates the contact registration data provided but also lets the registrar and registry know if we have seen that data used previously in relation to cyber crime.”
“Rightside has been an early supporter of the SDF and its mission. Over the past two years, the SDF has been quietly and skillfully compiling an extensive database of malicious domains and actors. It has been an excellent resource for us. We are very proud and excited to be a partner of the Secure Domain Foundation and we look forward to incorporating the contact data validation services into our domain registration processes,” said Wayne MacLaurin, CTO of Demand Media companies Enom,Name.com and Rightside Registry.
“Beyond our current offering of tools and services, we are also dedicated to raising the cost and risk of cyber crime,” said Chris Davis, President of the SDF. “With our partners, we analyze hundreds of thousands of malware samples daily and actively engage with registries, registrars and hosting providers to shut down the criminal command and control infrastructure. Our staff and volunteer researchers and analysts work tirelessly to provide criminal attribution intelligence to the proper global law enforcement organizations and help to bring these criminals to justice.”
The SDF will be participating in ICANN’s 49th Public Meeting this week in Singapore.
About The Secure Domain Foundation (SDF)
Launched in 2014, the Secure Domain Foundation (SDF) is a Canadian incorporated, not-for-profit organization dedicated to the vision of an open and secure Internet. We are a public benefit, community driven organization.
Our primary mission is to provide Domain Name Registrars, registries (ccTLD & gTLD), hosting providers, DNS operators, and other Internet infrastructure providers with the tools they need to combat abuse of their services and a forum for sharing intelligence on bad actors. Founding members and corporate sponsors of the SDF include: Facebook, Verizon, Verisign, Enom, Name.com, CIRA(.ca), CO Internet(.co), CrowdStrike, APWG (Anti-Phishing Working Group), Emerging Threats, ESET Anti-Virus, DomainTools, Internet Identity, CoCCA, Mailshell, Blacknight Solutions, Foreground Security, and the SecDev Group. For more information, please visit: http://www.securedomain.org or follow us on Twitter at https://twitter.com/SecureDomain.
SOURCE Secure Domain Foundation