KnujOn Updates Top 10 Spam-Friendly Registrars List

alphadogg writes "Some companies are more popular than others for spammers wanting to register their domain names. Spam-fighting organization KnujOn has updated its report on the top 10 registrars whose customers are linked to spam and other illicit activity. (We discussed the original report last year.) These 10 companies registered 83% of the domains spammed in KnujOn's sample of spam between June and January. KnujOn found that some companies have cleaned up their act in recent months and that others — most surprisingly, Network Solutions and GoDaddy sister company Wild West domains — have popped up on the list. At the top of KnujOn's list, for the second time in a row, is Xinnet.com, a Chinese registrar linked to more than 3 million spam messages. KnujOn recommends that ICANN threaten to pull Xinnet's accreditation, as it did for some of the offenders on the previous list."

Re:Blacklisting registrars

[MightyYar]

I don't need my personal email suddenly being marked as spam on accident because my domains are through one of those registars.

I don't think it would work like that... this isn't a list of where the spam comes from... that is presumably bot nets. This is a list of what domains are being advertised in the spam. So, you'd look up the registrar of each domain mentioned in an email. If the registrar is a big spammer, you'd give them a few extra points toward their spam score. Wild West wouldn't get too much of a penalty, since only 0.36% of their domains are spamvertised. On the other hand, anything mentioning a "Planet Online" domain is much more likely to be a spam message... a whopping 39% of their domains have been spammed.

The only way this would harm you is if you send out bulk email to your customers, they are somewhat spam-like, and they don't have you whitelisted.

Re:It's Not the Registrars, it's the System

[MightyYar]

Maybe some registrars are more spam-friendly than others, but as long as domains are so absurdly cheap, there's not a lot registrars can do to prevent abuse.

They can have an automated call-back system like my bank does... that way even if the credit card they are using is stolen, they'd still have to provide a phone number each time they register a domain.

It would be trivial to track purchasing behavior based on phone numbers, and this would force spammers to somehow get access to a new phone number each time... raising their cost somewhat.