Why Are GoDaddy's .US Domains Being Used For So Much Phishing?

An anonymous reader shared this report from cybersecurity blogger Brian Krebs: Domain names ending in ".US" — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US. Also, .US domains are only supposed to be available to U.S. citizens and to those who can demonstrate that they have a physical presence in the United States... [F]ew other major countries in the world have anywhere near as many phishing domains each year as .US.

That's according to The Interisle Consulting Group, which gathers phishing data from multiple industry sources and publishes an annual report on the latest trends. Interisle's newest study examined six million phishing reports between May 1, 2022 and April 30, 2023, and found 30,000 .US phishing domains.

.US is overseen by the National Telecommunications and Information Administration (NTIA), an executive branch agency of the U.S. Department of Commerce. However, NTIA currently contracts out the management of the .US domain to GoDaddy, by far the world's largest domain registrar. Under NTIA regulations, the administrator of the .US registry must take certain steps to verify that their customers actually reside in the United States, or own organizations based in the U.S. But Interisle found that whatever GoDaddy was doing to manage that vetting process wasn't working.

because good domains are more available there

[Anonymous Coward]

easy fucking question to answer. nobody wants a .us domain name so the massive landgrab never happened there. yet it is still plausible that a US company would have a .us domain name.

Re: because good domains are more available there

[Z00L00K]

It's all about money.
with enough money it's possible to circumvent restrictions.

Re:

[93 Escort Wagon]

Yeah, the obvious answer is the correct answer - a .us domain name is cheap because just about no one uses them.

Re:because good domains are more available there

[quantaman]

easy fucking question to answer. nobody wants a .us domain name so the massive landgrab never happened there. yet it is still plausible that a US company would have a .us domain name.

More than that, a .us suggests to the user that you reside in the US and are therefore subject to US law.

In that way I suspect that a .us is probably more valuable than .com to a scammer since it gives a false sense of assurance.

Maybe it's just me

[MeNeXT]

.us is not an issue but .co was overwhelming to the point I blocked all email from it.

Re:

[Megane]

I run my own inbound SMTP and .us was definitely enough of a problem that I blocked it early, along with .stream and .top, and had to whitelist a couple of .us domains from acquaintances that foolishly had one. I have most ccTLDs blocked, and have IP range blocks for rogue ISPs (mostly from data centers in Europe these days, I guess I covered Asia well enough already). I don't put in blocks until I get spam from them, but I also don't try hard to narrow down IP blocks. Whether I block a class C or a class B

Re:

[MeNeXT]

Gmail and outlook are an issue. I resorted to header checks and body checks. No longer get Geek squad or norton.

Hmmm..

[Vegan Cyclist]

"But Interisle found that whatever GoDaddy was doing wasn't working."

There. Fixed that, not just this issue.

Such a scammy company, no surprise.

Because GoDaddy doesn't care.

[Fly Swatter]

Money over civility. I have been getting credit report phishing spam at least daily for multiple months now and every one of them is from a unique GoDaddy registration. At this point either GODADDY doesn't care about abuse or someone within GODADDY is in on the phishing scams.

Re:Because GoDaddy doesn't care.

[Tony Isaac]

From the beginning, GoDaddy has sold domains using sex. It's very name alludes to this, and its commercials reinforced this message. Sure, all kinds of businesses do this. But the message it sends is that the company is willing to use anything, even completely irrelevant marketing tactics, to get people to buy its stuff. In other words, whatever it takes to get people to buy. Is it surprising that a company with this kind of attitude, turns a blind eye to phishing?

Re:

[Shaiku]

I think you're missing the point that GoDaddy has never positioned itself as best-in-class or even a halfway decent service, or a responsible company. The fact that they use sex-based marketing despite being a technical company sets the tone for what you can expect from the company, so it's no surprise that they completely fail to meet their legal obligations when screening .us domain customers or that they have zero interest in doing anything to curb crime being committed with their services. We can imag

I have a .us domain.

[waspleg]

WHOIS hiding is not allowed. I wonder how they're getting around all this - other than just no one cares to enforce it? My domain is not with GoDaddy maybe that's why?

Re:

[drinkypoo]

Masking whois doesn't prevent a subpoena

Re:

[bobbutts]

Solved it for you:
Jerky McJerkovich
123 Jerk St.
Jerkville, CA 92012

Good ol'...

[VeryFluffyBunny]

..."light touch" regulation, under funding regulatory & enforcement departments, appointing cronies to positions that require some degree of competence, etc..

Same reasons that there always are.

becuase americans will do anything for a dollar

[Growlley]

(or is that a doughnut?) and validation and verification cost money and eat into the profit of selling them the domain name in the first instance.

Because of anonymonity

[WindBourne]

It is trivial to pull these stunts because everyone on the internet is pretty much anonymous to each other. Unless they are using a TRULY VETTED certificate, then you can not be certain of anything. Estonia is about the only nation that does not have this issue. Why? Because they issue a vetted digital certificate to all citizens which they can then use for on-line transactions.

We all knew GoDaddy wa f*cked when...

[RecycledElectrons]

When GoDaddy nuked my email forwarding accounts with no notice, we all knew they were f*cked.

GoDaddy actively nuked my anti-spam feature (which was creating forwarding accounts and giving a forwarding email to every company, so I knew who was spamming me or selling my email to spammers) it was obvious they wanted to help the spammers.

I'm with NameCheap now.

If you want to bankrupt GoDaddy, find a phone number where they actually answer the phone, and give it to every borderline-illegal website you can find.

I just block .us

[JimMcc]

A while ago I added .us to the list of garbage domains that I block. It cut down on a lot of garbage that I was receiving. If you are a legitimate business using .us, sorry, I won't see your emails.