ICANN Asked To Shut Down "Worst" Chinese Registrar 119
Ian Lamont writes "Anti-spam service Knujon has released reports highlighting how certain registrars in the US and abroad have consistently failed to live up to certain WHOIS-related obligations under ICANN's Registrar Accreditation Agreement (RAA) — specifically, the requirement that people or company registering domains provide valid contact information. Now the firm is requesting that ICANN shut down the worst alleged offender, Xinnet Bei Gong Da Software. According to Knujon, none of the WHOIS records in a sample of 11,000 alleged spam sites registered through Xinnet and reported by Knujon to ICANN's Whois Data Problem Report System were corrected in a six-month period ending in May 2008 — and the Chinese registrar continues to register about 100 spam sites per day. In many cases, says the Knujon document (PDF), Xinnet does not have 'any Whois record data for review while the sites are still active' and the spam sites further promote 'seal abuse' by posting bogus BBB, Verisign, and other trusted industry seals. ICANN says it is investigating. ICANN has just posted a draft revised RAA that is open for public comment until August 4. However, the wording of Section 3.7.8, governing registrars' obligations to check and correct domain owners' contact information, hasn't changed."
Re:My prediction: Internet segmentation (Score:5, Interesting)
Well, I'd be all for a segregated internet if it could keep all the American spam comments advertising drugs, loans, insurance and porn off my blog. Remember the USA is still the biggest spam producer. It would be nice if you could only spam yourselves.
Re:GASP and SHOCK! (Score:4, Interesting)
So if they shut down the registrar, wouldn't that invalidate all domains currently registered through them? I'm assuming some of those belong to legitimate non-spammers....
Contact info is better found on the web site. (Score:5, Interesting)
There's been a formal study of bad WHOIS data by the Government Accounting Office [gao.gov], the investigative arm of Congress, titled "Prevalence of False Contact Information for Registered Domain Names", on this topic. They found at least 8% of contact info in WHOIS to be totally bogus. They also, as a test of ICANN, submitted 45 "WHOIS information problem reports", of which 11 resulted in correction and 33 did not. But GAO didn't break down the data by registrar.
We've been interested in this issue at SiteTruth [sitetruth.com] for some time. We take a broader view of "bad" web sites than most; we consider any commercial site that lacks valid business name and address information to be bogus. Over 35% of Google AdWords advertisers fail that test. [sitetruth.net] For advertisers whose ads appear on Myspace, the ratio is much higher.
Originally, we tried to get contact information from WHOIS data, but the data quality was so appallingly bad that we had to develop another approach. We have a system that looks for contact info the way a user would, looking at pages with names like "About", "Contact", and such, trying to find a user-readable street address. We also have some big databases of business addresses to check against. This turns out to work much better than looking at WHOIS data when the goal is to find the business behind the web site.
(You can see this info using our AdRater [sitetruth.com] plug-in for Firefox. Download our plug-in to see the ratings for each Google advertiser as the ads go by. Unless you're already blocking all such ads, of course.)
Re:My prediction: Internet segmentation (Score:2, Interesting)
Does this take into consideration a large portion of the bots in the US being controlled by forces outside of the country? It's a pretty well known that just because a computer is spamming and its origin is within the US doesn't mean it's being controlled by an American.
Re:My prediction: Internet segmentation (Score:3, Interesting)
I don't claim the US is innocent, not even by implication. I am only pointing out that blocking out other countries is quite effective unless you're doing business overseas.
And as far as finding it impossible to communicate with people in the US is concerned, you can see the how and the why in action.
Sometimes really bad solutions have to be enacted before people will be interested in fixing the solution better which results in the problem being solved in a better way. Otherwise, it's just easier to do nothing as most people do.
But I'm well aware that the majority of spammers are in the US. But a lot of them use non-US hosts to send their stuff out. It's still a very effective measure. Further, if US spammers were forced to resort to using hijacked computers in the US to do their spamming, they'd be in jail a LOT sooner or simply out of business...I wish there were a better expression than "out of business" because they are in criminal activity, not business.
Not sure if its even the worst (Score:3, Interesting)
A few Chinese bad apples:
- HKDND
- yesnic
- easydns
- paycenter
And these are just a few bad registrars that I find by searching through a short collection of my spam.Re:My prediction: Internet segmentation (Score:3, Interesting)
The mailers who send you this crap are more than likely located in the US, but the ones who profit from it the most are not. (Based on my own research, even the large-scale American spammers tend to be either Russian or from other foreign countries. It is rare that someone born in the US is behind the send button.)
The individuals behind these mass domain registrations may also be located in the US, but again they are not the main profit department from these activities.
These Chinese Registrars may not (repeat: may not) be in cahoots with them either. They merely represented a prime resource due to their total lack of attention to non-Chinese-language complaints.
The other high profile spam operation who profits from this abuse is known alternately as Spamit or GlavMed. They are the affiliate program behind "Canadian Pharmacy", which is notable due to the fact that there is now a direct link between Canadian Pharmacy domains and the Storm worm. (Documented in several blogs and security review sites.) They also have a lengthy history of hacking public web servers to use them as redirections to the actual spammed target, causing grief for a lot of otherwise legitimate domain owners.
Spamit / Glavmed is known to be a largely Russian operation. Glavmed is largely considered a non-spam affiliate program but they deal with precisely the same properties, just without any mention of email spamming.
Not one of the large-scale spam operations has its roots in North America. They are all located offshore, and run by citizens of non-US countries, and remain located in those non-US countries, probably in an attempt to enforce some bogus "immunity" on their criminal activity.
Registrars are a tiny piece of the puzzle. I wish someone would directly investigate and go after these sponsor organizations.
Spamit and SanCash are responsible for the majority of all spam received by most individuals around the world. When they experience difficulties (ie: widepsread domain shutdowns), you begin to see incoming spam revert 100% to stock spam, since they can't spam domains anymore. This is a provable, repeatable experiment.
SiL / IKS / concerned citizen