Registrar Connections

In spite of the scorching summer heat that beat down on Washington, D.C. a few weeks ago, the VeriSign Registrar Days meeting held at the Four Seasons Hotel on July 10 and 11 turned out to be a real cool event! It was well attended and 94% of the attendees rated the event valuable and stated that they are very likely to attend another meeting in North America.

The top three presentations ranked by the attendees in terms of “Most Valuable and Interesting” (in order of importance) were: “Elements for Greater Business Effectiveness,” “Enhancing Online Security” and the third slot was a tie among three presentations, namely, “State of the Domain Name Industry,” “Expanding into International Markets” and “Customer Service Best Practices.” There were other favorite sessions that were ‘checked’ on the post-event survey forms namely, “The Channel,” “Understanding Policies to Help Your Business” and “Meeting Consumer Needs.” We also received a profusion of compliments on the great food and venue, and endless comments about our highly entertaining tour of D.C. It was a busy day but the attendees were inexhaustible.

At the end of the tour, some folks mapped out their own game plan to engage in a tour of some bars in Georgetown. And it seems that the festivities continued on through the night!

Day 2 also saw a strong attendance for the Policies and Security sessions. The post-event optional session, “DNS Demystified” presentation and tutorial by Matt Larson was also well attended and highly reviewed.

Thank you to all those who participated and to our special guest speakers who brought their expert insight and shared numerous practical tips and industry trends and data with the registrars. And finally, congratulations to Gretchen Olive from CSC who won the survey raffle prize of an American Express $50 Gift Cheque.

We are gearing up for our next event: the Europe Registrar Day event. Watch out for our announcement coming out soon! And if you have any suggestions or questions about our Registrar Day events, please send an email to NamingMarketing@verisign.com.

Building Advocates and Influencing Key Audiences

Public relations is a powerful tool for customer acquisition and retention. And if you're interested in customer acquisition, as well as attracting and retaining employees, increasing shareholder value and building long-term brand awareness, a story in USA Today could have a big impact on your business. That's because consumers are influenced by advocates – thought leaders who have the objectivity, expertise and platform to help form opinion. Public relations is about building advocates for your business.

Advocates may be journalists, analysts, bloggers, or individuals who happen to love (or hate) your brand. They set the tone that influences every aspect of your business. The goal of public relations is to identify potential advocates, provide them with the information they need to know about you, and then encourage them to do what they do best – tell your story and deliver your message to their networks of consumers – and potential customers.

This is a powerful proposition. Consumers are bombarded by messages delivered through traditional advertising, direct and email marketing channels. Those messages are increasingly filtered, and are often met with a high degree of skepticism. These days, an email solicitation or banner ad is viewed in the same light as a phone call at dinner.

So, how do we land that article in USA Today (or favorable blog post or word-of-mouth referral)?

A positioning is a statement that defines who you are, how you are different and why you are important to customers. Key messages provide supporting information which helps show how you are relevant and what benefits you bring to customers. And then identify audiences.

Once you know what you have to say, you must ask yourself, who cares, or who do I want to care? Instead of being concerned with reaching the most people, you should put your efforts into reaching the right people. When defining your audience, consider all of your stakeholders, including customers, employees, current market leaders, and other influencers.

Consider your target audience and how they get their information carefully. Although an article about the advantages of using .jobs in a daily newspaper may have the potential to be read by more people, the same article in a highly segmented trade publication like HR Executive has a better chance of reaching those who actually will read the article, and more importantly, who want to use your business.

Remember that a younger audience may get virtually all of their information from online sites, but keep in mind that many of the blogs and articles they read use information from other places. Pay attention to what these are and target them with your message.

Next month’s article will discuss Knowing Your Advocates and Other Ways To Get Your Message Across.

Erin Roche is a director in the technology practice at Weber Shandwick, a global public relations agency. For more information about public relations and building a network of advocates, please contact Erin Roche at eroche@webershandwick.com.

Who Are You? Insights on the Registrar Channel

As a part of VeriSign’s continual effort to understand and support registrars, VeriSign commissioned a survey to assess registrars’ attitudes, business behaviors and market expectations. The survey included registrars based in the United States as well as internationally as well as respondents from both the largest and smaller registrars. Respondents also included a mix of business models and targets including those with retail and wholesale models and those with consumer or business customer targets.

Overall, the channel is very optimistic about the domain name industry with 83 percent of respondents stating that they believe that the number of new registrations will increase over the next 12 months. Registrars are also optimistic about renewals with 52 percent believe that renewals will increase in the next year. When asked to characterize their primary business, 67 percent described themselves as “domain name registrars” while 26 percent said “hosting company.” About 43 percent of the respondents described their business as wholesale focused and 57 percent described their business as retail focused. Resellers are important to the channel with more than one-third of registrar business coming in via resellers. Registrars do find resellers to be effective for the most part with 40 percent stating that resellers were very or extremely effective and 48 percent stating that resellers were somewhat effective. These effectiveness ratings are trending upward over the past two years.

Registrars offer a variety of products and services but most offer a core of offerings that includes email, Web site hosting, ccTLDs, bundled Web packages and SSL certificates. When asked for the factors that were most important in driving new registrations, the leading response, 98 percent, was providing a high level of customer support.

Additional highlights from the study will be available online later this summer. Check in with namingmarketing@verisign.com for your copy.

Don’t Get Hacked: What Everyone Should Know About AJAX Security

Special series article by Karthik Shyamsunder, Principal Engineer at VeriSign
Part 1 of 3

Nowadays, AJAX has become a premier technology for building web applications. Web application developers are upgrading their skills so that they can take traditional web applications and make it AJAX enabled with the intention of providing a better user experience. Interestingly, hackers are making a similar type of transition. They’re also upgrading their skills, technology and tools to better attack AJAX applications.

In traditional web applications, most of the application logic resides on the server-side and the client simply acts as a dumb terminal. In AJAX applications, there is a rich client which is the browser with a JavaScript engine that has the capacity to make asynchronous calls back to the server. In such AJAX applications, the application logic is split between the client and the server. The application simply makes asynchronous calls back to the server. As a result, AJAX applications have an increased attack surface since the hacker can now attack both the client browser and the web server. Moreover, with AJAX applications, since more and more business logic is available in the client side in the form of JavaScript, the hacker can read the code and get more information about the application and thus the hackers’ knowledge increases.

Listed below are some of the common vulnerabilities and issues in AJAX applications and corresponding countermeasures:

Exposure of Unnecessary Internal Information
One of the first things that the hacker does is profiling. With profiling, the hacker sends an HTTP request to a Web site and carefully inspects the response from the server. The hacker looks at the HTML, JavaScript, comments, form fields, hidden fields, links, URL’s, HTTP headers, and cookies in order to better understand the application architecture.

Due to the inherent nature of the Web, there is going to be some information that is available to the hacker. But there are steps one can take to ensure not to leak unnecessary information to the hackers that could be detrimental. Hence, as a countermeasure remove comments from HTML and JavaScript code. Do not even put developer contact information in the HTML and JavaScript code. The hackers search for developer names in popular forums to size the developer’s knowledge based upon the questions they pose on these forums. On some occasions, they may answer the question with more probing questions or could even lead the developer to an insecure solution. Since AJAX applications tend to expose more services that the clients can invoke, they are inherently prone to give more information about application services to the hacker. Thus, it is vital to think through as to what aspects of the application should be AJAX enabled.

Improper Validation
Improper validation is when the application accepts invalid or malicious input. With an Ajax application, there tends to be some confusion about where the validation should be done. In other words, should the validation be done on the client side, server side or both? Sophisticated drag and drop tools hide validation details which increases the validation confusion. Also, with Web 2,0 the complexity of the data that needs to be validated has increased and there is a lack of toolkits and regular expressions to validate these complex input. Finally, developers usually remember to validate the GET and POST parameters, but often forget to validate HTTP headers.

Next month’s Part 2 article will discuss two of the most notorious attacks going on on the Internet, namely: Cross Site Scripting and Cross Site Request Forgery.

Customer Service: Frequently Asked Questions

Question: What is the procedure to restore a .com or .net domain name that is in Redemption Grace Period (RGP)?

Answer: When a registrar sends the restore command, the domain name will be placed in Pending Restore. The registrar then has seven (7) days to submit the restore report. Once the registrar does this, the restore will be complete and the domain name will be active. A Restore request and Restore report can be submitted via EPP or NameStore Manager Tool. If you do not submit the restore report within seven (7) days, the domain name will go back into Redemption Period.

1. Low Balance Poll - This is generated when the available credit is below the low balance percentage of the credit limit.

3. Transfer Poll - This is generated when transfer actions occur and the losing Registrar needs to be notified of the action. The following transfer actions result in Transfer Poll messages:

Special Report on Technology from eMarketer: Germany: Online Overview

With 40 million active Internet users, the Federal Republic of Germany is home to Europe’s largest online population. Germany is also Europe’s largest retail e-commerce market, with total online sales of $23.9 billion in 2006. Two out of three German Internet users are also online buyers. The average German online buyer spent $945 in 2006, and this total is likely to reach $1,739 by 2010.

Young Germans have adopted the Internet almost universally; however, the country’s aging demographic distribution means that two-thirds of all users are over the age of 30. Nearly two-thirds of Germany’s Internet population is composed of seasoned users with three or more years of online experience.

German advertisers spent $662 million online in 2006, a figure that is expected to reach $993 million in 2007. While online advertising is the fastest-growing segment of the German advertising market, it claims a much smaller share of overall ad spending than in France or the UK.

To read the full report, please contact Jennifer Moore at 212.763.6046 or send an email to jmoore@emarketer.com.

In the News

This section contains a selection of articles pertaining to the Domain Name Industry compiled by Information, Inc.

"Net Attack"
Wall Street Journal (06/05/07) Mannes, Aaron; Hendler, James
University of Maryland Ph.D. student Aaron Mannes and Rensselaer Polytechnic Institute computer science professor James Hendler warn that the cyberwarfare era is upon us, as evidenced by numerous incidents that include an assault on six of the 13 "root servers" comprising the Internet's backbone in February. Such attacks threaten the global economy, and signify the pressing need to strengthen the Internet against criminals. The authors note similarities between various politically charged online attacks, such as the defacing or shuttering of prominent Estonian commercial and government Web sites that followed the relocation of a Soviet World War II memorial in April. These disruptions, as well as the strike against the Internet root servers, take the form of Distributed Denial of Service (DDoS) attacks, in which malware is installed on a computer and directed to swamp a targeted system with messages, which can be crippling when such floods are unleashed en masse by large networks known as botnets. DDoS attacks are becoming more frequent because the tools to launch them are easy to acquire and use, and they are difficult to trace given the global scope of botnet networks. Still, breaching a system to pilfer information or launching an assault that targets real-world infrastructure requires a hacker of substantially greater skill, and Mannes and Hendler note that the few publicly disclosed incidents in this vein have been perpetrated by insiders. But although botnets lack the means to technically hamstring the Internet, they are threatening its trustworthiness and openness through the dissemination of malicious software and spam. The authors point out that establishing international standards to address cybercrime while defending civil liberties is a continuing challenge, but even more formidable is coaxing countries to comply with these standards through the implementation and enforcement of anti-cybercrime laws.

"Proper Spanish, Coming to a URL Near You"
VivirLatino (06/07/07)
In October, the Spanish government will launch an initiative that will allow special Spanish-language characters that feature accents to be incorporated into URLs formed with the .es domain extension. The new characters are made possible because the government has changed the standards governing the use of URLs. The changes include allowances for several accented versions of the letters a, e, i, o, u, and n. Previous to the new rules, special Spanish letters such as the accented "n" were not allowed in domain names, limiting the effectiveness of the intended meaning of certain domains and Web sites. The announcement of the changes prompted concern that domain speculators would register many of the new accented domains, but this worry has been addressed with a mechanism that will give priority to holders of existing .es domains, so that they can register the appropriate new version of their domains. Disputed domains will be resolved by a live auction.

"Chinese Web Surfers Reach 162 Million--CNNIC"
China Daily (07/18/07) Xi, Zhang
According to a report from the China Internet Network Information Center (CNNIC), China has 162 million Web users. Nearly 122 million of these users are broadband Internet users, while 44.3 million use the Web via their mobile phone. The nation has 9.18 million domain names registered, with 6.15 million of those being .cn domains, which exceeded the number of .com domains for the first time. Netizens frequenting Internet cafes have made such locations the second most popular locale for online surfers. Yet only 15 percent of users employed the Web for online job-searching, while 25.5 percent shopped online, and 20 percent of users used the Internet for banking services. Instant messaging and listening to music proved popular, with both platforms used by nearly 70 percent of Web surfers. Teen students accounted for more than a third of the nation's netizens, averaging a weekly online time of a little over 11 hours.

July 2007

In this issue:

What Happened on July 10 and 11?