Background

Depending on how closely you follow technology news you may (or may not) have heard about some Lemmy instances (a federated equivalent of something similar to Reddit) going down for a day or so recently. Lemmy has had a surge in popularity over the last month and a half due to Reddit API changes that have had people looking for an alternative.

The instances in question all have one thing in common: their domain ends in “.ml” which is a country code Top Level Domain (ccTLD). In this case, .ml is the Top Level Domain for Mali. What could go wrong?…

The problem

Unfortunately for sites using a .ml domain, the Mali government has decided to take their domains back. This would be fine, if you happened to actually be a resident of Mali or at a minimum have some form of connection to the country. If you’re wondering why they’ve chosen now to do so, it’s because the contract for the current holder (Johannes Zuurbier, a Dutch entrepeneur) is set to expire shortly. The control of the domains will then revert back to the Mali government.

By taking the domains back, sites using the .ml ccTLD were faced with their sites going down temporarily. Unfortunately, this problem is not unique. Rather, it seems to be a trend for technology companies and individuals to use the following ccTLDs:

.io: Commonly used for technology companies - I assume because the domain is rather generic and naturally cheaper than .com domains. However, it is the ccTLD of the British Indian Ocean Territory.

.sh: One I see quite frequently used by developers for personal blogs - a play on the .sh file extension ending for a shell script. But, to the British Overseas Territory of Saint Helena, it’s their ccTLD… Amusingly, it isn’t just individuals who have made a habit of using it - entire states have taken a liking to it. Specifically, the German federal state of Schleswig-Holstein. From public transport to political parties, through to certain government sites; all of them end in the domain of another country.

.me: the ccTLD of Montenegro. Often used for personal sites as first_or_last_name.me, but also many large tech firms including (but not limited to) Facebook, Telegram, Proton (formerly Proton Mail), WhatsApp, Google, and WordPress. Even a few companies have used it over the years (including Proton Mail). For larger companies, this isn’t such an issue as they already have established .com domains to fall back on - not necessarily the case for individuals.

Not the first time, and certainly not the last…

This isn’t the first time something similar has happened, and it won’t be the last over the coming years. When Libya was going through the instability of a regime change in 2011, Bitly (whose domain at the time was bit.ly) was caught in the middle. During 2011, the link shortening service took the sensible decision to redirect bit.ly to bitly.com - as it remains today.

Although the British Overseas Territory domains are likely not at risk in the near future, there’s no guarantee that it will stay that way in 15-20 years time. It might seem like a good idea at the time - especially if by using a ccTLD of another country means that your company then has a humourous/unique domain that your users will remember.

But before you excitedly go and buy your new domain name, take a moment to pause and think about what the consequences might be. If you decide to go ahead with purchasing a ccTLD domain of another country, bear in mind it really is worth securing a more “normal” domain that is actually from the main country you operate in. At least then you won’t be stuck in the moment scrambling to figure out an alternative…

A final note on .ml

Another side effect of the .ml ccTLD being brought under the control of the Mali government has now caused an issue for the US government that has been widely reported on. It all boils down to a typo - “.ml” instead of “.mil” (used for the US military). This means that for the past decade, sensitive/confidential documents and information of varying levels has instead been going to Mali. Johannes (the same one mentioned earlier) has apparently brought this up many times over the past decade to the US government but it seems to have fallen on deaf ears. You can read more about it here:

‘Millions of sensitive US military emails were reportedly sent to Mali due to a typo’ - The Verge

‘Typo leaks millions of US military emails to Mali web operator’ - Financial Times

‘Hundreds of thousands of US military e-mails wind up in Mali’ - Le Monde