Forgot your password?
typodupeerror
Spam

KnujOn Updates Top 10 Spam-Friendly Registrars List 80

Posted by kdawson
from the naming-and-shaming dept.
alphadogg writes "Some companies are more popular than others for spammers wanting to register their domain names. Spam-fighting organization KnujOn has updated its report on the top 10 registrars whose customers are linked to spam and other illicit activity. (We discussed the original report last year.) These 10 companies registered 83% of the domains spammed in KnujOn's sample of spam between June and January. KnujOn found that some companies have cleaned up their act in recent months and that others — most surprisingly, Network Solutions and GoDaddy sister company Wild West domains — have popped up on the list. At the top of KnujOn's list, for the second time in a row, is Xinnet.com, a Chinese registrar linked to more than 3 million spam messages. KnujOn recommends that ICANN threaten to pull Xinnet's accreditation, as it did for some of the offenders on the previous list."
This discussion has been archived. No new comments can be posted.

KnujOn Updates Top 10 Spam-Friendly Registrars List

Comments Filter:
  • Just pull the plug on them, on the whole internet for that matter. That'll teach those spammers a lesson!

  • by Anonymous Coward

    Is there any easy, automated mechanism to find out who the registrar of a domain is? This information could be very useful to spam filters and RBLs based on registrar could then exist.

    WHOIS doesn't count, as it's not designed for mass querying.

    If there isn't such a mechanism, I think that it could be a very useful thing that ICANN could do.

    • by AndrewNeo (979708)
      That's hardly fair. Just because a domain is under a certain registar doesn't mean they're spammers - my domains are registered under a Wild West Domains subsidiary, and I know a few people that use GoDaddy. I don't need my personal email suddenly being marked as spam on accident because my domains are through one of those registars.
      Now, if accreditation were pulled, then obviously I'd want to change registars, and it wouldn't be a problem.
      • by MightyYar (622222) on Friday February 06, 2009 @02:14PM (#26755321)

        I don't need my personal email suddenly being marked as spam on accident because my domains are through one of those registars.

        I don't think it would work like that... this isn't a list of where the spam comes from... that is presumably bot nets. This is a list of what domains are being advertised in the spam. So, you'd look up the registrar of each domain mentioned in an email. If the registrar is a big spammer, you'd give them a few extra points toward their spam score. Wild West wouldn't get too much of a penalty, since only 0.36% of their domains are spamvertised. On the other hand, anything mentioning a "Planet Online" domain is much more likely to be a spam message... a whopping 39% of their domains have been spammed.

        The only way this would harm you is if you send out bulk email to your customers, they are somewhat spam-like, and they don't have you whitelisted.

        • by socsoc (1116769)

          a whopping 39% of their domains have been spammed

          I would think that a whopping 100% of domains have been spammed. Did you mean that 39% have sent spam?

          • by MightyYar (622222)

            No, as I said, the mail does not come from the domains... it comes from bot-nets. However, 39% of their domains have been mentioned in spam. I probably should have used the word "spamvertised".

            In any case, filtering your mail by giving a high score to any mail with one of their domains in the body would probably be a good move :)

      • I am with Register.com, so I certainly don't want all of its URLs blocked. There is too much innocent third party damage with that system.
  • The registrar I use has dropped off the list. I no longer have any qualms about signing up for a reseller account with them. :-)

  • by fm6 (162816) on Friday February 06, 2009 @02:16PM (#26755369) Homepage Journal

    Maybe some registrars are more spam-friendly than others, but as long as domains are so absurdly cheap, there's not a lot registrars can do to prevent abuse. If they freeze one domain, the spammer or phisher or whatever just spends a few bucks to get another one.

    Ever get spam from Continental Who's Who? They use a different domain name with every daily email!

    Not that I think it will ever happen, but I'd dearly love to go back to when domain registration was a monopoly, and a second level domain cost you $50 a year. That's not a lot compared to the cost of maintaining a high-visibility web site — and low-visibility sites don't need second level domains. This situation ended when people started whining about getting "ripped off" by registrars. Opening up competition brought registration fees down, but it also destroyed service levels and enabled another kind of ripoff: squatters who can afford to register thousands of domains on the off chance that somebody might be willing to pay a few thousand bucks to use them.

    • by MightyYar (622222) on Friday February 06, 2009 @02:33PM (#26755633)

      Maybe some registrars are more spam-friendly than others, but as long as domains are so absurdly cheap, there's not a lot registrars can do to prevent abuse.

      They can have an automated call-back system like my bank does... that way even if the credit card they are using is stolen, they'd still have to provide a phone number each time they register a domain.

      It would be trivial to track purchasing behavior based on phone numbers, and this would force spammers to somehow get access to a new phone number each time... raising their cost somewhat.

      • Re: (Score:3, Informative)

        by fm6 (162816)

        It would be trivial to track purchasing behavior based on phone numbers, and this would force spammers to somehow get access to a new phone number each time... raising their cost somewhat.

        http://www.tossabledigits.com/ [tossabledigits.com]

        • by MightyYar (622222)

          That's pretty good, and sort of what I was talking about upping their cost a bit.

          But I can think of some countermeasures. It's an arms race... there's no solution that will one day solve spam, you just have to keep making it more expensive for them.

    • by Coopjust (872796) on Friday February 06, 2009 @02:33PM (#26755637)
      Abuse WILL happen, but Xin Net went beyond having a lot of people registering spam domains with it. They would suspend domains when KnujOn and others asked, and would then give them back to the spammers. Additionally, Xin Net keeps letting the SAME abusive customers with the same WHOIS data keep registering new domains.
      • by fm6 (162816)

        So what? It's not that hard to fake registration data. The registration data for my own web site is bogus, because I registered it before registrars started offering anonymous registration.

        • by Coopjust (872796)
          You're not supposed to do that. Your domain could be suspended until you update the data, and even possibly revoked.
          • by fm6 (162816)

            Right, and when was the last time you heard of that happening to anybody?

            A long time ago, when I was still silly enough to think I could help stamp out spam one spammer at a time, I looked up the whois entry for somebody who was spamming me. The phone number was useless (don't recall whether it was bogus or just didn't pick up) so I found out who lived at the address given and called them. It was an old woman who didn't even own a computer.

            I presented this evidence to the registrar — and got nowhere.

          • by fm6 (162816)

            Congratulations! Your email to my registrar forced me to correct my registration info. Now that you've forced me to Do Things Right, you only have 1,532,438,221 bogus registrations to go before you've totally cleaned up the registration system!

            Then again, all I did was click a button that set all my contact info to the "anonymous" values they provide. (They didn't provide this service when I first registered.) So I've just replaced one set of useless data with another.

            But while I was doing this I noticed th

            • by Coopjust (872796)
              The whole point of WHOIS is to have a liable, legal contact. If you got a notice of infringement of copyright or something- for whatever reason- they'd send it to your WHOIS info. The whole point of WHOIS info is to have accountability.

              And the reason the registrar made you change your WHOIS info is, if they allow customers to repeatedly use fake WHOIS info, they could lose their accreditation. Any legit domains could be moved to a compliant registrar, while the spam domains get revoked.

              Oh, and people
    • by crow (16139)

      You don't need to raise the price, just raise the minimum initial price. If it's currently $10/year, leave it at that price, but set an initial minimum 5-year registration. For real domains, that's fine. For spammers and squatters, that's a significant bump in their costs.

      • by fm6 (162816)

        Actually, it's a lot less than $10 if you register a lot of domains at once. And no, forcing squatters to buy multiple years at once won't raise their average costs much, because squatters often hold on to their domains for years before finding a buyer. I suppose spammers might be hurt, but given the scale of the spam business, not by much.

        Anyway, what is the big deal about $50 a year? If your web site has any volume at all, it's costing you thousands to to keep the lights on. The day when you could host a

        • by Tanktalus (794810)

          Anyway, what is the big deal about $50 a year? If your web site has any volume at all, it's costing you thousands to to keep the lights on.

          Really? I bought in to DreamHosts's new-year's special: $64.44US for two years, including domain name. I would think that if domains were $50/yr instead of $10/yr, I'd likely not have received such a low price. Even at their best rate (bought ahead of time) of $6/month, a jump in registration price of $40/yr (approx $3/month) would likely be noticeable.

          • by fm6 (162816)

            Yes, and DreamHost is so reliable.

            That was sarcasm. I used to use them, and bailed after not being able to get my email with any reliability for days at a time. And while they offer uncapped bandwidth, I'm dubious of their ability to actually provide it. Couldn't say for sure, because I never served that many bits.

            That "best price" you mention requires a ten year up front payment. Having walked away from $60 or so in advance payments I'd already made to them, I'd think twice about giving them $700.

            I'll say

    • and low-visibility sites don't need second level domains

      Long-lasting websites need domains at whatever level puts them outside the control of a single ISP or ASP. If that's the second level, then that means they need SLDs. If there's a third level that you can just register a domain under without being tied to a given ISP (eg, state.us), then they need that kind of third level domain.

      The thing is, if you made SLDs unaffordable, then there would be a demand for reliable third-level registrars, and many many

      • by fm6 (162816)

        The thing is, if you made SLDs unaffordable, then there would be a demand for reliable third-level registrars, and many many people would switch to using reliable 3LD registrars, and the same problem would exist at the third level instead of the second.

        Yes, but then you'd have an easy way to identify domains from a spam-friendly registrar: just look at the 3LDN. You can't do that with 2LDNs registered by Wild West (not without a whois lookup, which adds too much overhead) and even if you could, you'd end up filtering a lot of innocent sites.

        Anyway, I question your definition of $50/year as "unaffordable." Even annual hosting costs on a minimal web site are more than that. Most people who maintain real web sites could easily afford it. A few would switch

        • by argent (18001)

          Yes, but then you'd have an easy way to identify domains from a spam-friendly registrar: just look at the 3LDN.

          You mean like .co.uk?

          and even if you could, you'd end up filtering a lot of innocent sites

          Um, why would you not expect that to be a problem for 3LD registrars?

          Anyway, I question your definition of $50/year as "unaffordable."

          Oh, sorry, I thought that was just an example. If you want to keep spammers from buying and throwing away domains you need to make it too expensive for them, and I doubt $50 wou

          • by fm6 (162816)

            Um, why would you not expect that to be a problem for 3LD registrars?

            Because if everybody's getting spam from *.welovespam.com, nobody's going to want to register in that namespace.

            If you want to keep spammers from buying and throwing away domains you need to make it too expensive for them, and I doubt $50 would be enough to do the job... and once you get the price high enough to deter spammers, it's going to deter non-spammers as well.

            To be honest, I suppose I'm really bitching about the fact that people decided that registration costs were too high, and bitched about it until the marketplace was made competitive. This meant you could renew your domain for a small annual fee, but also that you can't get a really useful domain name without paying a lot of money to a squatter. Ironic, no?

            But back to spammers. Spam is profitable b

            • by argent (18001)

              Because if everybody's getting spam from *.welovespam.com, nobody's going to want to register in that namespace.

              With Tucows and other people offering reseller-in-a-box packages, you really would just be pushing the problem one level down. It wouldn't be "*.welovespam.com", it would be a "*.cool.com" that had 30,000 legitimate domains by the time one of their resellers turned pink.

              But for me, the $50 figure always comes to mind, because I remember everybody whining about it when Network Solutions had a monop

              • by fm6 (162816)

                Oh well, OK then. I still want to go back to expensive domain names (I'll see to it after I've finished selling skis to Satan) but I'll concede that it probably wouldn't impact spam much. Then again, nothing will, short of a meaningful ID infrastructure so that somebody who wants to send you email has to actually identify themselves. So all this ranting against "spam-friendly" service providers is really silly.

                $50 was the price charged by NS when .com and the other major domains were first invented. I forge

                • by argent (18001)

                  Extending the TCPA to cover spam, so you could sue spammers in small claims court for $250/incident, like you can sue telemarketers, would probably do the trick. But it'll never happen.

                  • by fm6 (162816)

                    How do you bring somebody to small claims court who lives in Russia or Nigeria? How do you even trace the origin of spam from a botnet?

                    • by argent (18001)

                      The biggest source of spam is the united states. If you could effectively eliminate US spam it would have a huge and permanent impact on the spamosphere.

                      You don't need to trace the origin cold, or even at all. For a spammer to make money he has to tell the customer how to find him. You follow the money.

  • While I'm not saying that spam is good by any means, the argument of "we don't like you so ICANN should pull your accreditation" is a fairly stupid one.

    Now, if they're involved in something illegal - not annoying/immoral - then I'd like to see that argument made; however, the argument KnujOn currently makes is "we don't agree with how you're running your business, so we think you should be put out of business."

    That, I believe, is pretty fucking stupid.

    • by MightyYar (622222) on Friday February 06, 2009 @02:39PM (#26755735)

      IIRC, the contractual basis that they are going after is whois records. The spam-friendly registrars obviously have fraudulent whois records, which is a breach of their contract with ICANN.

      Spammers will not have legit whois records because this would probably result in their arrest :)

    • by cream wobbly (1102689) on Friday February 06, 2009 @02:44PM (#26755803)

      This is the most retarded backlash I've heard.

      Any accreditation scheme is a method for industry regulation. This is why we *have* accreditation: it functions at a higher ethical standard than legality. So while it's perfectly legal for an unlicensed plumber to do work in your home, it's not guaranteed the work will be up to an acceptable standard. If the work is substandard and damages your home, you can sue, but most people don't want to run the risk of possibly having damage to their home and subsequent legal action. A licensed plumber, on the other hand, must work to certain standards. While the industry is in a completely different league (barring "series of tubes") I am comparing apples to apples here.

      It's simple: if a company doesn't fulfill the standards for accreditation, then of course they should be booted, and have to work twice as hard to regain that accreditation.

      If the accreditation body only pulls membership based on the legality of what a member is doing, then what is the point of their existence? They're leaving all the work to the legal authorities and doing precisely none themselves.

    • by repetty (260322)

      > Now, if they're involved in something illegal - not annoying/immoral -
      > then I'd like to see that argument made; however, the argument KnujOn
      > currently makes is "we don't agree with how you're running your
      > business, so we think you should be put out of business."

      In a lot of places, spam and other forms of service/resource theft ARE illegal.

      Just thought I'd point that out.

      It's like retail shoplifting.... you and I both pay higher prices so retail stores can cover their shoplifting losses. Spa

    • if they're involved in something illegal

      A lot of spam currently involves the illegal sale of (often bogus or counterfeit) drugs and (usually pirated) software. the registrars know this, too. But they continue to do business with these criminals anyways - why? Because they make money off of it, of course.

  • Since when is the news that a GoDaddy sister company called "Wild West" doesn't have the most stringent anti-spam procedures surprising? The only surprise is that they weren't on the list already.
  • "...risk loosing accreditation..." It teh innernet speling!
  • "Beijing Innovative Networks and Joker were issued Breach Notices by ICANN. They were basically told to clean up their operation or risk loosing accreditation"

    Loose accreditation? I thought that was the cause in the first place!
  • I notice that #3 is Network Solutions. Then I look at the graphs, and they aren't listed at all. Are they using a different name for them in the graphs?
  • It made the list woohoo!!
  • by Khopesh (112447) on Friday February 06, 2009 @04:19PM (#26757057) Homepage Journal

    I actually do something similar for my greylisting solution, scraping the SpamCop top offending /24 CIDR blocks and giving them a longer grey-time [wikidot.com]. It helps cut down on spam drastically.

    I also do something similar within SpamAssassin, giving anything in APNIC an extra 0.5 points (with bayes and net). Here's that SA rule if you like:

    header KHOP_THRU_APNIC Received =~ /[^0-9.](?:5[89]|6[01]|12[456]|20[23]|21[0189]|22[012])(?:\.[012]?[0-9]{1,2}){3}(\]|\)| )/
    describe KHOP_THRU_APNIC Received through a relay in Asia/Pacific Network
    score KHOP_THRU_APNIC 0.4 0.2 0.9 0.5 # lowered for autolearn and use w/ BLs

    As mentioned by earlier posts here, there are just too many hosts to implement a straight-up blacklist hack like the two I just mentioned. We'd need some easier whois lookup or URIBL mechanism to deal with this. And those registrars are BIG and surely likely to have legitimate sites hosted too, so it must be in its own SpamAssassin test with a lower score.

  • Good to see that more people are starting to pay attention to the role that registrars play in the spamming epidemic that is affecting everyone who uses the internet. Now that people are starting to shine a light on some of the crooked registrars maybe there will be incentive for them to clean up their act.

    It's just too bad that these bumbling idiots [internic.org] are the ones tasked with trying to make the registrars fly straight.

    Now if we could get some control of the ISPs and hosting companies, we could make some
  • Demanding the registrar to cut off spam is as nonsensical as telling a computer company to stop selling hardware to people who can't secure it. It's a profitable business, the end.

    The ONLY solution to elimination of spam is to stop it from being profitable vis a vis elimination of demand for its products.

    Just a second while I head over to the eugenics lab and get the ball rolling, ok?
    • by Coopjust (872796)
      You ignore several facts:
      -The criminals at these registrars often used the same bogus contact info to register domains 1000+ times. They won't provide real info. A good registrar would suspend the domains of customers doing that until they provided real info - since the spammers wouldn't, they'd lose the domains. If the domains last hours instead of weeks, it's lost sales for the spammers, cost & time to register the new domain, and need to send out more spam with the new site.
      -If registrars WON'T com
  • I saw that this article is tagged:

    spam it spam story

    ...and I immediately heard that British waitress saying "Well, there's spam-it-spam-story, that's not got much spam in it." Wow I need to go outside more often.

  • Where's the list of the white-hat Registrars? I've got my two personal domains coming up for renewal.

Philogyny recapitulates erogeny; erogeny recapitulates philogyny.

Working...