Slashdot Mirror
KnujOn Updates Top 10 Spam-Friendly Registrars List
alphadogg writes "Some companies are more popular than others for spammers wanting to register their domain names. Spam-fighting organization KnujOn has updated its report on the top 10 registrars whose customers are linked to spam and other illicit activity. (We discussed the original report last year.) These 10 companies registered 83% of the domains spammed in KnujOn's sample of spam between June and January. KnujOn found that some companies have cleaned up their act in recent months and that others — most surprisingly, Network Solutions and GoDaddy sister company Wild West domains — have popped up on the list. At the top of KnujOn's list, for the second time in a row, is Xinnet.com, a Chinese registrar linked to more than 3 million spam messages. KnujOn recommends that ICANN threaten to pull Xinnet's accreditation, as it did for some of the offenders on the previous list."
can't a bigger fish block them till they clean up?
Okay, I'll bite...
Why does this have a red headline on the front page?
Just pull the plug on them, on the whole internet for that matter. That'll teach those spammers a lesson!
Is there any easy, automated mechanism to find out who the registrar of a domain is? This information could be very useful to spam filters and RBLs based on registrar could then exist.
WHOIS doesn't count, as it's not designed for mass querying.
If there isn't such a mechanism, I think that it could be a very useful thing that ICANN could do.
The registrar I use has dropped off the list. I no longer have any qualms about signing up for a reseller account with them. :-)
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
Will not go away overnight. It is a lucrative business for those who are becoming exceedingly desperate. Removing the registrars on that list won't help anything in the long run.
Maybe some registrars are more spam-friendly than others, but as long as domains are so absurdly cheap, there's not a lot registrars can do to prevent abuse. If they freeze one domain, the spammer or phisher or whatever just spends a few bucks to get another one.
Ever get spam from Continental Who's Who? They use a different domain name with every daily email!
Not that I think it will ever happen, but I'd dearly love to go back to when domain registration was a monopoly, and a second level domain cost you $50 a year. That's not a lot compared to the cost of maintaining a high-visibility web site — and low-visibility sites don't need second level domains. This situation ended when people started whining about getting "ripped off" by registrars. Opening up competition brought registration fees down, but it also destroyed service levels and enabled another kind of ripoff: squatters who can afford to register thousands of domains on the off chance that somebody might be willing to pay a few thousand bucks to use them.
While I'm not saying that spam is good by any means, the argument of "we don't like you so ICANN should pull your accreditation" is a fairly stupid one.
Now, if they're involved in something illegal - not annoying/immoral - then I'd like to see that argument made; however, the argument KnujOn currently makes is "we don't agree with how you're running your business, so we think you should be put out of business."
That, I believe, is pretty fucking stupid.
Since when is the news that a GoDaddy sister company called "Wild West" doesn't have the most stringent anti-spam procedures surprising? The only surprise is that they weren't on the list already.
"...risk loosing accreditation..." It teh innernet speling!
Comment removed based on user account deletion
Subscribers get to see articles before they are posted on the main site (but they can't comment on them till they go live). To make it obvious that these were stories that havn't gone live yet, they are displayed with a red title. At some point in the transition to the new firehose-integrated index page, this code was broken and now sometimes live stories will be displayed with the red title. It's been like this for months, however, it appears that the slashdot team would rather spend time ruining the profile pages than fixing bugs in the (otherwise promising) index page.
Comment removed based on user account deletion
One responsibility of a registrar is to try to stop fraudulent domain sales.
In this case, some of these companies (Xin Net in particular) keep allowing the same spammers with the same obviously fake Whois info keep registering new domains. And Xin Net has suspended domains when KnujOn and others report them, and shortly afterwards, give them back to the same spammers.
"Beijing Innovative Networks and Joker were issued Breach Notices by ICANN. They were basically told to clean up their operation or risk loosing accreditation"
Loose accreditation? I thought that was the cause in the first place!
I think you should protest by forwarding them all of your spam.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
I attempted over the last year to document much of eNom's complicit nature towards their spammer customers, using verifiable independent references on wikipedia.
However, Demand Media's PR person eventually arrived on the scene and started rewriting the page, whitewashing and massaging references to spam and the stats as their pertain to their top-tier status on the URIBL, etc.
Said PR person also added all kinds of fluffy corporate marketing garbage such as an "awards and accreditations" section.
To make matters worse they have a couple Wiki admin buddies that let them have the final say on the white washed version. The original IP address of their corporate cleaner (goes by Thirdbeach) is an IP address at Demand Media.
Scum.
Sounds like someone makes a lot of money off of spam...
Don't you wish your girlfriend was a geek like me?
Who cares? I do. A lot of people do. You, on the other hand, seem to have an investment in keeping spamming easy and cheap. Let me guess where your paycheck comes from...
Don't you wish your girlfriend was a geek like me?
I notice that #3 is Network Solutions. Then I look at the graphs, and they aren't listed at all. Are they using a different name for them in the graphs?
More likely that XiNet is left untouched is probably because its owners are well connected (politically) It's near impossible to run any decent size business in china without being well connected in some ways.
and low-visibility sites don't need second level domains
Long-lasting websites need domains at whatever level puts them outside the control of a single ISP or ASP. If that's the second level, then that means they need SLDs. If there's a third level that you can just register a domain under without being tied to a given ISP (eg, state.us), then they need that kind of third level domain.
The thing is, if you made SLDs unaffordable, then there would be a demand for reliable third-level registrars, and many many people would switch to using reliable 3LD registrars, and the same problem would exist at the third level instead of the second.
Quoting Douglas Adams, "To summarize the summary, people are the problem."
if they're involved in something illegal
A lot of spam currently involves the illegal sale of (often bogus or counterfeit) drugs and (usually pirated) software. the registrars know this, too. But they continue to do business with these criminals anyways - why? Because they make money off of it, of course.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
It made the list woohoo!!
The thing is, if you made SLDs unaffordable, then there would be a demand for reliable third-level registrars, and many many people would switch to using reliable 3LD registrars, and the same problem would exist at the third level instead of the second.
Yes, but then you'd have an easy way to identify domains from a spam-friendly registrar: just look at the 3LDN. You can't do that with 2LDNs registered by Wild West (not without a whois lookup, which adds too much overhead) and even if you could, you'd end up filtering a lot of innocent sites.
Anyway, I question your definition of $50/year as "unaffordable." Even annual hosting costs on a minimal web site are more than that. Most people who maintain real web sites could easily afford it. A few would switch to third-level rather than spend that much money just to have a 2LDN for their blog or vanity site. (Though, come to think of it, most blogs already use 3LDNs.) But that's not a matter of affordability, that's a matter of how much something is worth to you.
I actually do something similar for my greylisting solution, scraping the SpamCop top offending /24 CIDR blocks and giving them a longer grey-time. It helps cut down on spam drastically.
I also do something similar within SpamAssassin, giving anything in APNIC an extra 0.5 points (with bayes and net). Here's that SA rule if you like:
As mentioned by earlier posts here, there are just too many hosts to implement a straight-up blacklist hack like the two I just mentioned. We'd need some easier whois lookup or URIBL mechanism to deal with this. And those registrars are BIG and surely likely to have legitimate sites hosted too, so it must be in its own SpamAssassin test with a lower score.
Use my userscript to add story images to Slashdot. There's no going back.
Good to see that more people are starting to pay attention to the role that registrars play in the spamming epidemic that is affecting everyone who uses the internet. Now that people are starting to shine a light on some of the crooked registrars maybe there will be incentive for them to clean up their act.
It's just too bad that these bumbling idiots are the ones tasked with trying to make the registrars fly straight.
Now if we could get some control of the ISPs and hosting companies, we could make some forward progress from the other end as well...
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Demanding the registrar to cut off spam is as nonsensical as telling a computer company to stop selling hardware to people who can't secure it. It's a profitable business, the end.
The ONLY solution to elimination of spam is to stop it from being profitable vis a vis elimination of demand for its products.
Just a second while I head over to the eugenics lab and get the ball rolling, ok?
Yes, but then you'd have an easy way to identify domains from a spam-friendly registrar: just look at the 3LDN.
You mean like .co.uk?
and even if you could, you'd end up filtering a lot of innocent sites
Um, why would you not expect that to be a problem for 3LD registrars?
Anyway, I question your definition of $50/year as "unaffordable."
Oh, sorry, I thought that was just an example. If you want to keep spammers from buying and throwing away domains you need to make it too expensive for them, and I doubt $50 would be enough to do the job... and once you get the price high enough to deter spammers, it's going to deter non-spammers as well.
Um, why would you not expect that to be a problem for 3LD registrars?
Because if everybody's getting spam from *.welovespam.com, nobody's going to want to register in that namespace.
If you want to keep spammers from buying and throwing away domains you need to make it too expensive for them, and I doubt $50 would be enough to do the job... and once you get the price high enough to deter spammers, it's going to deter non-spammers as well.
To be honest, I suppose I'm really bitching about the fact that people decided that registration costs were too high, and bitched about it until the marketplace was made competitive. This meant you could renew your domain for a small annual fee, but also that you can't get a really useful domain name without paying a lot of money to a squatter. Ironic, no?
But back to spammers. Spam is profitable because there's almost no overhead. Obviously it's true for the cost of sending out the spam, but it's also true for domain registrations. Never mind the $10/year that most people pay. Anybody who needs a lot of disposable domains can register them in bulk for pennies each.
I suppose I should be arguing that all domains should cost $10, no matter what. That would certainly make it less cost effective to use disposable domains. (Or maybe not. Spamming is pretty profitable.) But for me, the $50 figure always comes to mind, because I remember everybody whining about it when Network Solutions had a monopoly and that's what they charged. People didn't complain because it was a lot of money (it's not). They complained because it was obviously mostly profit, and that ticked them off.
I saw that this article is tagged:
...and I immediately heard that British waitress saying "Well, there's spam-it-spam-story, that's not got much spam in it." Wow I need to go outside more often.
FATMOUSE + YOU = FATMOUSE
Because if everybody's getting spam from *.welovespam.com, nobody's going to want to register in that namespace.
With Tucows and other people offering reseller-in-a-box packages, you really would just be pushing the problem one level down. It wouldn't be "*.welovespam.com", it would be a "*.cool.com" that had 30,000 legitimate domains by the time one of their resellers turned pink.
But for me, the $50 figure always comes to mind, because I remember everybody whining about it when Network Solutions had a monopoly and that's what they charged.
I recall paying $35 a year to Network Solutions, not $50. Which is why $50 seemed like an example. It doesn't mean anything to me.
Oh well, OK then. I still want to go back to expensive domain names (I'll see to it after I've finished selling skis to Satan) but I'll concede that it probably wouldn't impact spam much. Then again, nothing will, short of a meaningful ID infrastructure so that somebody who wants to send you email has to actually identify themselves. So all this ranting against "spam-friendly" service providers is really silly.
$50 was the price charged by NS when .com and the other major domains were first invented. I forget when they lowered the fee, (1995?) but as I recall they lowered it to $35 in an effort to head off attempts to end their monopoly.
Extending the TCPA to cover spam, so you could sue spammers in small claims court for $250/incident, like you can sue telemarketers, would probably do the trick. But it'll never happen.
Where's the list of the white-hat Registrars? I've got my two personal domains coming up for renewal.
How do you bring somebody to small claims court who lives in Russia or Nigeria? How do you even trace the origin of spam from a botnet?
Paycheck comes from send emailing of course!
Spam filters have ruined email for everyone. We need freaken guaranteed email.
Long Live Email!
The biggest source of spam is the united states. If you could effectively eliminate US spam it would have a huge and permanent impact on the spamosphere.
You don't need to trace the origin cold, or even at all. For a spammer to make money he has to tell the customer how to find him. You follow the money.