Typosquatting is the practice of maliciously registering a domain name similar to that of a famous website to take advantage of Internet users who accidentally mistype the domain name. For example, someone might register the domain name googgle.com to intercept users who accidentally type that domain name instead of google.com. The typosquatter who owns googgle.com might direct users to a page full of advertising or might direct them to a page that looks identical to that of Google with the intention of stealing their usernames and passwords.
Omani domain names provide the perfect opportunity to intercept mistyped domain names because it is very easy to mistype .com as .om. Therefore, if someone registers the .om domain name of a famous website such as Google, Facebook, or Twitter, that person can put thousands of users who mistype the domain names of these websites at risk. The opportunity of abuse at this scale is extremely rare, and only three country codes in the world have this effect due to their similarity with the .com top level domain name: Oman with .om, Colombia with .co, and Cameroon with .cm.
Even though registering domain names in Oman is tightly regulated as only Omani businesses and nationals are allowed to register Omani domain names, someone still managed to abuse the registration system and undertake a substantial typosquatting campaign in which at least 300 .om domain names were maliciously registered. These included Netflix.om, BBC.om, Gmail.om, along with hundreds other easy to confuse and extremely popular domain names. This malicious campaign was discovered by a security research organisation that published a report about it in March 2016. Within a few weeks of the publication of this report, the TRA cancelled the registration of most of the malicious domain names and brought the typosquatting campaign to an end.
Soon after, the TRA made statements that it will take extra measures to ensure that such incidents of abuse are not repeated. There is no public record of the measures that the TRA has taken since then, but it now appears that the options of the domain names available for registration, at least in the English language, became extremely limited.
For example, many simple dictionary words are no longer available for registration. These names include book.om, house.om, and children.om. Similarly, common English language names are no longer available. These include oliver.om, jack.om, and harry.om. Names of places are also no longer available. These include paris.om, london.om, and doha.om. All of these examples are not unavailable because they have been registered by someone else, instead, the ‘WHOIS’ domain name public records show a ‘Result Restricted’ message.
There is no evidence that there is a connection between the typosquatting incident and the new restrictions on .om domain name registrations, but these new restrictions are clearly not reasonable. The biggest advantage that .om domain names offer to Omani businesses and nationals is that they provide the opportunity to register names that are unavailable or extremely expensive under the .com top level domain name.
These restrictions are also unreasonable because there are many legitimate uses for these domain names by Omani businesses and nationals. For example, my first name happens to also be the name of a famous place, and if I was not lucky enough to register riyadh.om before the TRA introduced these new restrictions, I would not have been able to acquire this domain name.
The TRA should certainly have measures in place to combat domain name abuse, especially because of the serious implications .om domain names have on the safety of the Internet worldwide. However, the process for registering Omani domain names is already too cumbersome and expensive for most users, and having further arbitrary restrictions on the use of common words will make it very difficult to convince Omani businesses and nationals to consider them as a viable option for their websites.