Saturday Dec 10

Jart in the News

HostExploit Twitter

ICANN Dumps EstDomains for Fraud, Abuse

Attention: open in a new window. PDFPrintE-mail


ICANN today issued a formal and, we assume, irrevocable notice of termination to EstDomains President Vladimir Tsastsin:

Be advised that the Internet Corporation for Assigned Names and Numbers (ICANN) Registrar Accreditation Agreement (RAA) for EstDomains, Inc. (Customer No. 919, IANA No. 832) is terminated. Consistent with subsection 5.3.3 of the RAA, this termination is based on your status as President of EstDomains and your credit card fraud, money laundering and document forgery conviction. This termination shall be effective within fifteen calendar days from the date of this letter, on 12 November 2008.

EstDomains has been suspected by many as a source of domain registration malfeasance for use by cyber-criminals and spammers for years. As recently described within a report, Sunbelt Software and Spamhaus have called out EstDomains. Brian Krebs followed up in The Washington Post.

EstDomains has been trying to fight back, issuing press releases with headlines like "EstDomains, Inc Takes Next Step in Combating Spam and malware," stating, "Once again EstDomains, Inc would like to address the interactive community and ask for co-operation to make the Internet clear and safe." Unfortunately this coincided with another Krebs post relating to Tsastsin, "A Sordid History and a Storied CEO."

As a result of ICANN's newfound boldness, approximately 281,000 domain names under EstDomains' management will be transferred to an ICANN-Accredited Registrar in accordance with ICANN's "De-accredited Registrar Transition Procedure."

In its statement, ICANN noted "It is ICANN's goal to protect registrants' from unnecessary harm and we look forward to amicably resolving any domain name transition issues that may arise from this termination." ICANN has also released other Notices of Breach and Termination to an ICANN-accredited registrar, Beijing Innovative Linkage Technology Ltd., doing business as and, on Sept. 30, 2008. These are available here.

These registrars failed to comply with Section 3.7.8 of the RAA, which requires registrars to take "reasonable steps to investigate" Whois.Net inaccuracy claims. Section 3.7.8 requires registrars, "...upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, [to] take reasonable steps to investigate the claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy."

Hopefully, this demonstrates a new aggressiveness from ICANN where enforcement is concerned and a willingness to listen to a community besieged by spammers and worse. Perhaps ICANN could also be persuaded to allow the Internet security community to advise which of these domains is abusive before any transfer is made to a new registrar.


Jart Armin