If news reports are to be believed, the West African country of Mali is planning to let anybody register .ML domain names for free.
Yes, you read that correctly.
Here's how The Register described the plan:
The .ML domain will be carved up in three phases, with a "Sunrise" phase in May and subsequent June "Land Rush" during which hundreds of generic and premium domain names will be released. Applicants are asked to contemplate "strategic partnership opportunities" during that period of time. Come July 15th, the world+dog can take their pick.
At first I thought it might be a late April Fool's joke, but it appears that a press release from Freedom Registry confirms the plan:
What could possibly go wrong?
Well, let's put our thinking caps on for a minute.
- With no cost of entry, .ML domain names will likely be snapped up quickly - not just by legitimate web users, but by online crooks who might be interested in creating phishing sites, using a .ML website to host malware, or as a redirector.
- .ML, of course, looks really rather similar to .MIL - the TLD used by sections of the US military such as the American Navy, the Marines as well as the United States Coast Guard. Is it possible that cybercriminals might try to spoof legitimate .MIL websites by snapping up free .ML domains with confusingly similar names?
- No payment makes it even easier for someone to register a domain name without giving their real credentials (there's no need even to use a stolen credit card for payment). If crimes are committed involving .ML domain names, it will be hard for the authorities to trace those responsible.
Will the .ML domain name giveaway really happen?
Well, it looks likely.
A subsidiary of the same company has been handing out .TK domain names for free for some time, and boasts that "Tokelau (.tk) is now the largest country code top level domain registry in the world" with "more active domain names registrations than Russia and China combined."
In the past we've seen lots of abuse of the .TK country code, and sure enough in the last week we have seen .TK sites being used to host malware, for phishing, and as URL shorterner services used in spam.
Quite why one of the world's poorest countries, ravaged by conflict, would want to give away .ML domain names for free is anyone's guess.
It's certainly not going to boost the nation's reputation internationally if it becomes associated with spammers, malware attacks and cybercrime.Follow @NakedSecurity