Top ten worst spam registrars notified by ICANN

Top ten worst spam registrars notified by ICANN

Summary: In a reponse to the recently released cluster analysis of the top 10 worst domain registrars in terms of spam and junk content hosting domains, the ICANN has taken steps to approach the non-compliant registrars :More than half of those registrars named had already been contacted by ICANN prior to publication of KnujOn’s report, and the remainder have since been notified following an analysis of other sources of data, including ICANN’s internal database.

SHARE:
TOPICS: Browser
4

In a reponse to the recently released cluster analysis of the top 10 worst domain registrars in terms of spam and junk content hosting domains, the ICANN has taken steps to approach the non-compliant registrars :

More than half of those registrars named had already been contacted by ICANN prior to publication of KnujOn’s report, and the remainder have since been notified following an analysis of other sources of data, including ICANN’s internal database. With tens of millions of domain names in existence, and tens of thousands changing hands each day, ICANN relies upon the wider Internet community to report and review what it believes to be inaccurate registration data for individual domains. To this end, a dedicated online system called the Whois Data Problem Report System (“WDPRS”) was developed in 2002 to receive and track such complaints. ICANN sends, on average, over 75 enforcement notices per month following complaints from the community. We also conduct compliance audits to determine whether accredited registrars and registries are adhering to their contractual obligations," explained Stacy Burnette, Director of Compliance at ICANN. "Infringing domain names are locked and websites removed every week through this system."

Illicit Domain Registrars

And while it the data speaks for itself, the issue of responsibility-forwarding is a bit more complex than it seems, allowing certain observations in the cluster analysis to be easily re-engineered.

For instance, the first registrar with the highest illicit score, has a total of 897,962 domain names, where the 15,551 spam domains registered through it were found in 1,644,986 spam messages featuring the domains. Hypothetically, if I were a spammer, I can superficially engineer the top ten worst domain registrars if I purchase a couple of hundred recently dropped domain names historically registered through a specific registrar, launch a massive spam campaign and send out 5 million messages to increase the bad reputation of the registrar whose historical registration services I'm abusing. The results would vary based on the number of spam messages sent, and the domain name registrar that would pop-up as having registered the highest proportion of the dropped or deleted domain names that I've recently purchases on a volume-basis, without even bothering to see who's the registrar.

Furthermore, excluding the more pragmatic abuse of domain names in the face of typosquatting and cybersquatting next to illicit domain registration, I find the idea of intentionally registering a domain to be used for hosting of a spam site, a very Web 1.0 one. Just like the domain name registrars who emphasize on efficiency, and therefore violate ICANN's compliance practices, spammers and scammers are also interested in efficiently obtaining as many domain names as possible, this is where the dropped or deleted domains services come into play in their full Web 2.0 capacity, with several of these offering purchases on a volume basis with the idea that the more domains you purchase, the less you'll pay for them. And with the transparency build by these servics, there are proprietary domain portfolio management tools created intentionally for the purpose of mass-registrations and management of such domain farms. Therefore, I think the emphasis should be put on who's been hosting the spam/scam domain and proving the malicious parties with stable uptime for a given period of time, and which are the registrars lacking any brandjacking monitoring capabilities, compared to assessing which registrar's services were used to register the domain that was later one used for malicious purposes. Otherwise, we're shifting the discussion to the point where're we'll argue which top level domain name is the most malicious one, where clustering is also possible with CNNIC's .CN domain name for one yuan campaign which already resulted in 8.4 million .CN registered (bogus) domain names.

Topic: Browser

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • RE: Top ten worst spam registrars notified by ICANN

    With the title of your article I was expecting you to name names...

    gary
    gdstark13
    • RE: Top ten worst spam registrars notified by ICANN

      Well, the links and the details of the registrars are within the first sentence of the blog post :

      http://www.knujon.com/registrars/
      http://www.knujon.com/registrars/registrar_ratings.pdf

      As for mentioning names, if you read the article you'll find out that there are many ways in which the names can change in a way a spammer want them to change. Not that a spammer cares about the registrar at the first place with all the supply of deleted and dropped domains on a volume basis. So the results auto-cluster themselves to a certain extend.

      If I'm to name someone, I'd name the ISPs who allow their malware infected customers to crunch out all the spam you're probably receiving :

      http://www.spamhaus.org/statistics/networks.lasso
      ddanchev
  • RE: Top ten worst spam registrars notified by ICANN

    Opt-in only email would stop the spam problem. The reason we don't have it is money. The spammer's pay to send it out and providers gladly take the money.
    dwr50
  • RE: Top ten worst spam registrars notified by ICANN

    i think that if more people go the way AOL have with their really tight mail white list which you have to jump through hoops to get on we would all be clear from spam - its all about black listing the mail servers and not accepting email from them. The only issue is that getting on to the white list is time consuming...plus if someone on your server abuses their IP the server can easily become black listed again?...
    by the way ....
    is this spam? <a href="http://www.chicken-coops.co.uk" >chicken coops</a> lol
    visualaidsoftware