Latest news of the domain name industry

Recent Posts

Pirate Bay a victim as Go Daddy suspends hundreds of new gTLD domains

Kevin Murphy, February 25, 2014, Domain Registrars

New gTLDs may have only been in general availability for a few weeks, but there’s already evidence of substantial abuse.

Go Daddy has suspended at least 305 new gTLD domain names, putting them on its spam-and-abuse.com name servers, standard Go Daddy practice for domains suspected of abuse.

Over 250 of these were put on the naughty step in the last 24 hours.

The suspended names include, notably, thepiratebay.guru, which matches the name of controversial torrent site frequented by people who like downloading copyrighted material for free.

The Pirate Bay has been switching TLDs like crazy recently, as one ccTLD after another shuts down its latest attempt to find a reliable home.

The .guru domain is registered under Go Daddy’s Domains By Proxy privacy service, so it’s not clear if it actually belongs to The Pirate Bay or to an opportunistic third party.

Other suspended names include premium-looking names such as electric.guru, sexualhealth.guru, as well as obvious cybersquatted names such as verizon.guru (not registered to Verizon).

But the majority of the suspended names seem to belong to a single registrant in Washington state, all in .guru and largely “pigeon shit” names such as bestdrinksites.guru and bestfashionsites.guru.

While 305 seems like a large number (albeit only 0.2% of the current new gTLD names sold), it appears that so far a single individual is responsible for most of the “abuse” in new gTLDs.

ICANN cans “Spam King” registrar

Kevin Murphy, November 26, 2013, Domain Registrars

ICANN has terminated the registrar accreditation of Dynamic Dolphin, which it turned out was owned by self-professed “Spam King” Scott Richter.

The company has until December 20 to take down its ICANN logo and cease acting as a registrar.

ICANN, in its termination notice (pdf) late last week, said that it only became aware earlier this month that Richter was the 100% owner of Dynamic Dolphin.

Richter grew to fame a decade ago for being one of the world’s highest-profile spammers. He was sued for spamming by Microsoft and Myspace and was featured on the popular TV program The Daily Show.

As well as being a thoroughly unpleasant chap, he has a 2003 conviction for grand larceny, which should disqualify him from being the director of an ICANN-accredited registrar.

He removed himself as an officer on October 9 in response to ICANN’s persistent inquiries, according to ICANN’s compliance notice.

But he was much too late. ICANN has terminated the accreditation due to the “material misrepresentation, material inaccuracy, or materially misleading statement in its application”.

The question now has to be asked: why didn’t ICANN get to this sooner? In fact, why was Dynamic Dolphin allowed to get an accreditation in the first place?

Former Washington Post security reporter Brian Krebs has been all over this story for five years.

Back in 2008, with a little help from anti-spam outfit KnujOn, he outed Richter’s links to Dynamic Dolphin when it was just a Directi reseller.

Yesterday, Krebs wrote a piece on his blog going into a lot of the background.

Another question now is: which registrar is going to risk taking over Dynamic Dolphin’s registrations?

As of the last registry reports, Dynamic Dolphin had fewer than 25,000 gTLD domains under management.

According to ICANN’s termination notice, 13,280 of these use the company’s in-house privacy service, and 9,933 of those belong to just three individuals.

According to DomainTools, “Dynamic Dolphin Inc” is listed as the registrant for about 23,000 names.

According to KnujOn’s research and Krebs’s reporting, the registrar was once among the most spam-friendly on the market.

Directi fighting “massive” .pw spam outbreak

Recently relaunched budget TLD .pw is being widely abused by spammers already, but registry manager Directi said it’s enforcing a “zero tolerance” policy.

Anti-spam software makers and users have over the last week reported a “massive” increase in email spam from .pw domain names.

Security giant Symantec reports that .pw jumped to #4 in its rankings of TLDs used in spammed URLs in the week ending April 26.

Anti-spam vendor Fort even recommended its customers block the entire TLD at their mail gateways, blogging:

Since we have yet to see a legitimate piece of mail for the .pw domain but have recently seen massive amounts of spam from this domain, we are recommending that you block mail form this domain as soon as practical.

Anti-spam mailing lists have been full of people complaining about .pw spam, according to spam expert John Levine.

Our own TLD Health Check ranks .pw at #19 in abusive domains (which tracks phishing and malware domains rather than spam) for May, having not ranked it at all before April.

But Sandeep Ramchandani, head of Directi’s .PW Registry unit, told DI that the company has deactivated 4,000 too 5,000 .pw domains for breaching its anti-abuse policy.

He said that a single registrar was responsible for the majority of the abusive names, and that the registrar in question has had its discount revoked, resulting in newly registered domains from it going down to “almost nothing”.

“If you remove that registrar, the percentage of abusive names to non-abusive names is not alarming at all,” Ramchandani said.

He said the company has a “zero tolerance” approach to spam. It’s been communicating with many of its critics to let them know it’s on the case.

He noted that it’s not surprising that people are seeing more bad traffic from .pw than good — spammers tend to start using their domains immediately, whereas legitimate registrants take a bit longer.

Directi, which reported 50,000 names registered in the first three weeks of general availability last week, is now up to 100,000 names.

Many of the names were registered via the same aforementioned registrar, so more are likely to be turned off, Ramchandani said.

.pw is the ccTLD for Palau, but Directi brands it as “Professional Web”. It’s going for the budget end of the market, selling domains for less than .com prices even if you exclude discounts.

Beckstrom probed over bizarre spam complaint

Kevin Murphy, September 25, 2012, Domain Policy

ICANN’s Ombudsman looked into a complaint that former CEO Rod Beckstrom allegedly spammed community members the day after he left the organization, it has emerged.

Whoever filed the complaint evidently did not like Beckstrom one bit.

According to Ombudsman Chris LaHatte, who rejected the complaint, the complainant said:

I wish to file a formal complaint about the below SPAM originating from ICANN’s servers. Since Mr. Beckstrom has left yesterday it is clear that he cannot have had access to ICANN infrastructure any longer. If however this were the case, one would have to consider YET ANOTHER serious breach. In any case I do not wish to receive communications of any kind from this person, Mr. Beckstrom. Please confirm receipt of this complaint, commence an investigation and advise me of the outcome.

LaHatte found that the email in question was “a courteous farewell and introduction to the new CEO” sent to between 50 and 60 people, all movers and shakers in the ICANN community.

According to LaHatte, who blogged about the complaint today:

After discussing this matter with the ICANN staff, it is clear that this email was in fact not spam in the common meaning of the term. Spam is usually considered bulk emailing sent indiscriminately to very large numbers of recipients. By way of contrast, 60 emails specifically tailored for groups of recipients is hardly unusual within a large organisation such as ICANN.

I know Beckstrom was not a massively popular individual with some in the ICANN community, but this complaint seems to be way out of proportion for a simple unwanted email.

Somebody out there needs to take a chill pill.

Architelos launches new gTLD anti-abuse tool

Kevin Murphy, August 15, 2012, Domain Services

Architelos, having consulted on about 50 new gTLD applications, has refocused on its longer-term software-based game plan with the recent launch of a new anti-abuse tool for registries.

NameSentry is a software-as-a-service offering, currently being trialed by an undisclosed number of potential customers, designed to make it easier to track abusive domains.

Architelos gave us a demo of the web site yesterday.

The service integrates real-time data feeds from up to nine third-party blocklists – such as SURBL and SpamHaus – into one interface, enabling users to see how many domains in their TLD are flagged as abusive.

Users can then drill down to see why each domain has been flagged – whether it’s spamming, phishing, hosting malware, etc – and, with built-in Whois, which registrar is responsible for it.

There’s also the ability to generate custom abuse reports on the fly and to automate the sending of takedown notices to registrars.

CEO Alexa Raad and CTO Michael Young said the service can help streamline the abuse management workflow at TLD registries.

Currently, Architelos is targeting mainly ccTLDs – there’s more of them – but before too long it expects start signing new gTLD registries as they start coming online.

With many new gTLD applicants promising cleaner-than-clean zones, and with governments leaning on their ccTLDs in some countries, there could be some demand for services such as this.

NameSentry is priced on a subscription basis, based on the size of the TLD zone.