Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
Correction: UNR’s trademark block service
The registry or registries that buy UNR’s portfolio of new gTLDs at its firesale auction next month will be obliged to honor domains blocked by subscribers to its UniEPS brand protection service.
That’s contrary to what I reported yesterday, which was pretty much the opposite. I apologize for the error.
I asked UNR CEO Frank Schilling for comment about the post-auction UniEPS service, but did not receive a reply. Today, I learned that Schilling had in fact sent a lengthy reply, but it wound up in my email spam folder. Apparently my emails to him also wound up in his spam folder. The filtering gods clearly do not approve of our relationship.
According to Schilling, bidders for each of the 23 auctioned TLDs have been told “blocked names have to remain blocked, banned, or reserved after acquisition, even if they do not participate in our blocking service”.
Registrars were told:
Should an auction winner elect to withdraw the Asset(s) from UNR’s blocking services, the blocked domains will have to remain blocked, reserved, or banned in the acquired Registries until the expiry dates below. This is no different than a new owner honoring prepaid domains under management with expiry dates in the future. Once a block expires, the associated domains can be released for any registrant to purchase (fees from future registrations will be paid to the new owner).
Schilling also said that UNR is forgoing revenue from UniEPS auto-renews after March 15 until the gTLDs change hands. The new owners will be able to cancel these free renewals, he said.
The new owners will be able to continue to use UniEPS if the gTLDs remain on its registry platform. They could also choose to migrate them to their own blocking service, should they have one.
UniEPS, like other products on the market, blocks trademarks and variants such as IDN homographs from registration. It works out cheaper than defensively registering domains, but the domains cannot be used.
UNR, the former Uniregistry, will auction all of its 23 gTLD contracts April 28, as the company refocuses on back-end registry services.
UNR getting out of the registry business with $17 million no-reserve auctions on 23 new gTLDs
UNR, the former Uniregistry, plans to auction off its portfolio of 23 new gTLD contracts in April.
The company, owned by domain investor Frank Schilling, said on a new web site at auction.link:
In a move to completely dedicate the company and its resources to its backend registry and IP rights protection services, UNR has announced that 23 of its Top Level Domain assets will be sold in no-reserve auctions on April 28, 2021.
The TLDs will be sold individually, rather than as a package.
While they’re all no-reserve auctions, the published starting prices add up to $16,870,000. Some have minimum bids of zero, some are less than the price UNR paid ICANN for its application fee back in 2012.
Here’s a list of the TLDs, along with their starting prices.
[table id=63 /]
The prices appear to be based on the reg fee and volume of existing registrations, which range wildly from around 300 for .hiv to 159,000 for .link. The .country gTLD, aimed at country music makers and fans, currently has no starting bid listed.
The most-likely buyers of these gTLDs would be the rapidly dwindling list of fellow portfolio registries, such as Donuts and Radix.
While UNR’s exit from the registry business may be surprising — Schilling was a big fan of new gTLDs and Uniregistry applied for 54 of them, investing $69 million — it’s merely the latest stage of the business being dismantled.
Uniregistry sold its registrar and secondary market businesses to GoDaddy last year, and later sold its stake in three car-related gTLDs to business partner XYZ.com.
UNR said the April auctions will be managed over one day by Innovative Auctions, which is pretty much the de facto standard player in new gTLD auctions.
While the company says the auctions are open to “businesses and individuals”, I’m pretty sure ICANN rules forbid a gTLD being owned by individuals.
The company now plans to focus on being a pure-play back-end registry services provider, with a focus on dot-brand gTLDs, where it will continue to compete with the likes of GoDaddy, CentralNic, Donuts and Verisign.
Something weird’s going on at .sucks
Ever heard of a domainer or cybersquatter putting their freshly-registered domains up for sale at cost?
Me neither, but that’s what seems to be going on at .sucks right now.
The sudden appearance of many hundreds of .sucks domains — many of them matching very famous trademarks — at Sedo and Uniregistry comes as the registry unveils plans to open up a secondary marketplace of its own.
.sucks registry Vox Populi, a part of the Momentous group of companies, wants to open its own marketplace, according to a letter it recently sent to ICANN.
The registry told ICANN it plans to launch a service “whereby a Registrant of a .sucks domain name can list their domain for resale with the Registry”, saying it will “allow our Registrars to show the domain as available for purchase by third parties at the price set by the current Registrant.”
It’s taking a somewhat confrontational approach from the outset, telling ICANN that it does not believe the service would constitute a “registry service” that would require ICANN’s approval under the Registry Service Evaluation Process.
It points to the fact that registrants can already list their .sucks names on existing marketplaces such as Sedo as proof that it’s not a “product or service that only a registry operator is capable of providing, by reason of its designation as the registry operator” requiring the RSEP.
This interpretation strikes me as open to debate, but I’m not going to get into that here.
What’s more interesting is that the vast majority of the domains listed on these competing platforms appear to have been registered relatively recently, in bulk, all via Momentous-owned registrar Rebel, and quite possibly by the same registrant.
What’s weird is that the majority of the .sucks names listed at Sedo have a buy-now price of $199. Some are priced higher. Some priced at $199 at Sedo are priced at $599 at Uniregistry.
$199 is the absolute cheapest you can buy a .sucks domain name anywhere. It’s Rebel’s retail price, and I believe it’s also Vox Pop’s wholesale price. Even the cheapest unaffiliated registrars slap a $50 markup on the registry fee.
The domains started being listed on the aftermarkets after a sharp spike in .sucks sales back in June, where my data shows that over 2,000 names were registered, via Rebel, in the space of about 24 hours.
The .sucks zone file has been growing ever since, swelling from 7,347 — where volume had been flattish and under 8,000 names for years — to 11,255 since June 16, the date of the first spike.
Almost every .sucks listing I spot-checked on Sedo has three things in common: the $199 price-tag, a recent registration date, and a seller who signed up for the service in 2020 submitting their home territory as Turks and Caicos.
Turks and Caicos, which is also where Rebel is legally based, is a British island territory in the Caribbean with fewer than 38,000 inhabitants. It’s often used for offshore company registrations.
Whois records for the domains I checked with June reg dates use Momentous privacy service Privacy Hero, while other more-recent regs list the registrant as Honey Salt Ltd, a company apparently also based in Turks and Caicos.
So what we seem to have here is a registrant willing to invest half a million dollars or more in .sucks domain names, a great many matching famous brands, and then list them for resale at the exact same price he paid for them.
Why would a cybersquatter pay $199 for jackdaniels.sucks or dolceandgabbana.sucks or unitedinternetmedia.sucks and then put them up for sale for $199? It makes no sense to me.
And it comes at a time when Vox Pop is trying to persuade ICANN that there’s a thriving aftermarket for .sucks domains.
I put all these observations to the CEOs of Momentous and the registry earlier today, and Vox Pop chief John Berard got back to us to say:
With regard to those 2,000 registered names, that was most welcome. I don’t know much more than that about Honey Salt… I am certainly not going to speculate on their plans.
That they are in the Turks and Caicos is interesting, for sure. But you know as well as I that the Caribbean is a hotbed of domain name innovation and investment.
He later added: “Yes, take it to the bank that VPR [Vox Populi Registry] is not behind the registrations.”
On the issue of the registry’s own secondary market plans, Berard said:
we are trying to catch up to others in the domain name industry who first saw the customer value of fostering a secondary market. I think we may be the first registry to do it, but we, i am sorry to say, weren’t the first to market.
If I receive more information or commentary on this weirdness I shall provide updates accordingly.
To show new focus on registry, Uniregistry dumps “registry” from its brand. Um…
Uniregistry (or possibly “Uni Registry” or just “Uni”) has announced that it is changing its branding yet again.
The company now wishes to be known as UNR, which stands for Uni Naming & Registry, according to a press release today.
The change is related of course to the acquisition of several former Uniregistry business units — namely the registrar, the portfolio and the marketplace — by GoDaddy. That was announced in February but appears to have just closed.
UNR said it is “singularly focused on registry expansion”. It manages 20-odd of its own gTLDs and offers registry back-end services to others.
Its old web site, uniregistry.com, now displays GoDaddy branding — “Uni, a GoDaddy brand” — and functions as a retail registrar.
UNR is now using unr.link and unr.com, according to the press release. Both, for me, resolve to uniregistry.link — .link is one of the gTLDs UNR runs under ICANN contract.
So, Uniregistry is now a registrar in the GoDaddy stable and UNR is the registry. Or something. Got it? Good.
The latest industry C-suite musical chairs
There have been several top-level hires at big new gTLD players in the last week.
Donuts has announced it has appointed Mina Neuberg as chief marketing officer. Neuberg appears to be a newcomer to the domain industry, having most recently worked at a learning software company called Revolution Math. It’s the first time has had a named top marketing exec on its web site since VP Judith McGarry left a year ago.
Her appointment follows February’s announcement that Donuts hired Randy Haas as chief financial officer. He was previously CFO of Rhapsody/Napster, the online music company.
Meanwhile, Shayan Rostam has moved from Intercap Holdings, the registry for .inc, .dealer and .box, where he was chief registry officer, to portfolio registry Uniregistry, where he will be chief growth officer, a newly created position.
And DNW is reporting that new gTLD registry MMX has made two new C-level hires, both coming from Uniregistry: Vaughn Lilely has been recruited as chief growth officer while Ben Anderson is coming in as chief operating officer.
Uniregistry offers dating-inspired buy-now domains
Uniregistry has come up with a novel way to flog its clients’ domains, inspired by a dating web site.
It has published a list of 60 domains where a final price had already been negotiated by its brokers and agreed by both sides but the sale had for whatever reason not been completed.
The total value of the list appears to be $433,800.
VP of sales Jeffrey Gabriel blogged that the listed prices won’t come down, but that the sellers may decide not to sell at the stated price after all.
All the sales will go through the usual Uniregistry landing-page offer system.
Andrew Allemann has already bought one.
It appears to be a one-off (or occasional) proposition, rather than a new formal, developed, automated buy-it-now service.
I imagine it will be more popular among buyers — who don’t have to muck about too much negotiating a price — than sellers.
Smart sellers, from what I can tell, tend to base their price to a large extent on how rich they think the buyer is.
Gabriel said he’s calling this hook-up service “Missed Connections”, named after the section of Craigslist where people who make meaningful eye contact on public transport can post classifieds in an attempt to make contact with their near-miss.
I once told my girlfriend I loved her for the first time via Missed Connections. True story. Of course, that was back in San Francisco in the mid-noughties, a time and place in history when almost every meaningful transaction or life experience was carried out via Craigslist.
Nowadays, I hear it’s mainly just prostitutes.
.london disaster leads to mixed 2018 for MMX
New gTLD registry MMX, aka Minds + Machines, suffered a huge net loss in 2018, largely due to its disastrous .london contract, even while its operating fundamentals improved.
For the year, MMX reported a net loss of $12.6 million, compared to a 2017 profits of $3.8 million, on revenue up 5% to $15.1 million.
The loss was almost entirely attributable to charges related to an “onerous contract” with one of its partners.
MMX has never disclosed the identity of this partner, but the only outfit that fits the profile is London & Partners, the agency with which MMX partnered to launch .london several years ago.
The registry, expecting big things from the geo-TLD, promised to pay L&P millions over the term of the contract, which expires in 2021.
But it’s been a bit of a damp squib compared to former management’s expectations, peaking at about 86,000 regs last year and shrinking ever since.
MMX says the estimated gap between the minimum revenue guarantee payable to L&P and the expected revenue is expected to bring in before 2021, is $7.2 million.
It’s recorded this as a charge on its income statement accordingly, along with another $4.2 million impairment charge related to the same contract.
The company recorded a $7.7 million accounting charge related to this contract in 2016, too.
The company says that to date it has lost about $13.7 million on the deal.
These charges, along with a few other smaller one-off expenses, were enough to push the company into the black for 2018.
But other key performance indicators showed more promise, helped along by the acquisition last year of porn-themed registry operator ICM Register, best-known for .xxx.
Notably, renewal revenue almost doubled, up 97% to $9.4 million.
Domains under management was up 37% to 1.81 million.
Operating EBITDA was $3.6 million, up 12.5%.
Looking ahead, MMX said billings for the first quarter are expected to be up 246%, due to the first impact of the ICM acquisition.
It also said it closed $500,000 of sales in .law in China in March. That would work out to over 5,000 domains, based on the retail price of about $100 a year, but those domains have yet to show up in the .law zone file, which only grew by about 200 domains last month.
MMX said it is planning to launch “a high-value defensive registration product” for corporate registrars by the third quarter.
If I had to guess, I’d say that is probably a clone of Donuts’ Domain Protected Marks List service, which offers trademark owners deep discounts when they defensively block strings across the whole Donuts gTLD portfolio.
It’s a model copied by other registries, including recently Uniregistry.
Uniregistry calls for domain Bill of Rights as Schilling says Gab.com was not booted
Uniregistry has called for a “Domain Bill of Rights” to protect free speech in a world were domain takedowns can be used to de-platform controversial speakers.
Meanwhile, CEO Frank Schilling has told DI that the company did not expel the right-wing social network Gab.com from Uniregistry’s platform, and would have allowed it to stay.
In a press release this week, Uniregistry COO Kanchan Mhatre said that while the company rejects “hatred and bigotry”, free speech is an “inalienable” human right.
The company called for the new agreement “to guarantee every domain name owner a formal ‘due process’ when being faced with accusations and demands for censorship”.
Schilling said that Uniregistry’s idea for a Domain Bill of Rights is still in the early stages. It has sketched out 10 draft bullet points but is not ready to publish them yet.
The press release was issued to coincide with Tim Berners-Lee’s proposal for a “Contract for the Web”, a set of broad principles governing rights and responsibilities online.
But it also coincided with the ongoing controversy over Gab.com, the microblogging platform favored by right-wing voices, including many white supremacists, that have been kicked off Twitter.
The guy who murdered 11 people at a Synagogue in Pittsburgh last month used Gab, a back-breaking straw which prompted GoDaddy to inform the network it intended to suspend its domain unless it was immediately moved to another registrar.
It’s not the first time GoDaddy has shut down the far right for breaching its terms of service. Last year, it took the same action against a neo-Nazi site.
The Gab.com domain briefly wound up at Uniregistry, before Epik CEO Rob Monster stated publicly that he would offer Gab a home. Gab took him up on his offer, and transferred away from Uniregistry.
Uniregistry’s Schilling confirmed that “We did not ask gab.com to leave our platform… they were welcome to stay subject to law”.
Monster said in a blog post largely praising Gab and founder Andrew Torba that “De-Platforming is Digital Censorship”. He noted that for Gab, “there is a duty to monitor and lightly curate, keeping content within the bounds of the law”.
Uniregistry changes emails after “renewal scam” complaints
Uniregistry has modified its marketing emails after customers complained they looked like fake renewal “scams”.
One customer contacted DI last week to say they were “horrified” to receive pitches for cheap SSL certificates that “read like some of the worst domain expiration scams of the past”.
The company recently started reselling Comodo’s SSL certs as part of its plan to broaden its customer base beyond its roots in the domain investor community.
But the way these certs were marketed left more than one customer with concerns. One email, which I’ve lightly redacted, read as follows:
Dear [CUSTOMER],
FINAL NOTICE – Your SSL certificate for your domain has expired. Take action and renew your certificate today through Uniregistry.
If your SSL certificate expires your website will display a warning informing customers the site is not secure.
We’ve teamed up with Comodo CA to offer our valued customers discounts up to 78% off when they renew their SSL certificate through us.
Visit https://www.comodo.com/uniregistry/ to take advantage of this offer and renew your certificate before it expires.
Domains at Risk :
[LIST OF DOMAINS]
Average validation time is less than an hour could take longer. Don’t let your certificate expire and put your business at risk. We are here to help, contact one of our SSL Specialist for more information or if you need additional support.
Thank you for choosing Uniregistry and Comodo CA
The reader said that while they have some domains with Uniregistry, their SSL certs had been bought elsewhere.
They added that the certs had not “expired” as the email claimed and said that they were not due to expire for months.
In addition, the email is quite clearly asking the customer to “renew” their cert via Uniregistry and Comodo, which should not be possible if the current cert was bought from a different Certificate Authority. It’s actually a solicitation to buy a new cert.
The scare-tactics wording is reminiscent of the old “slamming” scams carried out by Brandon Gray Internet Services, going under the moniker Domain Registry Of America and similar, until ICANN terminated its contract in 2014.
These “fake renewal” scams were delivered in the form of final-demand invoices, but were in fact solicitations to transfer domains, at a huge premium, from their current registrar to the scammer’s registrar.
A major difference between the DROA scam and Uniregistry’s marketing is that Uniregistry only contacted its existing customers. It was not spamming SSL owners at random.
Uniregistry told DI that the emails in question were part of an “A/B test” — when a company tests two emails to different sets of customers to see which one gets the best response rate — that were sent to “small number” of its customers.
Chief operating officer Kanchan Mhatre said in an email:
The initial content sent came from a previous campaign and it’s fair to say that it needed modifying to more accurately reflect what we were trying to convey. Based on the feedback received from you and other customers, we have modified the messaging and we are currently reviewing cert expiry date validation to ensure that we communicate with our customers in a timely manner.
SpamHaus ranks most-botted TLDs and registrars
Namecheap and Uniregistry have emerged as two of the most-abused domain name companies, using statistics on botnet command and control centers released by SpamHaus this week.
SpamHaus data shows that over a quarter of all botnet C&Cs found during the year were using NameCheap as their registrar.
It also shows that almost 1% of domains registered in Uniregistry’s .click are used as C&Cs.
The spam-fighting outfit said it discovered “almost 50,000” domains in 2017 that were registered for the purpose of controlling botnets.
Comparable data for 2016 was not published a year ago, but if you go back a few years, SpamHaus reported that there were just 3,793 such domains in 2014.
Neither number includes compromised domains or free subdomains.
The TLD with the most botnet abuse was of course .com, with 14,218 domains used as C&C servers. It was followed by Directi’s .pw (8,587) and Afilias’ .info (3,707).
When taking into account the relative size of the TLDs, SpamHaus fingered Russian ccTLD .ru as the “most heavily abused” TLD, but its numbers don’t ring true to me.
With 1,370 botnet controllers and about five and a half million domains, .ru’s abused domains would be around 0.03%.
But if you look at .click, with 1,256 botnet C&Cs and 131,000 domains (as of September), that number is very close to 1%. When it comes to botnets, that’s a high number.
In fact, using SpamHaus numbers and September registry reports of total domains under management, it seems that .work, .space, .website, .top, .pro, .biz, .info, .xyz, .bid and .online all have higher levels of botnet abuse than .ru, though in absolute numbers some have fewer abused domains.
In terms of registrars, Namecheap was the runaway loser, with a whopping 11,878 domains used to control botnets. 
While SpamHaus acknowledges that the size of the registrar has a bearing on abuse levels, it’s worth noting that GoDaddy — by far the biggest registrar, but well-staffed with over-zealous abuse guys — does not even feature on the top 20 list here.
SpamHaus wrote:
While the total numbers of botnet domains at the registrar might appear large, the registrar does not necessarily support cybercriminals. Registrars simply can’t detect all fraudulent registrations or registrations of domains for criminal use before those domains go live. The “life span” of criminal domains on legitimate, well-run, registrars tends to be quite short.
However, other much smaller registrars that you might never have heard of (like Shinjiru or WebNic) appear on this same list. Several of these registrars have an extremely high proportion of cybercrime domains registered through them. Like ISPs with high numbers of botnet controllers, these registrars usually have no or limited abuse staff, poor abuse detection processes, and some either do not or cannot accept takedown requests except by a legal order from the local government or a local court.
The SpamHaus report, which you can read here, concludes with a call for registries and registrars to take more action to shut down repeat offenders, saying it is “embarrassing” that some registrars allow perpetrators to register domains for abuse over and over and over again.
Recent Comments