Measures proposed to reduce risk of misrouting private email messages out onto the public Internet

As ICANN moves closer to authorizing a host of new generic Top Level Domains (gTLDs), concern has been expressed about the possible impact that at least some of those new gTLDs could have on at least some corporate network operators and Internet users. While ICANN believes it unlikely that significant numbers of such operators/users will be affected, it is proceeding cautiously.

The potential problem? “Name collision”.

What is “name collision”? In ICANN’s words,

A name collision occurs when an attempt to resolve a name that is used in a private name space (e.g., under a non-delegated Top Level Domain, or a short, unqualified name) results in a [Domain Name System (DNS)] query to the public DNS.

As ICANN consultants have described the problem, “Name collision creates ambiguity and instability, because apparently identical strings name different things in different contexts.” In their view, the consequences range from mere “user confusion” to far more dire possibilities, including “application failures, denial of service, or serious breaches of security”.

In more pedestrian terms, name collision can occur when a private network – say, a company’s internal email system – has been set up to interpret a particular term (or, in ICANN parlance, a “string”, like “.mail”) as referring to addresses strictly within that internal system. But if that particular term also happens to be a gTLD used across the Internet – like “.com”, “.edu”, “.org” or other familiar gTLD strings – then the address of email intended to be limited to the company’s internal system could be misread and the email instead routed to the broader Internet (i.e., the public DNS).

Obviously, that could have serious legal and/or economic consequences for the sender, especially if personal, confidential or proprietary financial information were to be misrouted and revealed to unintended recipients.

The problem of name collision is not new. ICANN has known of it for years and has taken steps to reduce its potential impact. As a result, no major catastrophes have occurred (as far as we know).

But concern has been rekindled with the raft of proposed new gTLDs currently under consideration at ICANN.

Those proposals include hundreds of strings such as .guru, .health, .sport, .cloud, .bank, and .music. More troublesome are the proposed strings .mail, .corp and .home, terms which are already used in many internal email addressing schemes in larger companies. Designation of any of those three strings as gTLDs would substantially increase the possibility – indeed, likelihood – that internal email will be misrouted to the DNS instead of remaining on a company’s internal network.

To get out in front of the problem, ICANN commissioned an independent report to identify possible ways of mitigating the potential risks of domain name collisions. The Report, released in late February, concludes that the risk of collisions is manageable for most, but not necessarily all, new gTLDs through the implementation of safeguards and the development of an emergency response mechanism by ICANN.

However, because the use of .corp, .home and .mail is so widespread in internal networks, the Report recommends that those three strings be permanently reserved for internal use.

With respect to other proposed gTLDs currently in the pipeline, the Report recommends that a mandatory 120-day controlled interruption period be imposed beginning immediately after the delegation of each new gTLD. During that period, the prevalence of collisions involving each new gTLD can be evaluated and remedial measures to avoid harm to networks and users can be developed. At the same time, ICANN will establish procedures to identify collision events that pose a “clear and present danger to human life” and take corrective actions to suspend problematic addresses and ensure the compliance of new gTLD registries with such actions.

Companies with internal networks and addressing schemes need to be aware of the risks of name collision, monitor for problems, and be prepared to address them if they arise. Should you find problems within your internal network as new gTLDs are released, feel free to contact us for assistance and outreach to ICANN.

Note that ICANN is accepting comments on the February Report. Anyone so inclined may submit comments by April 21, 2014.