KnujOn Updates Top 10 Spam-Friendly Registrars List

alphadogg writes "Some companies are more popular than others for spammers wanting to register their domain names. Spam-fighting organization KnujOn has updated its report on the top 10 registrars whose customers are linked to spam and other illicit activity. (We discussed the original report last year.) These 10 companies registered 83% of the domains spammed in KnujOn's sample of spam between June and January. KnujOn found that some companies have cleaned up their act in recent months and that others — most surprisingly, Network Solutions and GoDaddy sister company Wild West domains — have popped up on the list. At the top of KnujOn's list, for the second time in a row, is Xinnet.com, a Chinese registrar linked to more than 3 million spam messages. KnujOn recommends that ICANN threaten to pull Xinnet's accreditation, as it did for some of the offenders on the previous list."

It's Not the Registrars, it's the System

[fm6]

Maybe some registrars are more spam-friendly than others, but as long as domains are so absurdly cheap, there's not a lot registrars can do to prevent abuse. If they freeze one domain, the spammer or phisher or whatever just spends a few bucks to get another one.

Ever get spam from Continental Who's Who? They use a different domain name with every daily email!

Not that I think it will ever happen, but I'd dearly love to go back to when domain registration was a monopoly, and a second level domain cost you $50 a year. That's not a lot compared to the cost of maintaining a high-visibility web site — and low-visibility sites don't need second level domains. This situation ended when people started whining about getting "ripped off" by registrars. Opening up competition brought registration fees down, but it also destroyed service levels and enabled another kind of ripoff: squatters who can afford to register thousands of domains on the off chance that somebody might be willing to pay a few thousand bucks to use them.

We don't like you so pull their accreditation

[LordKaT]

While I'm not saying that spam is good by any means, the argument of "we don't like you so ICANN should pull your accreditation" is a fairly stupid one.

Now, if they're involved in something illegal - not annoying/immoral - then I'd like to see that argument made; however, the argument KnujOn currently makes is "we don't agree with how you're running your business, so we think you should be put out of business."

That, I believe, is pretty fucking stupid.

Re:We don't like you so pull their accreditation

[MightyYar]

IIRC, the contractual basis that they are going after is whois records. The spam-friendly registrars obviously have fraudulent whois records, which is a breach of their contract with ICANN.

Spammers will not have legit whois records because this would probably result in their arrest :)

Comment removed

[account_deleted]

Comment removed based on user account deletion

I'd love to see this in SpamAssassin or a URIBL

[Khopesh]

I actually do something similar for my greylisting solution, scraping the SpamCop top offending /24 CIDR blocks and giving them a longer grey-time. It helps cut down on spam drastically.

I also do something similar within SpamAssassin, giving anything in APNIC an extra 0.5 points (with bayes and net). Here's that SA rule if you like:

header KHOP_THRU_APNIC Received =~ /[^0-9.](?:5[89]|6[01]|12[456]|20[23]|21[0189]|22[012])(?:\.[012]?[0-9]{1,2}){3}(\]|\)| )/
describe KHOP_THRU_APNIC Received through a relay in Asia/Pacific Network
score KHOP_THRU_APNIC 0.4 0.2 0.9 0.5 # lowered for autolearn and use w/ BLs

As mentioned by earlier posts here, there are just too many hosts to implement a straight-up blacklist hack like the two I just mentioned. We'd need some easier whois lookup or URIBL mechanism to deal with this. And those registrars are BIG and surely likely to have legitimate sites hosted too, so it must be in its own SpamAssassin test with a lower score.