Saturday Dec 10

Jart in the News

HostExploit Twitter

It's Time to Attack Spam Domain Registrars

Attention: open in a new window. PDFPrintE-mail


In the ongoing war against spam, there are two battle fronts. The first involves taking down command-and-control centers for spam and related botnets. As seen with the downing of Atrivo and, even more importantly, McColo in late 2008, spam was reduced -- at least temporarily -- by 50 percent to 60 percent worldwide.

But theres a second front in the war on spam: the fight against the domain registrars of all those “Enlargement“ and “Blue Pill” Websites. Usually simple ripoffs that one-in-a-million actually visits after reading a spam email, these sites are registered somewhere and ultimately recorded via ICANN , the Internet Corporation for Assigned Names and Numbers.

Here is a brief report from the trenches of this just-as-important second front in the virtual war against online abuse.

A candidate for "Medal of Honor" on this second front, for sheer tenacity and valor under fire, should be Knujon (“no junk” spelled backwards), a small, self-financed, volunteer, and open-source anti-spam group. Notwithstanding being refused the microphone in a recent open session at an ICANN conference (the session chairman thought discussions on spam were not appropriate) -- Knujon’s fight has been relentless.

The groups thorough and detailed "February 2009 Registrar Report" is highly revealing. Garth Bruen of Knujon interestingly shows the current top 10 domain registrars for spam, abuse, and illicit activity, but also compares these against an earlier list from mid-2008.

Top of the list currently, and previously, is Xin Net Bei Gong Da Software,” with a portfolio of 1 million domains, more than 9,000 of which are abusive domains, each of which generates 350 spam counts per domain at any one time. This outfit generated over 3 million instances of spam in the measured timeframe.

However, theres good news, too: Beijing Innovative Networks and Joker were two registrars issued Breach Notices by ICANN. As stated in the Knujon report, “They were basically told to clean up their operation or risk losing accreditation which would effectively take them out of the domain industry. They took the notices very seriously and made changes to their operations.”

EstDomains, closely associated with Atrivo and McColo, lost its accreditation after appealing to ICANN. Interestingly, the 179,000 active EstDomains taken over by the organization Directi are listed, purely for informational purposes, on hostexploit (Tools and Resources), and there has been a dramatic drop in abuse from those domains.

Directi, which was on Knujon's earlier list, has since September 2008 suspended more than 200,000 abusive domains, including 180 major child pornography domains also reported to InHope and the Internet Watch Foundation. Directi also has stripped domain privacy from more than 500,000 further domains.

However, as was the case with Directi, and is the problem with eNom and Wild West Domains (owned by Go Daddy), the major goal in the fight against abusive registrars is to gain control over the re-sellers of offending domain names.

Two official statements from ICANN should help us understand what the community has to do if we want to reduce spam and other abuse from registrars:

With tens of millions of domain names in existence, and tens of thousands changing hands each day, ICANN relies upon the wider Internet community to report and review what it believes to be inaccurate registration data for individual domains.


ICANN sends, on average, over 75 enforcement notices per month following complaints from the community.

What can you do about it? Join up as a recruit; make your complaint to ICANN or to the registrar, ISP, or host; speak out to StopBadware; forward your spam to Knujon (they actually want it)...

To borrow from the old wartime recruitment campaigns: Your Internet Community Needs You!


Jart Armin