Sophos Cloud Optix
If news reports are to be believed, the West African country of Mali is planning to let anybody register .ML domain names for free.
Yes, you read that correctly.
For free.
Here’s how The Register described the plan:
The .ML domain will be carved up in three phases, with a "Sunrise" phase in May and subsequent June "Land Rush" during which hundreds of generic and premium domain names will be released. Applicants are asked to contemplate "strategic partnership opportunities" during that period of time. Come July 15th, the world+dog can take their pick.
At first I thought it might be a late April Fool’s joke, but it appears that a press release from Freedom Registry confirms the plan:
What could possibly go wrong?
Well, let’s put our thinking caps on for a minute.
- With no cost of entry, .ML domain names will likely be snapped up quickly – not just by legitimate web users, but by online crooks who might be interested in creating phishing sites, using a .ML website to host malware, or as a redirector.
- .ML, of course, looks really rather similar to .MIL – the TLD used by sections of the US military such as the American Navy, the Marines as well as the United States Coast Guard. Is it possible that cybercriminals might try to spoof legitimate .MIL websites by snapping up free .ML domains with confusingly similar names?
- No payment makes it even easier for someone to register a domain name without giving their real credentials (there’s no need even to use a stolen credit card for payment). If crimes are committed involving .ML domain names, it will be hard for the authorities to trace those responsible.
Will the .ML domain name giveaway really happen?
Well, it looks likely.
A subsidiary of the same company has been handing out .TK domain names for free for some time, and boasts that “Tokelau (.tk) is now the largest country code top level domain registry in the world” with “more active domain names registrations than Russia and China combined.”
In the past we’ve seen lots of abuse of the .TK country code, and sure enough in the last week we have seen .TK sites being used to host malware, for phishing, and as URL shorterner services used in spam.
Quite why one of the world’s poorest countries, ravaged by conflict, would want to give away .ML domain names for free is anyone’s guess.
It’s certainly not going to boost the nation’s reputation internationally if it becomes associated with spammers, malware attacks and cybercrime.
Is there a clean way to block access to all URLs in a given top-level domain? I'm thinking of something at the OS level (Windows 7) rather than browser-by-browser, if possible. But I can't find the option in IE10 anyway. There are a lot of TLDs I would need extremely rarely if ever – not being able to speak their languages, for a start.
Having browsed a little, it seems that OpenDNS offers exactly that service. Though I'd prefer to stick with my ISP's DNS servers if possible.
Firewall content filtering would be the easiest IMO.
I have been using OpenDNS to block porn and filesharing sites at work,i can confirm that it works very well.
You might be able to login to your router and block them with something like…
*.tk
*.ml
Have a look in your routers manual (download the one for your model from the manufacturers website) and look for “how to block a website”.
Another way (OS level) would be to add them to a custom host file…
http://stackoverflow.com/questions/138162/wildcards-in-a-hosts-file
If you’re willing to run your own DNS (potentially running forwarding queries to your ISPs DNS if you want), you can simple set up you own .tk and .ml domains, and forward them wherever you want. It will take precedence over the domains in the outside world.
Everything using your DNS will then benefit.
Use with whichever DNS software you prefer…
it will be like another dot.tk domain….
They will probably steal the spammers/scammers website. Dot.tk also seems to steal peoples domains and park them to make money. So many horror stories.
@Bob: Router configuration should take care of it 😉
We should all register all of the domains that would look like us military addresses and have them redirect to Naked Security 🙂
I want to get a free .ml domain and I am not a criminal.
Me too !
Me three!
I've been a happy (honnest, I daresay) user of dot tk – several free domains, for years. They are NOT taking your domain away arbitrarily, no, but you have to follow the rules or else risk to lose it (or /buy/ a full fledged dot tk). Like everything free, dot tk might be abused but, wait, free dot tk domains are much limited in what you can do with them, they are not really registered to their users. Go to : /www.dot.tk/ for full information.
If the free .ml domain names come with the same kind of restrictions, they will not pose much a problem to the internet community. Otherwise they may be a bargain for honnest and less than honnest people, but in either case it's not the end of the world IMVHO.
Does Google deindex your websites?
I like free may be better than gmail and
I want to get a free .ml domain and I am not a criminal.
Looks like a loss leader to me. Free domains today, people pour in, then two or three years from now they could charge a few bucks to renew. Could make a lot more money in the long run.
I just got hundred fake .ml websites registered with my name on them – some porn, some with pop ups like Microsoft Antivirus has detected… And more appear. Pure illegal malice.
I just received a text message from .ml. The message was from an email and directed me to a website which I didn’t click on. I received this on my iPhone 5S. I have no way to block it. I tried. Even though my mobile number is listed/registered with the National Do Not Call Registry, there would be no way to prosecute someone sending a message from West Africa. This worries me because I have no idea if just having the darned thing on my phone could injure it somehow. Hopefully it was just sent in the hopes of someone clicking on it and nothing more. It bounced over to my iPad as well. I’ll see if I can block foreign text messages from going to my iPad. I have no great hope of that, however, either.
Probably totally unconnected, but it reminded me of ML.ORG from the 1990s, which also gave away free (sub-)domains, and also suffered a lot of abuse…. https://web.archive.org/web/19990125090924/http://ml.org/
Received a text message directing me to [redacted].ml to “confirm your credentials”. The domain is registered to Freedom Registry, Inc. The business comes up with an estimated income of $61K per year, employing 1 person. You can’t live on that in Palo Alto, I’m pretty sure!
Just got one in my spam folder on 4/4/2020. Looks like a trap! Domain at the very end is .ML