KnujOn Updates Top 10 Spam-Friendly Registrars List

← Back to Stories (view on slashdot.org)

KnujOn Updates Top 10 Spam-Friendly Registrars List

Posted by kdawson on Friday February 6, 2009 @05:33AM from the naming-and-shaming dept.

alphadogg writes "Some companies are more popular than others for spammers wanting to register their domain names. Spam-fighting organization KnujOn has updated its report on the top 10 registrars whose customers are linked to spam and other illicit activity. (We discussed the original report last year.) These 10 companies registered 83% of the domains spammed in KnujOn's sample of spam between June and January. KnujOn found that some companies have cleaned up their act in recent months and that others — most surprisingly, Network Solutions and GoDaddy sister company Wild West domains — have popped up on the list. At the top of KnujOn's list, for the second time in a row, is Xinnet.com, a Chinese registrar linked to more than 3 million spam messages. KnujOn recommends that ICANN threaten to pull Xinnet's accreditation, as it did for some of the offenders on the previous list."

11 of 80 comments (clear)

Min score:

Reason:

Sort:

Re:Blacklisting registrars by MightyYar · 2009-02-06 06:14 · Score: 4, Interesting

I don't need my personal email suddenly being marked as spam on accident because my domains are through one of those registars.

I don't think it would work like that... this isn't a list of where the spam comes from... that is presumably bot nets. This is a list of what domains are being advertised in the spam. So, you'd look up the registrar of each domain mentioned in an email. If the registrar is a big spammer, you'd give them a few extra points toward their spam score. Wild West wouldn't get too much of a penalty, since only 0.36% of their domains are spamvertised. On the other hand, anything mentioning a "Planet Online" domain is much more likely to be a spam message... a whopping 39% of their domains have been spammed.
The only way this would harm you is if you send out bulk email to your customers, they are somewhat spam-like, and they don't have you whitelisted.

--
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
It's Not the Registrars, it's the System by fm6 · 2009-02-06 06:16 · Score: 3, Insightful

Maybe some registrars are more spam-friendly than others, but as long as domains are so absurdly cheap, there's not a lot registrars can do to prevent abuse. If they freeze one domain, the spammer or phisher or whatever just spends a few bucks to get another one.
Ever get spam from Continental Who's Who? They use a different domain name with every daily email!
Not that I think it will ever happen, but I'd dearly love to go back to when domain registration was a monopoly, and a second level domain cost you $50 a year. That's not a lot compared to the cost of maintaining a high-visibility web site — and low-visibility sites don't need second level domains. This situation ended when people started whining about getting "ripped off" by registrars. Opening up competition brought registration fees down, but it also destroyed service levels and enabled another kind of ripoff: squatters who can afford to register thousands of domains on the off chance that somebody might be willing to pay a few thousand bucks to use them.
1. Re:It's Not the Registrars, it's the System by MightyYar · 2009-02-06 06:33 · Score: 3, Interesting
  
  Maybe some registrars are more spam-friendly than others, but as long as domains are so absurdly cheap, there's not a lot registrars can do to prevent abuse.
  They can have an automated call-back system like my bank does... that way even if the credit card they are using is stolen, they'd still have to provide a phone number each time they register a domain.
  It would be trivial to track purchasing behavior based on phone numbers, and this would force spammers to somehow get access to a new phone number each time... raising their cost somewhat.
  
  --
  W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
2. Re:It's Not the Registrars, it's the System by Coopjust · 2009-02-06 06:33 · Score: 4, Informative
  
  Abuse WILL happen, but Xin Net went beyond having a lot of people registering spam domains with it. They would suspend domains when KnujOn and others asked, and would then give them back to the spammers. Additionally, Xin Net keeps letting the SAME abusive customers with the same WHOIS data keep registering new domains.
3. Re:It's Not the Registrars, it's the System by fm6 · 2009-02-06 07:24 · Score: 2, Informative
  
  It would be trivial to track purchasing behavior based on phone numbers, and this would force spammers to somehow get access to a new phone number each time... raising their cost somewhat.
  http://www.tossabledigits.com/
Re:We don't like you so pull their accreditation by MightyYar · 2009-02-06 06:39 · Score: 3, Insightful

IIRC, the contractual basis that they are going after is whois records. The spam-friendly registrars obviously have fraudulent whois records, which is a breach of their contract with ICANN.
Spammers will not have legit whois records because this would probably result in their arrest :)

--
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
Comment removed by account_deleted · 2009-02-06 06:44 · Score: 3, Insightful

Comment removed based on user account deletion
Bug by pavon · 2009-02-06 06:46 · Score: 2, Informative

Subscribers get to see articles before they are posted on the main site (but they can't comment on them till they go live). To make it obvious that these were stories that havn't gone live yet, they are displayed with a red title. At some point in the transition to the new firehose-integrated index page, this code was broken and now sometimes live stories will be displayed with the red title. It's been like this for months, however, it appears that the slashdot team would rather spend time ruining the profile pages than fixing bugs in the (otherwise promising) index page.
Comment removed by account_deleted · 2009-02-06 06:51 · Score: 4, Informative

Comment removed based on user account deletion
DON'T Protest KnujOn by Coopjust · 2009-02-06 06:51 · Score: 3, Informative

One responsibility of a registrar is to try to stop fraudulent domain sales.

In this case, some of these companies (Xin Net in particular) keep allowing the same spammers with the same obviously fake Whois info keep registering new domains. And Xin Net has suspended domains when KnujOn and others report them, and shortly afterwards, give them back to the same spammers.
I'd love to see this in SpamAssassin or a URIBL by Khopesh · 2009-02-06 08:19 · Score: 2, Insightful

I actually do something similar for my greylisting solution, scraping the SpamCop top offending /24 CIDR blocks and giving them a longer grey-time. It helps cut down on spam drastically.
I also do something similar within SpamAssassin, giving anything in APNIC an extra 0.5 points (with bayes and net). Here's that SA rule if you like:

header KHOP_THRU_APNIC Received =~ /[^0-9.](?:5[89]|6[01]|12[456]|20[23]|21[0189]|22[012])(?:\.[012]?[0-9]{1,2}){3}(\]|\)| )/ describe KHOP_THRU_APNIC Received through a relay in Asia/Pacific Network score KHOP_THRU_APNIC 0.4 0.2 0.9 0.5 # lowered for autolearn and use w/ BLs

As mentioned by earlier posts here, there are just too many hosts to implement a straight-up blacklist hack like the two I just mentioned. We'd need some easier whois lookup or URIBL mechanism to deal with this. And those registrars are BIG and surely likely to have legitimate sites hosted too, so it must be in its own SpamAssassin test with a lower score.

--
Use my userscript to add story images to Slashdot. There's no going back.