Latest news of the domain name industry

Recent Posts

ICANN urged to crack down on new gTLD abuse

Kevin Murphy, November 29, 2017, Domain Registries

Registries selling dirt-cheap new gTLD domains should be rewarded with lower ICANN fees when they get proactive about abuse, while registrars that turn a blind eye to spammers should be suspended, an ICANN working group will recommend.

In its second batch of findings, the Competition, Consumer Trust, and Consumer Choice Review Team (CCT) said that financial incentives and a new complaints procedure should be used to persuade registries and registrars to fight DNS abuse.

The CCT said it “proposes the development of incentives to reward best practices preventing technical DNS abuse and strengthening the consequences for culpable or complacent conduits of technical DNS abuse” in a paper published today.

The review, which drew on multiple sources of market and abuse data, original research, and analysis of third-party research, is probably the most comprehensive study into the impact of the new gTLD program to date.

It concluded that overall rates of DNS abuse did not increase as a result of the program, but that bad actors are increasingly migrating away from legacy gTLDs such as .com to 2012-round TLDs such as .top, .gdn and Famous Four Media’s stable.

Indeed, much of the paper appears to be a veiled critique of FFM’s practices.

The registrar AlpNames, known to be affiliated with FFM and responsible for most of its retail sales, is singled out as the currently accredited registrar particularly favored by abusers.

The CCT report notes that AlpNames regularly sells domains for under $1, or gives them away for free, and offered a tool allowing registrants to randomly generate up to 2,000 available domains in 27 different gTLDs, pretty much inviting abuse.

“Certain registries and registrars appear to either positively encourage or at the very least willfully ignore DNS abuse. Such behavior needs to be identified rapidly and action
must be taken by ICANN compliance as deemed necessary,” the paper says.

The review found that gTLDs with no registration restrictions and the lowest prices had the most abuse. Duh.

“Generally, the DNS Abuse Study indicates that the introduction of new gTLDs did not increase the total amount of abuse for all gTLDs,” its report says. “[F]actors such as registration restrictions, price, and registrar-specific practices seem more likely to affect abuse rates.”

Drawing on data provided by 11 domain block-lists (SURBL, SpamHaus, etc), the paper states that at least one TLD (FFM’s .science) had an abuse rate excess of 50%.

Using SpamHaus data, the paper identities FFM’s .science, .stream, .trade, .review, .download and .accountant as having over 10% abuse during the period of its study. Also on that list: Uniregistry’s low-price .click and the China-based .top and .gdn.

One thing they all have in common is that AlpNames is a leading registrar, usually accounting for at least a quarter of domains under management.

There’s no way AlpNames/FFM is not aware of the amount of bad actors in its customer base, the question is what can ICANN do about it?

The CCT team recommends that registries and registrars with over 10% of their names used for abusive purposes should be tasked by ICANN with proactively cleaning up their zones. Those that fail to do so should be subject to a new Domain Abuse Dispute Resolution Process, it said.

These companies should have their contracts suspended when they’re “associated with unabated, abnormal and extremely high rates of technical abuse”, the report recommends.

There’s a big boilerplate specifying, tellingly, that registry operators that control registrars are affected by this recommendation too.

It should be noted that there was not a full consensus of support for the idea of a DADRP. Half a dozen working group members filed minority statements opposing it.

It’s not all stick in the report, however. There’s some carrot, too.

The CCT report recommends financial incentives such as fee reductions for registries that have “proactive anti-abuse measures” in place.

It noted that there is precedent for ICANN doing this kind of thing when it implemented an anti-tasting policy that seriously restricted registrars’ ability to get registry refunds.

The CCT Review Team was formed to figure out what impacts the 2012 new gTLD round had on the domain name market.

The completion of its work is one of several gating factors to the next new gTLD application round under ICANN’s new bylaws and the old Affirmation of Commitments with the US government.

It published initial recommendations earlier this year. This new set of recommendations is now open for public comment until January 8.

Schilling, Famous Four rubbish Spamhaus “worst TLD” league

Kevin Murphy, March 17, 2016, Domain Registries

Uniregistry and Famous Four Media have trashed claims by Spamhaus that their gTLDs are are much as 75% spam.

FFM says it is “appalled” by the “wholly inaccurate” claims, while Uniregistry boss Frank Schilling said Spamhaus has “totally jumped the shark here.”

In a statement to DI today, FFM chief legal officer Oliver Smith said the spam-fighting organization’s recently launched World’s Worst TLDs list is “reckless”, adding that the numbers are:

not only wholly inaccurate, but are misleading and, potentially, injurious to the reputation of Famous Four Media and those TLDs it manages. It is particularly worrisome that Spamhaus’s “findings” seem to have been taken as gospel within certain corners of the industry, despite not being proffered with any analytical methodology in support of the same.

The Spamhaus report, which is updated daily, presents the 10 TLDs that are more spam than not.

The rank is based on a percentage of domains seen by Spamhaus that Spamhaus considers to be “bad” — that is, are advertised in spam or carry malware.

Today, Uniregistry’s .diet tops the chart with “74.4% bad domains”, but the scores and ranks can and do shift significantly day by day.

Spamhaus describes its methodology like this:

This list shows the ratio of domains seen by the systems at Spamhaus versus the domains our systems profile as spamming or being used for botnet or malware abuse. This is also not a list that retains a long history, it is a one-month “snapshot” of our current view.

The words “seen by the systems at Spamhaus” are important. If a domain name never crosses Spamhaus’s systems, it isn’t counted as good or bad. The organization is not running the whole zone file against its block-list to check what the empirical numbers are.

In important ways, the Spamhaus report is similar to the discredited Blue Coat report into “shady” TLDs last September, which was challenged by myself and others.

However, in a blog post, Spamhaus said it believes its numbers are reflective of the TLDs as a whole:

In the last 18-years, Spamhaus has built its data gathering systems to have a view of most of the world’s domain traffic. We feel the numbers shown on this list are representative of the actual full totals.

I disagree.

In the case of .diet, for example, if 74% of the full 19,000-domain zone was being used in spam, that would equate to 14,000 “bad” domains.

But the .diet zone is dominated by domains owned by North Sound Names, the Frank Schilling vehicle through which Uniregistry markets its premium names.

NSN snapped up well over 13,000 .diet names at launch, and Schilling said today that NSN owns north of 70% of the .diet zone.

That would mean either Uniregistry is a spammer, or Spamhaus has no visibility into the NSN portfolio and its numbers are way the hell off.

“Spamhaus’ assertion that 74% of the registrations in the .diet space are spam is a numerical impossibility,” Schilling said. “They totally jumped the shark here.”

NSN’s domains don’t send mail, he said.

He added that diet-related products are quite likely to appear in spam, which may help account for Spamhaus’s systems identifying .diet emails as spam. He said:

Spamhaus is a high-minded organization and we applaud their efforts but this report is so factually inaccurate it casts into doubt the validity of everything they release. Spamhaus should be smarter than this and at a minimum consult with registries (our door is open) to gain a better understanding of the subject matter they wrongly profess to be expert in.

Similarly, FFM’s .review gTLD was briefly ranked last week as the “worst” gTLD at 75.1% badness. With 66,000 domains, that would mean almost 50,000 names are spammy.

Yet it appears that roughly 25,000 .review domains are long-tail geo names related to the hotels industry, registered by a Gibraltar company called A Domains Limited, which appears to be run by AlpNames, the registry with close ties to FFM itself.

Again, if Spamhaus’s numbers are accurate, that implies the registrar and/or registry are spamming links to content-free placeholder web sites.

FFM’s Smith says the registry has been using Spamhaus data as part of its internal Registry Abuse Monitoring tool, and that its own findings show significantly less spam. Referring to .review’s 75% score, he said:

This simply does not accord with FFM’s own research, which relies heavily on data made available by Spamhaus. The reality is that, in reviewing registration data for the period 8 February to 8 March 2016, only 4.8% of registered domains have been blacklisted by Spamhaus – further, it is questionable as whether every single such listing is wholly merited. When reviewing equivalent data for the period of 1 January to 8 March 2016 across ALL FFM managed TLDs this rate averages out to a mere 3.2%.

I actually conducted my own research into the claims.

Between March 8 and March 15, I ran the whole .review zone file through the Spamhaus DBL and found 6.9% of the names were flagged as spam.

My methodology did not take account of the fact that Spamhaus retires domains from its DBL after they stop appearing in spam, so it doesn’t present a perfect apples-to-apples comparison with Spamhaus, which bases its scoring on 30 days of data.

All told, it seems Spamhaus is painting a much bleaker picture of the amount of abuse in new gTLDs than is perhaps warranted.

During ICANN meetings last week and in recent blog comments, current and former executives of rival registries seemed happy to characterize new gTLD spam as a Famous Four problem rather than an industry problem.

That, despite the fact that Uniregistry, Minds + Machines and GMO also feature prominently on Spamhaus’s list.

I would say it’s more of a low prices problem.

It’s certainly true that FFM and AlpNames are attracting spammers by selling domains for $0.25 wholesale or free at retail, and that their reputations will suffer as a result.

We saw it with Afilias and .info in the early part of the last decade, we’ve see it with .tk this decade, and we’re seeing it again now.

AlpNames claims to be second-largest new gTLD registrar

A little-known registrar with close ties to Famous Four Media says it is now the second-largest seller of new gTLD domains, after Go Daddy.

AlpNames said it has 500,000 new gTLD domains under management, overtaking Network Solutions into the number-two position.

Its number for February, the last month for which registry reports are available, has the registrar with a DUM of under 50,000.

The vast majority of the names it sells or gives away are in gTLDs in the Famous Four portfolio — namely .science, .party and .webcam.

It’s currently selling those for $0.49 each, a $0.24 markup on the current promotional registry fee.

Factoring out the ICANN transaction fee, AlpNames has a margin of just a few cents per name.

Previously, it has given away .science names for free.

AlpNames is Famous Four’s neighbor in Gibraltar and owns domains such as register.science, indicating a very close relationship between the two companies.