Top ten worst spam registrars notified by ICANN

Summary:In a reponse to the recently released cluster analysis of the top 10 worst domain registrars in terms of spam and junk content hosting domains, the ICANN has taken steps to approach the non-compliant registrars :More than half of those registrars named had already been contacted by ICANN prior to publication of KnujOn’s report, and the remainder have since been notified following an analysis of other sources of data, including ICANN’s internal database.

In a reponse to the recently released cluster analysis of the top 10 worst domain registrars in terms of spam and junk content hosting domains, the ICANN has taken steps to approach the non-compliant registrars :

More than half of those registrars named had already been contacted by ICANN prior to publication of KnujOn’s report, and the remainder have since been notified following an analysis of other sources of data, including ICANN’s internal database. With tens of millions of domain names in existence, and tens of thousands changing hands each day, ICANN relies upon the wider Internet community to report and review what it believes to be inaccurate registration data for individual domains. To this end, a dedicated online system called the Whois Data Problem Report System (“WDPRS”) was developed in 2002 to receive and track such complaints. ICANN sends, on average, over 75 enforcement notices per month following complaints from the community. We also conduct compliance audits to determine whether accredited registrars and registries are adhering to their contractual obligations," explained Stacy Burnette, Director of Compliance at ICANN. "Infringing domain names are locked and websites removed every week through this system."

Illicit Domain Registrars

And while it the data speaks for itself, the issue of responsibility-forwarding is a bit more complex than it seems, allowing certain observations in the cluster analysis to be easily re-engineered.

For instance, the first registrar with the highest illicit score, has a total of 897,962 domain names, where the 15,551 spam domains registered through it were found in 1,644,986 spam messages featuring the domains. Hypothetically, if I were a spammer, I can superficially engineer the top ten worst domain registrars if I purchase a couple of hundred recently dropped domain names historically registered through a specific registrar, launch a massive spam campaign and send out 5 million messages to increase the bad reputation of the registrar whose historical registration services I'm abusing. The results would vary based on the number of spam messages sent, and the domain name registrar that would pop-up as having registered the highest proportion of the dropped or deleted domain names that I've recently purchases on a volume-basis, without even bothering to see who's the registrar.

Furthermore, excluding the more pragmatic abuse of domain names in the face of typosquatting and cybersquatting next to illicit domain registration, I find the idea of intentionally registering a domain to be used for hosting of a spam site, a very Web 1.0 one. Just like the domain name registrars who emphasize on efficiency, and therefore violate ICANN's compliance practices, spammers and scammers are also interested in efficiently obtaining as many domain names as possible, this is where the dropped or deleted domains services come into play in their full Web 2.0 capacity, with several of these offering purchases on a volume basis with the idea that the more domains you purchase, the less you'll pay for them. And with the transparency build by these servics, there are proprietary domain portfolio management tools created intentionally for the purpose of mass-registrations and management of such domain farms. Therefore, I think the emphasis should be put on who's been hosting the spam/scam domain and proving the malicious parties with stable uptime for a given period of time, and which are the registrars lacking any brandjacking monitoring capabilities, compared to assessing which registrar's services were used to register the domain that was later one used for malicious purposes. Otherwise, we're shifting the discussion to the point where're we'll argue which top level domain name is the most malicious one, where clustering is also possible with CNNIC's .CN domain name for one yuan campaign which already resulted in 8.4 million .CN registered (bogus) domain names.

Topics: Browser

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.