Slashdot Mirror

← Back to Stories (view on slashdot.org)

ICANN Asked To Shut Down "Worst" Chinese Registrar

Posted by kdawson on from the pictogram-for-spam dept.

Ian Lamont writes "Anti-spam service Knujon has released reports highlighting how certain registrars in the US and abroad have consistently failed to live up to certain WHOIS-related obligations under ICANN's Registrar Accreditation Agreement (RAA) — specifically, the requirement that people or company registering domains provide valid contact information. Now the firm is requesting that ICANN shut down the worst alleged offender, Xinnet Bei Gong Da Software. According to Knujon, none of the WHOIS records in a sample of 11,000 alleged spam sites registered through Xinnet and reported by Knujon to ICANN's Whois Data Problem Report System were corrected in a six-month period ending in May 2008 — and the Chinese registrar continues to register about 100 spam sites per day. In many cases, says the Knujon document (PDF), Xinnet does not have 'any Whois record data for review while the sites are still active' and the spam sites further promote 'seal abuse' by posting bogus BBB, Verisign, and other trusted industry seals. ICANN says it is investigating. ICANN has just posted a draft revised RAA that is open for public comment until August 4. However, the wording of Section 3.7.8, governing registrars' obligations to check and correct domain owners' contact information, hasn't changed."

23 of 119 comments (clear)

  1. In other words by commodoresloat · · Score: 4, Funny

    ICANN has Chinese burglers?

  2. Shamelessly stealing previous joke by Anonymous Coward · · Score: 5, Funny

    If spam is a "whopper" of a problem, and burger king's "whopper" is a cheeseburger, then...

    ICANN has cheezburger?

    Funny aside: my captcha is "verified", something which these domains were not.

  3. Re:I don't trust the Chinese by commodoresloat · · Score: 4, Funny

    Their eyes are a little bit too slanted for my taste. Actually, if you're going to taste them, it's best to remove them from the eyelid entirely. At that point, they're really indistinguishable from European eyes, but much more flavorful.

    After an hour or so, though, you need to eat another one.

  4. seal abuse by Lehk228 · · Score: 3, Insightful

    "Seal Abuse"

    wow did the mental giants who first thought up using an inline graphic to portray legitimacy ever consider that someone may.... save... said graphic and re-use it.

    --
    Snowden and Manning are heroes.
    1. Re:seal abuse by MrNaz · · Score: 4, Funny

      You know you're living in the 21st century when "seal abuse" does not involve clubbing large numbers of adorable baby amphibious mammals in the Arctic.

      --
      I hate printers.
  5. My prediction: Internet segmentation by erroneus · · Score: 4, Insightful

    As it stands, I have observed some common practices of simply blocking traffic going to or coming in from IPs from certain foreign nations. For some businesses, this practice alone reduces a tremendous amount of spam without affecting normal business flows. It would also make sense for users and businesses to restrict all communications with peers outside of their borders if, in fact, it has no adverse affect to their business flows.

    Ultimately, this could lead to a segmented internet where entire nations find themselves effectively cut off by policy.

    I am undecided about whether or not this is a good idea, but if China and Russia won't stop their criminals, perhaps they shouldn't have a presence on the global internet. The message? Play nice or you won't be allowed to play at all! My guess is that internet sanctions would have much faster reaction than economic sanctions.

    1. Re:My prediction: Internet segmentation by _merlin · · Score: 5, Interesting

      Well, I'd be all for a segregated internet if it could keep all the American spam comments advertising drugs, loans, insurance and porn off my blog. Remember the USA is still the biggest spam producer. It would be nice if you could only spam yourselves.

    2. Re:My prediction: Internet segmentation by MrNaz · · Score: 5, Informative

      "If China and Russia won't stop their criminals..."

      You're aware that the US is still, by a factor of almost 4, the number one spamming nation on Earth? But don't take my word for it:

      http://www.spamhaus.org/statistics/countries.lasso

      Now, you were saying? Sorry, it's hard to hear you when you're speaking from atop such a high horse.

      --
      I hate printers.
    3. Re:My prediction: Internet segmentation by dbIII · · Score: 4, Insightful

      The problem is that this ISP takes international registrations from spammers everywhere so blocking by a nations IP blocks is not going to help at all. Xenophobia may be comforting but is no help when the many of the criminals are likely to be in your own nation, it's better to go after them directly. As for hampering commerce with major trade partners to slow down some petty crooks that may be next door - implications are worth thinking about.

    4. Re:My prediction: Internet segmentation by Shatrat · · Score: 4, Insightful

      Sorry, it's hard to hear you when you're speaking from atop such a high horse. That's a pretty condescending attitude on your part as well.
      We may have more spammers here, but at least we have a history of prosecuting and convicting at least some of them.
      I don't really know whether China/Russia have ever convicting anyone of spamming, but TFA refers to a registrar that is either incompetent or complicit dealing with spammers and located in China.
      Sometimes it's ok to criticize a country other than the USA.
      Just let that sink in a little.
      --
      09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    5. Re:My prediction: Internet segmentation by ChameleonDave · · Score: 3, Insightful

      We may have more spammers here, but at least we have a history of prosecuting and convicting at least some of them. What difference does that make to me, sitting here with an inbox full of American spam?
    6. Re:My prediction: Internet segmentation by IBBoard · · Score: 4, Informative

      I don't really know whether China/Russia have ever convicting anyone of spamming

      I think the Russians are actually more effective than the Americans - they murder their Spam King Pins!
    7. Re:My prediction: Internet segmentation by Tony+Hoyle · · Score: 4, Informative

      Here is a list of the most prolific spammers in the world - aka. the people controlling these bots:
      http://www.spamhaus.org/rokso/index.lasso

      They're mostly american.

    8. Re:My prediction: Internet segmentation by SpamIsLame · · Score: 3, Interesting

      We may have more spammers here, but at least we have a history of prosecuting and convicting at least some of them. What difference does that make to me, sitting here with an inbox full of American spam? Actually, in the case of the particular properties listed in this report (PowerEnlarge, VPXL, Canadian Healthcare, Wondercum) the sponsor for all of those sites is known as SanCash, which is operated jointly out of India and New Zealand. It recently changed its name to ETranz.mu. They list their corporate offices as being located in Mauritius, a notorious offshore location for underground activity.

      The mailers who send you this crap are more than likely located in the US, but the ones who profit from it the most are not. (Based on my own research, even the large-scale American spammers tend to be either Russian or from other foreign countries. It is rare that someone born in the US is behind the send button.)

      The individuals behind these mass domain registrations may also be located in the US, but again they are not the main profit department from these activities.

      These Chinese Registrars may not (repeat: may not) be in cahoots with them either. They merely represented a prime resource due to their total lack of attention to non-Chinese-language complaints.

      The other high profile spam operation who profits from this abuse is known alternately as Spamit or GlavMed. They are the affiliate program behind "Canadian Pharmacy", which is notable due to the fact that there is now a direct link between Canadian Pharmacy domains and the Storm worm. (Documented in several blogs and security review sites.) They also have a lengthy history of hacking public web servers to use them as redirections to the actual spammed target, causing grief for a lot of otherwise legitimate domain owners.

      Spamit / Glavmed is known to be a largely Russian operation. Glavmed is largely considered a non-spam affiliate program but they deal with precisely the same properties, just without any mention of email spamming.

      Not one of the large-scale spam operations has its roots in North America. They are all located offshore, and run by citizens of non-US countries, and remain located in those non-US countries, probably in an attempt to enforce some bogus "immunity" on their criminal activity.

      Registrars are a tiny piece of the puzzle. I wish someone would directly investigate and go after these sponsor organizations.

      Spamit and SanCash are responsible for the majority of all spam received by most individuals around the world. When they experience difficulties (ie: widepsread domain shutdowns), you begin to see incoming spam revert 100% to stock spam, since they can't spam domains anymore. This is a provable, repeatable experiment.

      SiL / IKS / concerned citizen

      --
      -- SiL / IKS / concerned citizen
  6. Re:GASP and SHOCK! by kalirion · · Score: 3, Interesting

    So if they shut down the registrar, wouldn't that invalidate all domains currently registered through them? I'm assuming some of those belong to legitimate non-spammers....

  7. Re:GASP and SHOCK! by techno-vampire · · Score: 4, Informative

    Yes, it will. And those legitimate domains can get themselves transferred to a new registrar. Of course, in order to do that, I'd hope that they'd have to provide proper contact details, which would sieve out all the spammers.

    --
    Good, inexpensive web hosting
  8. anti-spam kills anonymous speech by Schraegstrichpunkt · · Score: 4, Insightful

    Yet again, "ID cards" are proposed as a method to curb spam, at the expense of anonymous speech.

    When are we going to actually fix our protocols?

    --
    http://outcampaign.org/
    1. Re:anti-spam kills anonymous speech by SpeedyDX · · Score: 4, Informative

      RespectMyPrivacy.com is a service provided through NearlyFreeSpeech.Net that allows users to put up proxy contact information with which people may still contact you. Snail mail and faxes are forwarded to their addresses, and when they receive any snail mail or faxes addressed to your domain, they will ask you whether you want these forwarded to yourself. There is also a proxy email that forwards to the email account that you used to register. All of this (allegedly) complies with ICANN regulations, since the information can be used to contact you. The simple solution is the one provided by RMP.C, and it doesn't compromise anonymity.

      Perhaps the situation is not as bleak as you make it out to be.

  9. Contact info is better found on the web site. by Animats · · Score: 4, Interesting

    There's been a formal study of bad WHOIS data by the Government Accounting Office, the investigative arm of Congress, titled "Prevalence of False Contact Information for Registered Domain Names", on this topic. They found at least 8% of contact info in WHOIS to be totally bogus. They also, as a test of ICANN, submitted 45 "WHOIS information problem reports", of which 11 resulted in correction and 33 did not. But GAO didn't break down the data by registrar.

    We've been interested in this issue at SiteTruth for some time. We take a broader view of "bad" web sites than most; we consider any commercial site that lacks valid business name and address information to be bogus. Over 35% of Google AdWords advertisers fail that test. For advertisers whose ads appear on Myspace, the ratio is much higher.

    Originally, we tried to get contact information from WHOIS data, but the data quality was so appallingly bad that we had to develop another approach. We have a system that looks for contact info the way a user would, looking at pages with names like "About", "Contact", and such, trying to find a user-readable street address. We also have some big databases of business addresses to check against. This turns out to work much better than looking at WHOIS data when the goal is to find the business behind the web site.

    (You can see this info using our AdRater plug-in for Firefox. Download our plug-in to see the ratings for each Google advertiser as the ads go by. Unless you're already blocking all such ads, of course.)

  10. It's ironic. Don't you think? by kinabrew · · Score: 3, Informative

    It's ironic that they want domain owners to provide valid contact information in the belief that this will stop spam.

    Before I moved to a registrar who provided free anonymous registration, I provided fake contact information specifically to prevent spambots from looking up my information in whois.

  11. Re:So the US owns the internet? by Eskarel · · Score: 4, Informative
    The US doesn't exactly own the internet. ICANN however is supposed to be the central authority on DNS naming(someone has to be and they're the ones who started it), whether you agree with this or not is really rather immaterial.

    However as this isn't really an issue of the US overriding China's rights on the internet it's not really all that important.

    The registrar, who happens to be in China, but could be anywhere for all that it matters signed an agreement with ICANN to follow its rules regarding domain registration. One of those rules it that valid contact information has to be present for all domains. It doesn't as far as I can see have to lead to the person who runs the address, or to any individual involved in the domain(so it's not really an ID card), it simply has to lead to an actual someone who is responsible for that domain. That person is free to decline any requests for information regarding the actual users of their domain, and even to not collect said information at all. They are also entitled to allow said users to continue any activity which doesn't breach the agreement they signed with ICANN or any laws which are applicable to them(ie US law does not apply to a Chinese registrar, but the registrar's agreement with ICANN does). Yes there are potential issues of censorship and you might argue that requiring an individual to be responsible for the registration is wrong, it is however the agreement which the registrars signed in exchange for being able to give out registrations which will be honoured by the internet as a whole and so therefor they're responsible for holding to it.

  12. Re:GASP and SHOCK! by Anonymous Coward · · Score: 3, Insightful

    Spam from China? GASP!

    Funny how all the spam I receive is from Chinese servers but advertising for US products only available for purchase in the US and leading to US websites.

    pot. kettle.

  13. Re:GASP and SHOCK! by Antique+Geekmeister · · Score: 3, Informative

    A lot of the spam from China is from US spammers: throwaway domains are very useful, to duck blacklists. It's really an international problem, and tends to fester due to companies like this, which ICANN is typically unable or unwilling to disconnect.