ICANN Asked To Shut Down "Worst" Chinese Registrar

Ian Lamont writes "Anti-spam service Knujon has released reports highlighting how certain registrars in the US and abroad have consistently failed to live up to certain WHOIS-related obligations under ICANN's Registrar Accreditation Agreement (RAA) — specifically, the requirement that people or company registering domains provide valid contact information. Now the firm is requesting that ICANN shut down the worst alleged offender, Xinnet Bei Gong Da Software. According to Knujon, none of the WHOIS records in a sample of 11,000 alleged spam sites registered through Xinnet and reported by Knujon to ICANN's Whois Data Problem Report System were corrected in a six-month period ending in May 2008 — and the Chinese registrar continues to register about 100 spam sites per day. In many cases, says the Knujon document (PDF), Xinnet does not have 'any Whois record data for review while the sites are still active' and the spam sites further promote 'seal abuse' by posting bogus BBB, Verisign, and other trusted industry seals. ICANN says it is investigating. ICANN has just posted a draft revised RAA that is open for public comment until August 4. However, the wording of Section 3.7.8, governing registrars' obligations to check and correct domain owners' contact information, hasn't changed."

Re:My prediction: Internet segmentation

[MrNaz]

"If China and Russia won't stop their criminals..."

You're aware that the US is still, by a factor of almost 4, the number one spamming nation on Earth? But don't take my word for it:

http://www.spamhaus.org/statistics/countries.lasso [spamhaus.org]

Now, you were saying? Sorry, it's hard to hear you when you're speaking from atop such a high horse.

Re:GASP and SHOCK!

[techno-vampire]

Yes, it will. And those legitimate domains can get themselves transferred to a new registrar. Of course, in order to do that, I'd hope that they'd have to provide proper contact details, which would sieve out all the spammers.

Re:seal abuse

[aj50]

Yes they did.

If the seal is valid you can click on it and get an information page about the site.

If you get a page about another site or the seal isn't a link then the site isn't legitimate.

A faked verisign seal on a web site is a great clue that they're not the right people to shop with. It also makes spotting phishing sites a lot easier.

It's ironic. Don't you think?

[kinabrew]

It's ironic that they want domain owners to provide valid contact information in the belief that this will stop spam.

Before I moved to a registrar who provided free anonymous registration, I provided fake contact information specifically to prevent spambots from looking up my information in whois.

Re:My prediction: Internet segmentation

[IBBoard]

I don't really know whether China/Russia have ever convicting anyone of spamming

I think the Russians are actually more effective than the Americans - they murder their Spam King Pins [theregister.co.uk]!

Re:So the US owns the internet?

[Eskarel]

The US doesn't exactly own the internet. ICANN however is supposed to be the central authority on DNS naming(someone has to be and they're the ones who started it), whether you agree with this or not is really rather immaterial.

However as this isn't really an issue of the US overriding China's rights on the internet it's not really all that important.

The registrar, who happens to be in China, but could be anywhere for all that it matters signed an agreement with ICANN to follow its rules regarding domain registration. One of those rules it that valid contact information has to be present for all domains. It doesn't as far as I can see have to lead to the person who runs the address, or to any individual involved in the domain(so it's not really an ID card), it simply has to lead to an actual someone who is responsible for that domain. That person is free to decline any requests for information regarding the actual users of their domain, and even to not collect said information at all. They are also entitled to allow said users to continue any activity which doesn't breach the agreement they signed with ICANN or any laws which are applicable to them(ie US law does not apply to a Chinese registrar, but the registrar's agreement with ICANN does). Yes there are potential issues of censorship and you might argue that requiring an individual to be responsible for the registration is wrong, it is however the agreement which the registrars signed in exchange for being able to give out registrations which will be honoured by the internet as a whole and so therefor they're responsible for holding to it.

Re:GASP and SHOCK!

[Antique Geekmeister]

A lot of the spam from China is from US spammers: throwaway domains are very useful, to duck blacklists. It's really an international problem, and tends to fester due to companies like this, which ICANN is typically unable or unwilling to disconnect.

Re:anti-spam kills anonymous speech

[SpeedyDX]

RespectMyPrivacy.com [respectmyprivacy.com] is a service provided through NearlyFreeSpeech.Net [nearlyfreespeech.net] that allows users to put up proxy contact information with which people may still contact you. Snail mail and faxes are forwarded to their addresses, and when they receive any snail mail or faxes addressed to your domain, they will ask you whether you want these forwarded to yourself. There is also a proxy email that forwards to the email account that you used to register. All of this (allegedly) complies with ICANN regulations, since the information can be used to contact you. The simple solution is the one provided by RMP.C, and it doesn't compromise anonymity.

Perhaps the situation is not as bleak as you make it out to be.

Re:My prediction: Internet segmentation

[Tony Hoyle]

Here is a list of the most prolific spammers in the world - aka. the people controlling these bots:
http://www.spamhaus.org/rokso/index.lasso [spamhaus.org]

They're mostly american.

Re:Contact info is better found on the web site.

[Animats]

I don't want my real physical address listed on my domain for the world to see, and I don't have a P.O. box.

We get that a lot. Now go read California Business and Professions Code Section 17358 [sitetruth.com], which applies if you sell to California, and the European Electronic Commerce Directive (2000/31/EC) [sitetruth.com], which applies if you sell in Europe. Anonymous businesses are illegal in most of the developed world. Deal with it.

California prosecutors have used B&P code section 17538 [state.ca.us] when dealing with complaints against online businesses. If the business didn't comply with the address disclosure requirements, but accepted credit cards, the maximum penalty is six months in jail for that alone. Do anything that brings your anonymous business to the attention of prosecutors, and they have that hammer to hold over you.