Latest news of the domain name industry

Recent Posts

SpamHaus ranks most-botted TLDs and registrars

Kevin Murphy, January 9, 2018, Domain Registrars

Namecheap and Uniregistry have emerged as two of the most-abused domain name companies, using statistics on botnet command and control centers released by SpamHaus this week.

SpamHaus data shows that over a quarter of all botnet C&Cs found during the year were using NameCheap as their registrar.

It also shows that almost 1% of domains registered in Uniregistry’s .click are used as C&Cs.

The spam-fighting outfit said it discovered “almost 50,000” domains in 2017 that were registered for the purpose of controlling botnets.

Comparable data for 2016 was not published a year ago, but if you go back a few years, SpamHaus reported that there were just 3,793 such domains in 2014.

Neither number includes compromised domains or free subdomains.

The TLD with the most botnet abuse was of course .com, with 14,218 domains used as C&C servers. It was followed by Directi’s .pw (8,587) and Afilias’ .info (3,707).

When taking into account the relative size of the TLDs, SpamHaus fingered Russian ccTLD .ru as the “most heavily abused” TLD, but its numbers don’t ring true to me.

With 1,370 botnet controllers and about five and a half million domains, .ru’s abused domains would be around 0.03%.

But if you look at .click, with 1,256 botnet C&Cs and 131,000 domains (as of September), that number is very close to 1%. When it comes to botnets, that’s a high number.

In fact, using SpamHaus numbers and September registry reports of total domains under management, it seems that .work, .space, .website, .top, .pro, .biz, .info, .xyz, .bid and .online all have higher levels of botnet abuse than .ru, though in absolute numbers some have fewer abused domains.

In terms of registrars, Namecheap was the runaway loser, with a whopping 11,878 domains used to control botnets.

While SpamHaus acknowledges that the size of the registrar has a bearing on abuse levels, it’s worth noting that GoDaddy — by far the biggest registrar, but well-staffed with over-zealous abuse guys — does not even feature on the top 20 list here.

SpamHaus wrote:

While the total numbers of botnet domains at the registrar might appear large, the registrar does not necessarily support cybercriminals. Registrars simply can’t detect all fraudulent registrations or registrations of domains for criminal use before those domains go live. The “life span” of criminal domains on legitimate, well-run, registrars tends to be quite short.

However, other much smaller registrars that you might never have heard of (like Shinjiru or WebNic) appear on this same list. Several of these registrars have an extremely high proportion of cybercrime domains registered through them. Like ISPs with high numbers of botnet controllers, these registrars usually have no or limited abuse staff, poor abuse detection processes, and some either do not or cannot accept takedown requests except by a legal order from the local government or a local court.

The SpamHaus report, which you can read here, concludes with a call for registries and registrars to take more action to shut down repeat offenders, saying it is “embarrassing” that some registrars allow perpetrators to register domains for abuse over and over and over again.

Amid Ukraine crisis, Russia scared ICANN might switch off its domains

Kevin Murphy, September 19, 2014, Domain Policy

Russia is reportedly worried that the current wave of Western sanctions against it may wind up including ICANN turning off its domain names.

According to a report in the local Vedomosti newspaper, the nation’s Security Council is to meet Monday to discuss contingency plans for the possibility of being hit by internet-based sanctions.

Part of the discussion is expected to relate to what would happen if the US government forced ICANN to remove the local ccTLDs — .ru, .рф, and the discontinued .su — from the DNS root, according to Vedomosti’s source.

The paper reports, citing a source, that “officials want to control the entire distribution system of domain names in RUnet entirely”. RUnet is an informal term for the Russian-language web.

The report goes on to explain that the government’s goal is not to isolate the Russian internet, but to ensure it remains functioning within the country if its ccTLDs are cut off in the rest of the world.

Russia has been hit by sanctions from the US and Europe in recent months due to its involvement in the Ukraine crisis, but so far these have been of the regular economic kind.

Frankly, I find the possibility of the US government asking ICANN to intervene in this way — and ICANN complying — unlikely in the extreme. It would go dead against the current US policy of removing itself almost entirely from the little influence it already has over the root system.

Almost five million Russian domains registered

Kevin Murphy, September 19, 2012, Domain Registries

Coordination Center for TLD RU broke through the four-million-domain milestone for the Russian ccTLD .ru on Monday, according to a press release.

Including internationalized domain names under .РФ, of which there are 800,000, ccTLD.ru is managing closer to five million domains.

It took 11 months to grow from 3.5 million domains, according to the registry.

The .ru zone is the fifth-largest ccTLD, after .de, .tk, .uk, and .nl, according to Verisign’s last Domain Name Industry Brief.

Russians flee from IDN during first junk drop

Russia’s internationalized ccTLD, .РФ, lost 18% of its registered domains under management after its first launch anniversary, according to the registry.

Coordination Center for ccTLD said that the registry peaked at 954,012 names on December 28, but DUM had dropped to 779,264 by February 15, a 174,748 domain decline.

While the Center spun this as lower than expected – some experts had apparently predicted 25% to 30% of the early-adopter names would expire – it’s still relatively high.

Telnic deleted about 15% of its names during .tel’s first junk drop, the most recent in the gTLD space, for example.

The Russian registry has also made an eye-opening set of stats related to .РФ available on a new web site.

It reveals that just 33% of .РФ domains resolve to a web site (any web site, presumably including parking) while 29% do not even have name servers.

Little interest in Russian gTLDs?

Kevin Murphy, January 18, 2012, Domain Registries

Despite being given the opportunity to launch top-level domains in Cyrillic script, only a handful of companies from Russia are expected to apply to ICANN for new gTLDs.

That’s according to Andrey Kolesnikov, CEO of Coordination Center for TLD RU, which runs the country’s .ru and .РФ registries.

“There won’t be many applications from Russia, only from about 10 companies,” he said at a recent press conference, while estimating at least 1,000 applications overall.

Just 10 applicants is a surprisingly low estimate, given the resurgence of interest in Russian domain names in 2011.

The year-old .РФ (.rf, for Russian Federation) domain has been a roaring success in volume terms. Launched in late 2010, it now has about a million registered domains.

CC itself is planning to apply for .ДЕТИ, which means “.children” in Russian.

RU-Center, the largest Russian registrar, intends to apply for the city-gTLDs .МОСКВА and .moscow.

Other IDN-friendly nations may be more enthusiastic about new gTLDs. ICANN CEO Rod Beckstrom said last week that he heard that Indian companies could apply for as many as 100.