.cm is the country code top-level domain (ccTLD) for Cameroon. It is managed by Agence Nationale des Technologies de l'Information et de la Communication (ANTIC)[1] (English: National Agency for Information and Communication Technologies).

Delagation History edit

The .CM top-level domain was initially delegated in the mid-1990s to INTELCAM.

Cameroon Telecommunications (CAMTEL) succeeded INTELCAM as the .cm Manager due to a governmental restructuring in 1998.

In 2002, Agence Nationale des Technologies de l'Information et de la Communication (ANTIC) was created.

In 2009, CAMTEL and ANTIC reportedly reached an agreement to transfer the technical, administrative, and financial management of the .cm top-level domain, and ANTIC took over its operations. Between then and 2016, ANTIC submitted several transfer requests to IANA, which were either withdrawn or administratively closed due to technical issues and pending the submission of supporting documents. ANTIC submitted a fully documented application in 2023.

In 2010, the government of Cameroon passed Law No. 2010/013, which governs electronic communications in Cameroon. Article 96 of this law lists ANTIC's mission, which includes “the registration of ‘.cm’ domain names” and “drafting the policy and procedure for the registration of ‘.cm’ domain names, hosting and administration of root servers, and granting of Registrar approval for ‘.cm’.” This was renewed in 2012 by Article 5 of Decree No. 2012/180 and in 2019 by Article 4 of Decree No. 2019/150.

On 14 September 2023, ANTIC submitted a transfer request to IANA, which was conceded in 2024.[2]

Wildcarding Controversy and Typosquatting edit

The .cm domain has been a source of trouble throughout its history. In 2006, CAMTEL, the former registry operator, set up a wild card DNS entry covering all unregistered .cm domains. This "typosquatting" maneuver redirected traffic to a site with pay-per-click advertisements.[3] In 2009, McAfee's "Mal Web" Report identified .cm as the most dangerous space on the internet, with nearly 40% of its active URLs containing some sort of threat to PCs.[4]

It seems likely that the proliferation of typosquatting sites, and the associated bad press,[5] was partially responsible for the introduction of new regulations. In December 2010, the government of Cameroon passed Law No. 2010/13, which among other things placed management of the .cm ccTLD in the hands of (ANTIC).[6][7] While many saw the move as a crackdown on malicious uses of the TLD,[8], others asserted that the law was largely intended to chill online voices critical of the Cameroonian government.[9] For its part, ANTIC emphasized cybersecurity and reducing criminality through responsible Internet governance, and launched an awareness campaign around those issues.[10]. The ccTLD managing transition was only officially completed in 2024 as it was accepted by IANA.[11]

In 2018, Krebs on Security discussed the findings of security consultant Matthew Chambers regarding a slew of brand name typosquatting .cm domains.[12] Chambers subsequently provided an update to his research in the spring of 2018:

Sites are still redirecting to scareware publishers, locking up machines, and creating audio alerts. See screenshots and video below. Sites will serve up innocuous ads at times, and others messages will be fake alerts or Flash upgrades. Take note that the results will vary, and there’s a good chance that these sites are looking for “unique visitors.” It’s possible that you will have a different outcome based on your browser, location, or other factors, like language.[13]

References edit