ICANN Asked To Shut Down "Worst" Chinese Registrar

Ian Lamont writes "Anti-spam service Knujon has released reports highlighting how certain registrars in the US and abroad have consistently failed to live up to certain WHOIS-related obligations under ICANN's Registrar Accreditation Agreement (RAA) — specifically, the requirement that people or company registering domains provide valid contact information. Now the firm is requesting that ICANN shut down the worst alleged offender, Xinnet Bei Gong Da Software. According to Knujon, none of the WHOIS records in a sample of 11,000 alleged spam sites registered through Xinnet and reported by Knujon to ICANN's Whois Data Problem Report System were corrected in a six-month period ending in May 2008 — and the Chinese registrar continues to register about 100 spam sites per day. In many cases, says the Knujon document (PDF), Xinnet does not have 'any Whois record data for review while the sites are still active' and the spam sites further promote 'seal abuse' by posting bogus BBB, Verisign, and other trusted industry seals. ICANN says it is investigating. ICANN has just posted a draft revised RAA that is open for public comment until August 4. However, the wording of Section 3.7.8, governing registrars' obligations to check and correct domain owners' contact information, hasn't changed."

Shamelessly stealing previous joke

[Anonymous Coward]

If spam is a "whopper" of a problem, and burger king's "whopper" is a cheeseburger, then...

ICANN has cheezburger?

Funny aside: my captcha is "verified", something which these domains were not.

Re:

[phorm]

ROFLMEOW?

Re:GASP and SHOCK!

[kalirion]

So if they shut down the registrar, wouldn't that invalidate all domains currently registered through them? I'm assuming some of those belong to legitimate non-spammers....

Re:GASP and SHOCK!

[techno-vampire]

Yes, it will. And those legitimate domains can get themselves transferred to a new registrar. Of course, in order to do that, I'd hope that they'd have to provide proper contact details, which would sieve out all the spammers.

Re:

[Anonymous Coward]

Spam from China? GASP!

Funny how all the spam I receive is from Chinese servers but advertising for US products only available for purchase in the US and leading to US websites.

pot. kettle.

Re:GASP and SHOCK!

[Antique Geekmeister]

A lot of the spam from China is from US spammers: throwaway domains are very useful, to duck blacklists. It's really an international problem, and tends to fester due to companies like this, which ICANN is typically unable or unwilling to disconnect.

Re:

[1u3hr]

Spam from China? GASP!

Spam from domains registered in China. Not at all the same thing.

Re:

[Meski]

Spam from the middle east would be funnier.

In other words

[commodoresloat]

ICANN has Chinese burglers?

Re:

[socsoc]

the ICANN and lolcat combination is getting really old...

seal abuse

[Lehk228]

"Seal Abuse"

wow did the mental giants who first thought up using an inline graphic to portray legitimacy ever consider that someone may.... save... said graphic and re-use it.

Re:seal abuse

[MrNaz]

You know you're living in the 21st century when "seal abuse" does not involve clubbing large numbers of adorable baby amphibious mammals in the Arctic.

Re:

[stainlesssteelpat]

Yeah but they make great executive jackets [youtube.com]

Re:

[Urkki]

Sure seals are amphibous. They're just not amphibians.

Unless you're talking about water-soluble seals, but those have to be protected from rain too, not just from full immersion in water. But I don't know of any material used for sealing things, that is water-soluble.

Never seen water-soluble seals?

[GameboyRMH]

Guess you've never owned a newer American car...

Re:

[jandrese]

So are you saying that seals can't walk on land, or that they can't swim in the water?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[MrNaz]

At least, that's what the poacher claimed.

Re:

[CartoonFan]

Yeah, we need to get the SPCA on these people. Abusing seals is a terrible thing to do.

Re:

[aj50]

Yes they did.

If the seal is valid you can click on it and get an information page about the site.

If you get a page about another site or the seal isn't a link then the site isn't legitimate.

A faked verisign seal on a web site is a great clue that they're not the right people to shop with. It also makes spotting phishing sites a lot easier.

Re:

[Samah]

Even better, if they're lazy enough to just direct link, you may want to replace the "images/corporate_logo.jpg" file with "hello.jpg" [google.com].

My prediction: Internet segmentation

[erroneus]

As it stands, I have observed some common practices of simply blocking traffic going to or coming in from IPs from certain foreign nations. For some businesses, this practice alone reduces a tremendous amount of spam without affecting normal business flows. It would also make sense for users and businesses to restrict all communications with peers outside of their borders if, in fact, it has no adverse affect to their business flows.

Ultimately, this could lead to a segmented internet where entire nations find themselves effectively cut off by policy.

I am undecided about whether or not this is a good idea, but if China and Russia won't stop their criminals, perhaps they shouldn't have a presence on the global internet. The message? Play nice or you won't be allowed to play at all! My guess is that internet sanctions would have much faster reaction than economic sanctions.

Re:My prediction: Internet segmentation

[_merlin]

Well, I'd be all for a segregated internet if it could keep all the American spam comments advertising drugs, loans, insurance and porn off my blog. Remember the USA is still the biggest spam producer. It would be nice if you could only spam yourselves.

Re:My prediction: Internet segmentation

[MrNaz]

"If China and Russia won't stop their criminals..."

You're aware that the US is still, by a factor of almost 4, the number one spamming nation on Earth? But don't take my word for it:

http://www.spamhaus.org/statistics/countries.lasso [spamhaus.org]

Now, you were saying? Sorry, it's hard to hear you when you're speaking from atop such a high horse.

Re:My prediction: Internet segmentation

[Shatrat]

Sorry, it's hard to hear you when you're speaking from atop such a high horse.

That's a pretty condescending attitude on your part as well.
We may have more spammers here, but at least we have a history of prosecuting and convicting at least some of them.
I don't really know whether China/Russia have ever convicting anyone of spamming, but TFA refers to a registrar that is either incompetent or complicit dealing with spammers and located in China.
Sometimes it's ok to criticize a country other than the USA.
Just let that sink in a little.

Re:My prediction: Internet segmentation

[ChameleonDave]

We may have more spammers here, but at least we have a history of prosecuting and convicting at least some of them.

What difference does that make to me, sitting here with an inbox full of American spam?

Re:

[stonecypher]

Take a look at the rate of growth in spam between the two nations, extrapolate two years, and you have your answer.

The US may have the lead in the spam race, but China's spam is growing exponentially, and ours is shrinking. They've never prosecuted a spammer.

Gee, why could it be important to shut down a corrupt registrar under circumstances like those? Hm. Figure it out. Shouldn't take you much more than 30 seconds.

Re:

[ChameleonDave]

Gee, why could it be important to shut down a corrupt registrar under circumstances like those? Hm. Figure it out. Shouldn't take you much more than 30 seconds.

That's a straw man because I'm not arguing against action against a corrupt registrar. I'm saying that people should get off their high horse (since their countries produce a lot of spam too) and stop making racist generalisations and calls for data from certain countries to be blocked.

Re:

[SpamIsLame]

We may have more spammers here, but at least we have a history of prosecuting and convicting at least some of them.

What difference does that make to me, sitting here with an inbox full of American spam?

Actually, in the case of the particular properties listed in this report (PowerEnlarge, VPXL, Canadian Healthcare, Wondercum) the sponsor for all of those sites is known as SanCash, which is operated jointly out of India and New Zealand. It recently changed its name to ETranz.mu. They list their corporate offices as being located in Mauritius, a notorious offshore location for underground activity.

The mailers who send you this crap are more than likely located in the US, but the ones who profit from it the

Re:My prediction: Internet segmentation

[IBBoard]

I don't really know whether China/Russia have ever convicting anyone of spamming

I think the Russians are actually more effective than the Americans - they murder their Spam King Pins [theregister.co.uk]!

Re:

[nonewmsgs]

i always thought In Russia Spam King Murders YOU!

Re:

[Nimey]

No, I think there retarded meme posts you.

Re:

[tanveer1979]

Who cares even if you shoot 90% of your spammers. What matters is that your country contributes more spam than China and Russia, yet you think banning Russia and china will solve spam problem. you related to Bushie darling?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[daveytay]

Nice proof, but not relevant to the issue at hand because the article is about registrars not the source hosts. Have you done a lookup of who registered those spam sites? That is what this is about. No RDNS makes life difficult.

Re:

[Anonymous Coward]

the number one spamming nation on Earth?

...and don't even get me started on extraterrestrial spam.

Re:

[ya really]

You're aware that the US is still, by a factor of almost 4, the number one spamming nation on Earth? But don't take my word for it: http://www.spamhaus.org/statistics/countries.lasso [spamhaus.org] [spamhaus.org] Now, you were saying? Sorry, it's hard to hear you when you're speaking from atop such a high horse.

Does this take into consideration a large portion of the bots in the US being controlled by forces outside of the country? It's a pretty well known that just because a computer is spamming and its origin is with

Re:My prediction: Internet segmentation

[Tony Hoyle]

Here is a list of the most prolific spammers in the world - aka. the people controlling these bots:
http://www.spamhaus.org/rokso/index.lasso [spamhaus.org]

They're mostly american.

if the US has 4X the number

[filthpickle]

why is that that I seem to get far more spam written by someone that obviously doesn't speak English as a first language?

I am not arguing the point you make, it just seems odd.

Are there really people dumb enough to click on some of these links? I guess there are or people wouldn't waste their time doing it.

Anyone that watches sports (esp American football) will know when they invent a drug that will make actually make your penis bigger...you won't find out via email...it will be every third commercial durin

Re:

[Dan541]

But do you count the "origin" as the spammers country or the location of the servers?

I see allot of spam coming from china but it appears to be mostly linked with US products.

Spam yes, how about attacks?

[phorm]

I've not really notice China/Russia being any worse for SPAM than elsewhere, but one thing I did notice is that they seem to be much more often the source of cracking attempts against my boxen both at home and work. Even if a lot of it is just SSH password-guessing (sorry losers, I don't allow root-level SSH so you can stop trying that username), a large portion of the IP's involved in this seem to original from China and Russia. Still, I couldn't tell you how many are direct, deliberate attempts and how ma

Re:My prediction: Internet segmentation

[dbIII]

The problem is that this ISP takes international registrations from spammers everywhere so blocking by a nations IP blocks is not going to help at all. Xenophobia may be comforting but is no help when the many of the criminals are likely to be in your own nation, it's better to go after them directly. As for hampering commerce with major trade partners to slow down some petty crooks that may be next door - implications are worth thinking about.

Re:

[colfer]

Block traffic from all domains registered through this registrar.

Doesn't everyone block most of the Pacific rim?

[baomike]

Korea to Hong Kong.
This includes taiwan.

Re:

[Geak]

The biggest problem with this thinking is that governments don't have any control over the internet anymore, telco's do. Various governments have proven time and time again that they don't want to have anything to do with regulating the internet whatsoever, probably because it's a big cost and they'll get a huge backlash from voters who will have more freedoms stripped away from them. Not only that but the telcos will start whining. The big telcos love globalization. A country like China needs more band

Re:

[Tony Hoyle]

This is china we're talking about here. You can bet that the chinese government has control over the internet, just like it has control over everything else.

Re:

[Geak]

No, it's not china I'm talking about - its multinational companies. If an ISP in China asks a big telco like AT&T to provide them with connectivity, then AT&T will do it in a heartbeat, and no government is going to stop it. But while we're on the subject - if the chinese government had control over the internet then I wouldn't be able to say something like this: "THE CHINESE GOVERNMENT SUCKS GOATSE BALLS!!!"

Re:

[1u3hr]

It would also make sense for users and businesses to restrict all communications with peers outside of their borders if, in fact, it has no adverse affect to their business flows.

And it's because of thinking like that that I, in Hong Kong, find it impossible to communicate with some people in the US.

I am undecided about whether or not this is a good idea, but if China and Russia won't stop their criminals

"Their" criminals? The criminals are OVERWHELMINGLY AMERICAN. They use hosting services overseas

Re:

[erroneus]

I don't claim the US is innocent, not even by implication. I am only pointing out that blocking out other countries is quite effective unless you're doing business overseas.

And as far as finding it impossible to communicate with people in the US is concerned, you can see the how and the why in action.

Sometimes really bad solutions have to be enacted before people will be interested in fixing the solution better which results in the problem being solved in a better way. Otherwise, it's just easier to do no

Re:

[1u3hr]

And as far as finding it impossible to communicate with people in the US is concerned, you can see the how and the why in action.

No, I can't. I'm trying to contact friends and people I'm doing business with in the US, their ISPs bounce me because I live in the same continent as some spammers. And it doesn't stop spam to any extent anyway.

But I'm well aware that the majority of spammers are in the US.

So why did you say "China and Russia won't stop their criminals" when the criminals Are American?

B

Re:

[macdaddy]

At the ISP that I run I would personally love to block China. For that matter I would block all of Asia if I could. 98% of the attacks we've been under and the network reconnaissance we've seen comes from China and other Asian countries. I maintain a sizeable block list that I have to feed by hand. I check the WHOIS on every IP or netblock I add. The number of RIPE or ARIN-registered netblocks are so few that I actually author an email to the abuse contacts for that non-Asian SP to report the abuse. I

anti-spam kills anonymous speech

[Schraegstrichpunkt]

Yet again, "ID cards" are proposed as a method to curb spam, at the expense of anonymous speech.

When are we going to actually fix our protocols?

Re:

[MadnessASAP]

Nothing wrong with the protocols, they work work just fine. In fact they work so well that around the world they are capable of handling millions of messages a day across a constantly changing network with an incredibly small failure rate. Perhaps what in fact need to be fixed is the people and the businesses they run, may I suggest a crowbar or other suitably large piece of metal.

Re:anti-spam kills anonymous speech

[SpeedyDX]

RespectMyPrivacy.com [respectmyprivacy.com] is a service provided through NearlyFreeSpeech.Net [nearlyfreespeech.net] that allows users to put up proxy contact information with which people may still contact you. Snail mail and faxes are forwarded to their addresses, and when they receive any snail mail or faxes addressed to your domain, they will ask you whether you want these forwarded to yourself. There is also a proxy email that forwards to the email account that you used to register. All of this (allegedly) complies with ICANN regulations, since the information can be used to contact you. The simple solution is the one provided by RMP.C, and it doesn't compromise anonymity.

Perhaps the situation is not as bleak as you make it out to be.

Re:

[Dan541]

What's wrong with email as it is?

I know it chews CPU time when a spammer blasts you, but that happens with all services connected to the Internet.
Changing a protocol is only going to cause incompatability issues.

Re:

[hughk]

There is an 'ID' card, if people bothered to enforce existing laws. To collect inbound payments for V1agra, etc., you need to be able to process credit cards. To get the necessary processing account setup, you should be required to prove the beneficial owner of a company. This is an existing law and easy to enforce. It doesn't stop someone who wants to start a 'screwthepoliticians.com' protest website.

Contact info is better found on the web site.

[Animats]

There's been a formal study of bad WHOIS data by the Government Accounting Office [gao.gov], the investigative arm of Congress, titled "Prevalence of False Contact Information for Registered Domain Names", on this topic. They found at least 8% of contact info in WHOIS to be totally bogus. They also, as a test of ICANN, submitted 45 "WHOIS information problem reports", of which 11 resulted in correction and 33 did not. But GAO didn't break down the data by registrar.

We've been interested in this issue at SiteTruth [sitetruth.com] for some time. We take a broader view of "bad" web sites than most; we consider any commercial site that lacks valid business name and address information to be bogus. Over 35% of Google AdWords advertisers fail that test. [sitetruth.net] For advertisers whose ads appear on Myspace, the ratio is much higher.

Originally, we tried to get contact information from WHOIS data, but the data quality was so appallingly bad that we had to develop another approach. We have a system that looks for contact info the way a user would, looking at pages with names like "About", "Contact", and such, trying to find a user-readable street address. We also have some big databases of business addresses to check against. This turns out to work much better than looking at WHOIS data when the goal is to find the business behind the web site.

(You can see this info using our AdRater [sitetruth.com] plug-in for Firefox. Download our plug-in to see the ratings for each Google advertiser as the ads go by. Unless you're already blocking all such ads, of course.)

Whois invites SPAM

[phorm]

The problem with a lot of this is, WHOIS records themselves invite SPAM (conveniently having your email address available to spammers) or other issues. Personally, I'd rather not have some internet eTard with a hot temper and righteous indignation at something I posted online coming to hunt me down via my address in a WHOIS entry...

Re:

[colfer]

GoDaddy requires you confirm your whois info about once a year. I have read they will cut you off if they find it is inaccurate.

Re:

[drinkypoo]

I don't want my real physical address listed on my domain for the world to see, and I don't have a P.O. box. As a business these complaints are irrelevant, but as an individual I have a right to privacy and requiring valid contact information infringes on that right. This issue is bigger than stopping spam. It's time we looked into making the necessary upgrades to the mail transfer system, and stopped trying to put bullshit bandaids on the problem.

Re:

[Animats]

I don't want my real physical address listed on my domain for the world to see, and I don't have a P.O. box.

We get that a lot. Now go read California Business and Professions Code Section 17358 [sitetruth.com], which applies if you sell to California, and the European Electronic Commerce Directive (2000/31/EC) [sitetruth.com], which applies if you sell in Europe. Anonymous businesses are illegal in most of the developed world. Deal with it.

California prosecutors have used B&P code section 17538 [state.ca.us] when dealing with complaints agai

Re:

[drinkypoo]

We get that a lot. Now go read California Business and Professions Code Section 17358, which applies if you sell to California, and the European Electronic Commerce Directive (2000/31/EC), which applies if you sell in Europe. Anonymous businesses are illegal in most of the developed world. Deal with it.

I just argued that a business should be required to report, but that I as a private citizen should not, and you responded by saying that businesses have to report. You're not very good with this whole reading comprehension thing, are you?

If I am engaging in business anonymously, it's probably because it's something I wouldn't take a credit card for in the first place, and so that is a non-issue. I mean, look at the facts - credit card transactions are logged by their very nature, but if you're trying to

Diplomatic incident

[Alain Williams]

This could cause a Chinese/USA diplomatic incident. The Chinese upset ''because ICANN (a branch of the government of the USA) is exerting unfair control over the Internet''.

This is one reason why ICANN should be made completely independent of the USA government.

Now in paperback...

[Alarindris]

ICANN Wants to Shut Down a Registrar
and So Can You!

So the US owns the internet?

[jonaskoelker]

Not to be more anti-american than I have to, doesn't this show that the United States, in some sense, "owns" the internet? If not, why?

Re:So the US owns the internet?

[Eskarel]

The US doesn't exactly own the internet. ICANN however is supposed to be the central authority on DNS naming(someone has to be and they're the ones who started it), whether you agree with this or not is really rather immaterial.

However as this isn't really an issue of the US overriding China's rights on the internet it's not really all that important.

The registrar, who happens to be in China, but could be anywhere for all that it matters signed an agreement with ICANN to follow its rules regarding domain registration. One of those rules it that valid contact information has to be present for all domains. It doesn't as far as I can see have to lead to the person who runs the address, or to any individual involved in the domain(so it's not really an ID card), it simply has to lead to an actual someone who is responsible for that domain. That person is free to decline any requests for information regarding the actual users of their domain, and even to not collect said information at all. They are also entitled to allow said users to continue any activity which doesn't breach the agreement they signed with ICANN or any laws which are applicable to them(ie US law does not apply to a Chinese registrar, but the registrar's agreement with ICANN does). Yes there are potential issues of censorship and you might argue that requiring an individual to be responsible for the registration is wrong, it is however the agreement which the registrars signed in exchange for being able to give out registrations which will be honoured by the internet as a whole and so therefor they're responsible for holding to it.

Re:

[Dan541]

No the United States of America doesn't own the internet, they often think they do but they don't.

Re:

[RiotingPacifist]

the ips are somewhere in the range *.*.*.* , they are hosted anywhere but REGISTERED with a Chinese registrar. MOST of the IPs will be Chinese but as a REGISTRAR they have no control over IPs, please get a clue.

It's ironic. Don't you think?

[kinabrew]

It's ironic that they want domain owners to provide valid contact information in the belief that this will stop spam.

Before I moved to a registrar who provided free anonymous registration, I provided fake contact information specifically to prevent spambots from looking up my information in whois.

Not really

[damn_registrars]

It's ironic that they want domain owners to provide valid contact information in the belief that this will stop spam.

No, actually it really isn't ironic at all. The mechanism makes sense when one considers how many more internet users there are than internet domains. The purpose of requiring valid contact information is so that there is a valid mechanism for contacting the owners of domains that are being spamvertised. The reasoning behind this is simple - if the companies that benefit from spam are required to make their true contact information known, then a mechanism to take action against them is available.

Whi

Physical confirmation

[Midnight Thunder]

The only real solution, but not perfect either, is to send a physical confirmation letter (snail mail) to the address in question. The letter would contain a confirmation code that needs to be used to activate the account. Until that happens the account and domain would be reserved for one month before it is returned to the void.

What would be interesting is whether it would be possible to add some intelligence into the DNS server, which checks the whois database to find out who the registrar is. You could t

Re:

[colfer]

I don't think SMTP usually involves DNS. But spam-listing all the registrar's domains would be possible. Almost every spam email contains links. That is the key.

Re:

[colfer]

I mean SMTP on the receiving side, of course. D'oh!

r u kidding me....reverse psych 101

[hesaigo999ca]

Guys, we have to hold on to this ISP, the fact is it is easier to have all the websites on one
ISP, then block that ISP from ever being allowed to show up in your browser, then it is to can them, and have to redo all the tracing work of where is this website now, and where is that one.

We have lost enough resources already fighting this,
we should leave them alone and let them think they are ok where they aren't.
This way I wont have to reconfigure everything all over again to block a new slew of ip addresses.

Re:

[RiotingPacifist]

Did you even read the TITLE, not the article not even the summary, just the fucking title.

ICANN Asked To Shut Down "Worst" Chinese Registrar

hint: the word registrar means they are registrars not ISPs, unlike other posts would lead you to belive they
1) do not control the IP addresses of spammers
2) do not control the Service for the spammers

As slashdot has clearly become a non-geek hangout ill explain how this mess works
guy buys a server (from an ISP, but often hosted by a hosting server) - this decided the IP
guy registers a name for the IP he already has (

Re:

[hesaigo999ca]

You are right, I didn't quite see the full extent of the title, as I have my /.
on partial view so as to get more story lines through.

If the prob is the reg.s not having up to date info , we need to change THAT system.

Godaddy ( my reg. ) sent me some emails telling me that if i didn't update my info to the most recent info that i could get my names blacklisted from dns servers everywhere, so I updated, then it dawned on me, how do they know if the info is real, i have yet to get a knock on my door or call on

Not sure if its even the worst

[damn_registrars]

I can say from my own experience with spam that there are plenty of bad registrars in China, even when only considering which ones are spammer-friendly. Most of the spam email that I receive as advertising for illegal sales of drugs or pirated software is sent on behalf of domains sold by Chinese registrars.

A few Chinese bad apples:

• HKDND
• yesnic
• easydns
• paycenter

And these are just a few bad registrars that I find by searching through a short collection of my spam.

ENOM is another nasty one--and American

[SgtAaron]

I have received lots of spam from these Xinnet-registered domains. I do get frustrated until I remember I've been getting spammed going on 12 or 13 years, never having once been able to get a blasted spammer in my sights... it's just one of those things you have to live with, it seems, since protocols aren't going to change and neither is the nature of many of our human cousins. Well, this is pessimistic, sure.

And then there is ENOM, a wholly American outfit, and I'm wondering why these folks (and I admir

Re:I don't trust the Chinese

[commodoresloat]

Their eyes are a little bit too slanted for my taste.

Actually, if you're going to taste them, it's best to remove them from the eyelid entirely. At that point, they're really indistinguishable from European eyes, but much more flavorful.

After an hour or so, though, you need to eat another one.