Latest news of the domain name industry

Recent Posts

AlpNames died months ago. Why is it still the “most-abused” registrar?

Kevin Murphy, December 6, 2019, 21:58:44 (UTC), Domain Registrars

Despite going out of business, being terminated by ICANN, and losing all its domains several months ago, defunct AlpNames is still being listed as the world’s most-abused registrar by a leading spam-fighting organization.

SpamHaus currently ranks the Gibraltar-based company as #1 on its list of the “The 10 Most Abused Domain Registrars”, saying 98.7% of its domains are being used to send spam.

But AlpNames customers and regular DI readers will recall that AlpNames mysteriously went titsup in March, then got terminated by ICANN, then had its entire customer base migrated over to CentralNic in April.

So what’s this about?

SpamHaus

I asked SpamHaus earlier this week, and it turns out that Whois query throttling is to blame.

It seems SpamHaus only pings Whois to update the registrar associated with a specific domain when the domain expires, or the name servers change, or where it’s a new registration with an unknown registrar.

I gather that when CentralNic took over AlpNames’ customer base, it did so with all the original name server information intact.

So, SpamHaus’ database still associates the domains with AlpNames even though it’s been out of business for the better part of a year.

A SpamHaus spokesperson said:

This is a very unusual situation, as a huge majority of the domains that contribute to the Top 10 list in question are created, abused, and burnt quickly; meaning a change of registrar is exceptionally rare. However, in the case of these particular domains registered with AlpNames we can only assume that the sheer volume of unused domains was too high for the owner to use in one single hit.

The actual number of “AlpNames” domains rated as spammy by SpamHaus is pretty low — 1,976 of the 2,002 domains it saw were rated as “bad”.

GMO, at #4 on the list, had over 40,000 “bad” domains, but a lower percentage given the larger number of total domains seen.

Tagged: , , , , ,

Comments (2)

  1. Rubens Kuhl says:

    If those names are not in .com/.net/.jobs, which are still thin registries, that is indeed possible. But in most abuse feeds I look, .com is the prevalent TLD… so it would be interesting to look into specifics.

  2. TH says:

    I believe the lion’s share of AlpNames domains were in the 4 FFM ngTLDs, registered for their spam / phishing business model. If memory serves (and it’s a bit foggy now), AlpNames’ whois server rarely if ever functioned.

Add Your Comment