I would not trust Kazakhstan to honor the TLD registrations if this took off and made some noise. Reminds me of Libya taking ownership of all those trendy .ly domains claiming you have to obey Libyan laws and regulations to operate them. Still a fun idea taken quite far!
I bought xn--mn8h9e.ws a couple years ago just for fun. I think it's fun to own an emoji domain, but what I can say definitely say is that it's still a bad idea to own one if you want to get emails to it.
Popular thick email clients still struggle with utf8 domains and I've fiddled around with several email providers that just have complete failures trying to send as well.
I tried pasting the email address in a bunch of popular services (LinkedIn, Instagram, etc) as my email or the domain as my homepage and most of them treat it as invalid, and I found some legitimate breaking bugs in their services in trying it out.
Edit: case in point, just noticed HN also falls in the camp of unsupported emojis in the text body, so another example :). Added the punycode instead
HN's emoji stripper is intentional. some are supported, eg; ↖↙↗↘
but others are not, so we're reduced to using things like ¯\_(ツ)_/¯ to communicate
I don't feel like emoji add anything substantial to a textual conversation, it's mostly useless fluff. I don't miss it on HN, so I disagree with your use of "reduced" here. :)
I don't feel like emoji add anything substantial to a textual conversation
Proceeds to add an ascii emoji <facepalm>
What would an emoji provide over that ascii combo?
Immediate understanding from across the room without needing to read a paragraph
Variety and reduced ambiguity.
Nuance
Am I the only person who still calls "ASCII emoji" "emoticons"?
I see what you did there :LOL:
Pretty sure it's because Emojis are Unicode and HN only supports ASCII.
I don't know how you got that idea but it's completely wrong.
HN allows 99% of Unicode.
Well how would they filter out emojis? My assumption is, that they're doing it by exluding Unicode code points for all emojis.
My assumption is, that they're doing it by exluding Unicode code points for all emojis.
Yes? The code points of emojis are excluded by HN.
Try it yourself with characters of different types! Ones that are neither ASCII (including builtin html entities, sure) nor emoji.
你确定马?
I love that I didn't have to translate this to know what it said
_ _ __ _ _ _
(_)_ _ ___| |_ _ _ ___ ___ / _(_) __ _| | ___| |_
| | | | / __| __| | | | / __|/ _ \ | |_| |/ _` | |/ _ \ __|
| | |_| \__ \ |_ | |_| \__ \ __/ | _| | (_| | | __/ |_
_/ |\__,_|___/\__| \__,_|___/\___| |_| |_|\__, |_|\___|\__|
|__/ |___/
According to the IETF standard for IDNA it is invalid.
https://itp.cdn.icann.org/en/files/security-and-stability-ad...
https://www.icann.org/en/system/files/files/idn-emojis-domai...
gTLDs have to follow that, ccTLDs not necessarily (is what I got from comments on the original discussion of this blog post.)
Even if emoji was invalid, unicode in general is valid in domain names, and should be converted to punycode. Local domains exist too.
It’s not the email client’s job to decide whether a domain is valid, it’s DNS’.
Trying this emoji thing out inline. Had not even heard of the auto-symbol translation
As a test, looked for (star).com [might show up with .com, or %E2%98%85.com ?](EDIT: nope) Long form is: https://www.xn--p3h.com/ Source was a question on StackExchange about weird domain names.[1] Seemed to be related to the authors hunt for "prestige" emojis.
Apparently owned by Gregg N. Ostrick of GNO, Inc. bought wayyy back in 2001-04-19. [2] If this is such a new idea, how did Mr. Ostrick buy (star).com back in 2001? Got some hijinks with time traveling retcon sales of emoji names?
Notably, typing the (star) symbol in the browser (Firefox) does seem to work, and gets auto-extended to xn--p3h. Others, like (star)(star)(star) appear to work (xn--p3haa) just have no domain squatter. Others, like crazy bail bonds names, or eBay reviews, such as A(star)++ appear to resolve (https://www.xn--a++-0m5a.com/). However, I'm not sure if those actually work.
Also, confusing stuff. Like Wingdings (star), which turns into unicode << do Not actually go to the what Appear to be visually the same. (https://www.xn--iba.com/) Well beyond G00GLE.com (zerO)(zer0) issues.
[1] https://stackoverflow.com/questions/1719132/how-do-i-registe...
I was playing around with this about a decade ago and discovered one of the dark patterns of the interwebs -- the emoji domain name would first show as 'available' and if I didn't immediately pounce on it I'd go back and it would show up as 'available for auction' or some bullshit.
Pretty sure I ended up buying a turtle and did absolutely nothing with it. Almost had the hammer and sickle for some quality trolling...
--edit--
This just reminded me of reading about Milka (the euro brand) taking away the domain name of a woman named Milka and, being drunk at the time, immediately buying milka.eu.com (or something very similar) and just setting up a webpage with a picture of a statue of Stalin I'd taken while in Hungary. Not too sure why they didn't go after my obvious trademark infringement?
-- edit II because I'd mixed Stella with Milka, my bad Stella.
Enormous discussion at the time (2021)[0](1683 points, 626 comments)
I find it amusing thar about a sixth of the comments are on how couples should handle their finances. Nobody could have guessed that.
Also found a comment from myself warning of using this anywhere near Germany (tldr kz stands for concentration camp).
As a German speaker, first association when reading the title of this post. "Uuuuh, that does not fly in Germany."
It seems unfortunate if Kazakhstan has been assigned a TLD that makes it hard for them to do business with Germany.
When you are operating out of Kazakhstan, I'm sure Germans get the context. It's different when you're actively choosing the name.
never use abbrevations like SS, NS, AH, HH, HJ in Germany
Very true, also for Austria. When I was in the military and we got our Steyr AUG A1 we had to know the serial number by heart so we could find our gun when mixed up. We also had to report our serial number when asked by instructors. Mine started with "HJ18" which was by random chance but always wondered why these wouldn't be taken out before production because of the obvious nazi code
How to resist commenting on "Darling, would you mind terribly if I spent £1000 on Kazakhstani emoji domains?" ? ))
I wonder how many users does he have now :-)
On the front page he says:
2k addresses registered
If you take that as a live counter of the number of subscribers that's 2k a year, and pretty good!
If you take that lifetime registrations that's not so good.
Also assuming that that copy is accurate.
2000 * $10 = $20,000, over 3 years that’s $6,666 a year. Doesn’t seem that bad
Wait, aren't emojis explicitly prohibited from being used in IDNA? Or do the implementers just not bother to read the "IDNA Rules and Derived Property Values" table and simply allow anything that's a correct punycode?
Kazakhstan and DNS. Always always my personal reminder that OWASP applies to all applications, and to always sanitize inputs. DAMHIK!
Don’t ask me how I know.
In summary, countries trump IDNA (and as you notice, it's all ccTLDs - ICANN will stop you if you tried this with a gTLD).
> Turns out emoji domain names score very highly for spam and were going to be blocked to high heaven.
I turns out their mailbox.ws domain doesn't have SPF or good DKIM records. Might be part of the problem why google chucks it.
Email is a shit show. I feel like getting emails out reliably is akin to black magic now. Without the right incantations your never going to know what happened or why.
Even Google struggles to apply these correctly 100% of the time:
google.com TOTAL SPF ALIGNED DKIM ALIGNED
209.85.167.49 3 100% 0%
209.85.218.47 3 100% 100%
209.85.167.43 2 100% 50%
209.85.208.44 2 100% 100%
26 more IPs 28 75% 92.8%If you setup DMARC reporting, the big providers will send you a daily delivery report for emails from your domain to theirs. Great for tuning deliverability, and for catching ruffians attempting to use your domain.
You're right though, email is still a shit show, it's particularly annoying that they've made so many over-complicated auth schemes based on centralized and insecure-as-a-rule root tech(DNS), and never phase any out. When it's easier to configure postfix than domain identity, you know something is wrong.
I find it a little disingenuous that the author keeps dropping the TLD and describing the emails as cool@<poo>, when the TLD is still part of the email address. Interesting experiment, anyway. I'm surprised that it worked well enough to get a functioning email service working with it. A lot of systems must assume that an email address or domain name wouldn't include emojis.
Same, switching between <emoji>.cctld. and bare <emoji>. made me question the author's understanding about DNS as a whole, those two are very much different things! Then again, the average tiktok viewer wouldn't, I assume, care too much about needing to tack on .kz to an email as long as there is an emoji in the address.
But yes, it's an amusing (ab)use of punycode, but still fun in spirit.
I was wondering how „bob@[rocket]“ works… Thank you for clarifying.
This sounds like a subplot of a Neal Stephenson story from back in the day.
An NS version of this story would somehow involve the protagonist needing to travel to Kazakhstan, undertaking a multiple-day journey in a convoy of trucks across some mountains, to secure a meeting with an officious local bureaucrat who turns out to be bribable with in-game currency from a Chinese gacha game he’s obsessed with.
That sounds very much like my experience in Kazakhstan
Does anyone know what happened to TinyProjects? I looked forwards to reading his updates and it looks like he stopped a while ago…
Looks like he focused on promptbase when that became successful. There was a daily blog for promptbase at some point that had some promising revenue numbers.
This was my last response in May 2023 when I reached out to him, hoping he was OK!
***
Hi Charles!
All good here. I have been heads down building a new project - hence the lack of posts recently. Thanks for reaching out!
Ben
***I bought 40 squeaker balls for my dog, those were also fun.
But you didn’t have a blog post AND a LinkedIn announcement
I thought this was a cool idea so I tried to add a mailbox with an emoji username to my protonmail account - no bueno. Invalid username. Boo!
So there's two parts to having an emoji email address. You can do just the domain (supported some places) or go full emoji and have an emoji username too.
You should never go full emoji. It is supported in far less places than the domain alone is.
I'm 3 years late (better late than never I guess) but this was a brilliant read and idea: simple, neat and no bloat. Love it!
It would be cool if they took the https://omg.lol approach and let you host a website/page at bob..kz if you purchase bob@.kz
This was a fun read.
How does that even work from a legal perspective? Do you have to create a business at some point/file taxes?
This was fun.
I feel they missed a truck not calling the service Emailji, which swaps just one syllable.
I discovered emoji .to domains ~7 years ago and put up a site listing all the available ones [1]
Within a few days almost all of them sold and made a couple grand in affiliate commissions.
I wrote about it here: https://marc.io/emoji-domains
Email forwarding is also a clever use! Nice to get that recurring revenue.
This stopped feeling like fun the moment one person can hoard entire country's emoji set of domains... and I feel guilty for hoarding half a dozen of domains...
This is really a fun idea and nicely written post
It seems like a great way to fend off spam
I really don't understand how so many people on HN can complain about centralized control, but then so many (other) people are completely against Web3, solutions like Unstoppable Domains are able to let you own a domain and only transfer it if you sign with your key. Why don't more browsers read a Web3-based domain system like Freenames, Unstoppable Domains, ENS, or Filecoin Name Service?
DNS is a federated database, but it is subject to domain seizure etc. at multiple levels. I've seen people complain that their domain operator can just "steal" their domain!
If browsers won't do it, can't someone start a CCTLD (it's only $250K) and then read the blockchain to resolve the DNS records? I realize that this "someone" would be a central point of failure, but alas, that's how the Web currently still works. The best you can do is some sort of "DNS multicast" I think, but it would still be under the control of one company, sadly.
Personally, I'm a bit surprised why the Web hasn't standardized onion links / magnet links / hashes of content / cids / whatever you want to call them. Tor and Beaker Browser have had it for a long time, and Brave too I think. DNS then becomes just a glorified search engine for a small subset of URLs (the ones without a long path / querystring).
because like most things blockchains (cl)aim to solve (primarily money and its transfer, but in this case ownership of domain names), those things do not really really have a centralization problem. 99.999% of the people do not, and do not need to worry about getting their domain name seized. cryptobros like to pose centralization as a huge problem where it really isn't so that they can peddle you scamcoins to pump and to feed their gambling addiction. "web3 based domain system" solves something that is at most a nuisance (and at best a necessary evil) by introducing massive problems into the equation, all to do something that isn't really a problem in practice (and it doesn't even do it, you admit there is still centralisation, so what did we gain by introducing all those problems, really?)
See, this is just dogma that gets repeated on HN. It's obvious to any person who honestly thinks about it, that having a third party in control of your DNS (i.e. what IP addresses it resolves to) means that your entire site can be rugpulled from under you. If it becomes big enough.
For example: https://www.blackhatworld.com/seo/is-njalla-still-legit.1521...
Now, you can say, "most people don't care, they just have a small-time operation, just find a reputable domain operator who doesn't have a history of screwing people over." But that's exactly the use case for Web3 and blockchains in general. Why do you have to be forced to trust SOMEONE, with something as important as your brand / identity of your entire organization? And, for that matter, why should an entire community have to trust one guy who can change up the site at any time? That's not very secure, and many of you vehemently insist that no alternative should be made available, to anyone, "because scam"! You don't want browsers to even support it!
As your site gets larger and more people rely on it, you don't want to have that major point of failure at any point. I know that some people on HN go so far as to say that banks freezing your money, and ICE seizing your domain name, are very desirable features of the Internet. So, then don't complain about censorship and deplatforming. You can't have it both ways!
This just happened, for instance... ICJ officials are being threatened that their funds will be frozen: https://twitter.com/TomCottonAR/status/1781066997666607193
Blockchain only shifts this problem one up.
You keep saying "your website" but any successful website will be "our website". There'll be an organization, company, community behind it. And now "the person(s) with the private keys" can rugpull it. Or do whatever they want.
Yes. Maybe A DAO could solve that. But that means everything, including domain names is in there from the get-go. Which isn't how this works on practice.
Blockchain technology is great for valuable assets owned by individuals. But much less so for groups and organizations that own valuable assets. And valuable domains almost exclusively fall under the latter.
The whole point is to NOT HAVE “a person with the private keys” to the entire database.
Each participant should be able to take only the actions as themselves, and affect a small part of the network. In aggregate they together effectuate the evolution of the network.
That is exactly the point — that we need blockchain software for entire communities rather than individuals!
Look at https://intercoin.org/applications
How does that help the organisation (community) manage their single domain?
For example: who controls the intercoin.org domain? I'm quite sure it's a combination of trust and hierarchy and as fallback a society with laws and lawyers and law-enforcement.
Which, IMO is "good enough" for nearly all situations.
As I have already said, with the current DNS system, that’s how it works. You have to trust that your provider won’t screw you over. It’s held together by duct tape and spit.
You know, in every OTHER technology, that’s how it was before we automated things that humans previously did. You may as well have said this about telephone switchboard operators, or tying up the line, until VoIP brought the costs to zero. “Who connects your calls? I’m quite sure paying $1 a minute was good enough for nearly all situations.” Except, when it all got automated and the providers turned into dumb hubs because open protocols eliminated the middleman. Where are these phone providers today? They provide the infrastructure only, and we route around problems. Same with blockchain.
Paying someone exorbitant amounts to “maintain your domain” because it is famous, and a hosting company to “handle spikes in traffic” etc. All that results in the need to extract rents from the ecosystem in ever-more-toxic ways, using toxic forms of capitalism:
https://en.wikipedia.org/wiki/Surveillance_capitalism
But it gets worse than that. The externalities to our society of the profit protive and private ownership of public forums are immense, including widespread depression, tribalism evho cham and national anger reaching a fever pitch. All predictable. Take a look at exactly how it works:
https://rational.app
LAWeekly published an article recently about the steps I and my company have been taking for the several years to fix it:
https://www.laweekly.com/restoring-healthy-communities/
Again, Web3 and blockchain is one possible way to do it but the keys to all the solutions are decentralization and open protocols! They remove the middlemen and oligopolies (like phone companies used to be, or the original AOL/MSN walled gardens) by making an alternative system not owned by anybody and with no single points of failure or control by a few people:
https://www.independent.co.uk/tech/internet-worldwide-web-ne...
Your domain name and the site it points to is not the end goal, what the site represents is.
Your domain name is one of the means to get more people to know about you or to deliver your product. Decreasingly relevant, note, as no one types domain names usually (people search).
As more people know about you via various channels (most centralized one way or the other: curated lists, social platforms, search), takeover of your domain name (or any other channel) becomes less of a risk. If you take Coca-Cola’s or Apple’s or Basecamp’s domain, they will barely feel it. Perhaps Basecamp could feel it, as it probably plays a bigger role in delivery, but I am sure they would have a procedure specifically to manage that risk.
99% of the time, if you run an ordinary %product%, should you worry that it will be you vs. the world and all of your channels are taken over? Currently, I’d say not. I could be wrong.
You have to do a lot of mental gymnastics to justify why web3 is not needed. Here you literally argue that one’s brand name recognition is irrelevant, and you can be constantly moving domain names with no impact to your bottom line or your community.
That requires more than just an assertion. Extraordinary claims require extraordinary evidence.
You argued that.
I argue the opposite: brand name recognition is what matters.
(And believe me, I am not the only one who makes that point and I certainly am not even remotely smart enough to have come up with it first.)
A domain name is merely one of the many things that may help you reach that recognition. These things evolve; domain names are less meaningful these days—an Instagram username runs circles around one—and all of those things are less critical the more recognition you achieve.
“If Coca-Cola were to lose all of its production-related assets in a disaster, the company would survive. By contrast, if all consumers were to have a sudden lapse of memory and forget everything related to Coca-Cola, the company would go out of business.” If you have your shiny domain name, but no one knows about you, you are as good as dead. If everyone knows about you, and your domain name gets taken over, you can’t really care less.
Some senator posting vaguely threatening shit on Twitter... yeah, the block chain will definitely fix that /s
No, they can't. ccTLDs are associated with countries. There's no process for creating one that doesn't involve having IANA recognize you as a country.
You're probably thinking of the new gTLD process, which has only been open for applications once, for a brief period in 2012. It's not open to new applications, and the process for applicants was much more involved than a single payment.
ICANN says the next round will happen in 2026.
Do you have more information on this? If you can link to it, that would be great. How much would it cost this time around?
https://newgtlds.icann.org/en/next-round
Thanks for that link, and to (not-)answer GP's question on price:
From the FAQ page for the next round of gTLD sales, via the link shared above: https://newgtlds.icann.org/en/announcements-and-media/announ...
"claiming you have to obey Libyan laws and regulations"
I always smile when bosses want everything to be GDPR compliant. I am not sure why these laws are more important than the laws from the Chilean Navy. Why are we clicking on cookie popups? We think the EU is smarter than the PII laws from Cameroon? Elitism I say. My websites follow strict guidelines set by proper Constitution of Cameroon doctrines. Every fourth visit to my site we dump all contents in html form (obviously).
Purely market size. Europe is a large market. Same reason that just about every product is labelled with 'known to the state of California to cause cancer' - California is a large market.
Not purely market size, though it's a very important part for sure.
The other part is how likely a country is to try to enforce their laws, and what ability they will have to do so.
Even if a hypothetical US company had an equal number of customers & revenue in Chile as in the EU, if either the Chilean law being broken is one that Chile never bothers to prosecute, or if the worst thing they could do should they find out about the law breaking is to block the service at a national firewall level but not levy any punishments (say, if the US company has no staff or assets in Chile, and the crime has no possibility for extradition or other international collaboration to punish) then the company would be a lot less likely to comply than they are with GDPR. Because most US companies aren't able/willing to serve EU customers without having servers, employees, and revenue, physically in the EU; therefore the worst case for getting caught breaking GDPR is considerably more worth avoiding than if it would just be the EU blocking access to your servers.
It being a CCTLD, this is a true claim. At a basic level, these tlds belong to the country, and that country sets the rules. Libya reclaiming from ICANN was a jerk move but their claims are absolutely right. (Most cctlds already have this requirement.)
Libya didn't reclaim anything from ICANN -- ICANN didn't have anything of Libya's.