Tech giants gunning for AlpNames over new gTLD “abuse”

A small group of large technology companies including Microsoft and Facebook have demanded that ICANN Compliance take a closer look at AlpNames, the budget registrar regularly singled out as a spammers’ favorite.
The ad hoc coalition, calling itself the Independent Compliance Working Party, wrote to ICANN last week to ask why the organization is not making better use of statistical data to bring compliance actions against the small number of companies that see the most abuse.
AlpNames, the Gibraltar-based registrar under common ownership with new gTLD portfolio registry Famous Four Media, is specifically singled out in the group’s letter.
The letter, sourcing the August 2017 Statistical Analysis of DNS Abuse in gTLDs (pdf), says there “is a clear problem with one particular contracted party”.
AlpNames was the registrar behind over half of the new gTLD domains blacklisted by SpamHaus over the study period, for example, the letter states.
The tiny territory of Gibraltar also frequently ranks unusually highly on abuse lists due to AlpNames presence there, the letter and report say.
The ICWP letter also says that the four gTLDs .win, .loan, .top, and .link were used by over three quarters of abusive domains over the SADAG study period.
The letter calls the abuse rates “troublesome” and says:

We are alarmed at the levels of DNS abuse among a few contracted parties, and would appreciate further information about how ICANN Compliance is using available data to proactively address the abusive activity amongst this subset of contracted parties in order to improve the situation before it further deteriorates.

It goes on to wonder whether high levels of unaddressed abuse could amount to violations of new gTLD Registry Agreements and Registrar Accreditation Agreements, and to ask whether there any barriers to ICANN Compliance pursuing breach claims against such potential violations.
The ICWP comprises Adobe, DomainTools, eBay, Facebook, Microsoft and Time Warner. It’s represented by Fabricio Vayra of Perkins Coie.
Other than the letter (pdf), the Independent Compliance Working Party does not appear to have any web presence, and a spokesperson has not yet responded to DI’s request for more information.
The SADAG report also singled out Chinese registrar Nanjing Imperiosus Technology Co, aka DomainersChoice.com, as having particularly egregious levels of abuse, but noted that this abuse disappeared after ICANN terminated its RAA last year.
AlpNames has not to date had any public breach notices issued against it, but this is certainly not the first time it’s been singled out for public censure.
In November last year, ICANN’s Competition, Consumer Trust, and Consumer Choice Review Team (CCT) named it in a report that claimed: “Certain registries and registrars appear to either positively encourage or at the very least willfully ignore DNS abuse.”
AlpNames seems to have been used often by abusers due to its bargain-basement, often sub-$1 prices — making disposable domains more cost effective — and its tool that allowed up to 2,000 domains to be registered simultaneously.
If not actively soliciting abusive behavior, these factors certainly don’t make abuse any more difficult.
But will ICANN Compliance take action in response to the criticism leveled by CCT and now ICWP?
The main problem with the ICWP letter, and the SADAG report it is based upon, is that the data it uses is now rather old.
The SADAG report sourced abuse databases only up to January 2017, a time when AlpNames’ total gTLD domains under management was at its peak of around three million names.
Since then, the company has been hemorrhaging DUM, losing hundreds of thousands of domains every month. At the end of November 2017, the most recent data compiled by DI shows that it was down to around 838,000 domains.
It’s quite possible that AlpNames’ customer base is no longer the den of abuse it once was, whether due to natural attrition or a proactive purge of bad actors.
A month ago, in a press release connected with a $5.4 million buy-out of an co-founder, AlpNames chairman Iain Roache said he has a “10-year strategic plan” to turn AlpNames into a “Tier-1” registrar and “bring the competition to the incumbents”.

Registries reject lower fees for anti-abuse prowess

Registries have largely rejected a proposal for them to be offered financial incentives to lower the amount of abuse in their gTLDs.
That’s despite the idea gaining broad support from governments, intellectual property interests and restricted-registration registries.
The concept of ICANN offering discounted fees to registries that proactively fight abuse was floated by the Competition, Consumer Trust, and Consumer Choice Review Team (CCT) back in November.
It recommended in its draft report, among other things:

Consider directing ICANN org, in its discussions with registries, to negotiate amendments to existing Registry Agreements, or in negotiations of new Registry Agreements associated with subsequent rounds of new gTLDs to include provisions in the agreements providing incentives, including financial incentives for registries, especially open registries, to adopt proactive anti-abuse measures.

“Proactive” in this case would mean measures such as preventing known bad actors from registering domains, rather than just waiting for complaints to be filed.
Given that registries have been calling for lower ICANN fees in other instances, one might expect to see support from that constituency.
However, the Registries Stakeholder Group said in a document filed to ICANN’s public comment period on the CCT’s latest recommendations that, it “opposes” the idea of such financial incentives. It said:

The RySG supports recognizing and supporting the many [registry operators] that take steps to discourage abuse, but opposes amending the RA as recommended, to mandate or incentivize ‘proactive’ anti-abuse measures.

The RySG complained that such a system would require lots of complex work to arrive at a definition of abuse and what kinds of measures would qualify as “proactive”.
Even if such definitions could be found, and amendments to the standard RA successfully negotiated, there’s still no guarantee that bad registries would sign up for the incentives or stick to their promises, “resulting in no net improvement to the current situation”, the RySG said.
The group is also concerned that adding more anti-abuse clauses to the RA could increase registries’ risk of liability should they be sued over abuse carried out by their customers.
Not all registries agreed with the RySG position, however.
The informal Verified Top-Level Domains Consortium, which comprises the two registries behind .bank, .insurance and .pharmacy, filed comments supporting the proposal.
It said that gTLDs with vetted eligibility requirements see no abuse but have lower registration volumes and therefore pay higher ICANN fees on a per-domain basis. It said:

ICANN should help to offset these costs to create a more level playing field with high-volume unrestricted registries, i.e., to enhance competition as well as consumer trust. If ICANN made it more financially advantageous to verify eligibility, other registries may be encouraged to adopt this model. The outcome would be the elimination of abuse in these verified TLDs.

Outside of the industry itself, the Governmental Advisory Committee and IP interests such as the Intellectual Property Constituency and INTA, filed comments supporting anti-abuse incentives.
The IPC “strongly” supported the recommendation, but added that the finer details would need to be worked out to ensure that lower ICANN fees did not translate automatically to lower registration fees and therefore more abuse.
Shocking nobody, it added that “abuse” should include intellectual property infringements.
Conversely, the Non-Commercial Stakeholders Group said it “strongly” opposes the recommendation, on the basis that it would push ICANN into a “content policeman” role in violation of its technical mandate:

ICANN is not a US Federal Trade Commission or an anti-fraud unit or regulatory unit of any government. Providing guidance, negotiation and worse yet, financial incentives to ICANN-contracted registries for anti-abuse measures is completely outside of our competence, goals and mandates. Such acts would bring ICANN straight into the very content issues that passionately divide countries — including speech laws, competition laws, content laws of all types. It would invalidate ICANN commitments to ourselves and the global community. It would make ICANN the policemen of the Internet, not the guardians of the infrastructure. It is a role we have sworn not to undertake; a role beyond our technical expertise; and a recommendation we must not accept.

Also opposed to incentivizing anti-abuse measures was the Messaging, Malware and Mobile Anti-Abuse Working Group (an independent entity, not an ICANN working group), which said there’s no data to support such a recommendation.

The reports provide no data that showcase what the implications of altering the economic underpinnings of a highly competitive market may entail, including inadvertent side effects such as registries that already sell low price domains being rewarded with lower ICANN fees. In fact, it may ultimately result in a race to the bottom and higher rates of domain abuse.

Instead, M3AAWG said that ICANN should concentrate is contractual compliance efforts on those registries that the data shows already have large amounts of abuse — presumably meaning the likes of .top, .gdn and the Famous Four Media stable.
ICANN itself filed a comment on the proposal, pointing out that it is not able to unilaterally impose anti-abuse measures into registry agreements.
One imagines that lowering fees at a time when its own budget is under a lot of pressure would probably not be something ICANN would be eager to implement.
These comments and more were summarized in ICANN’s report on the CCT public comment period, published yesterday. The comments themselves can be found here.
The comments feed back into the CCT review team’s work ahead of its final report, which is due to be published some time during Q1.
Under its bylaws, the CCT review is one of the things that ICANN has to complete before it opens the next round of new gTLD applications.

SpamHaus now publishing better TLD abuse data

SpamHaus has updated its “10 Most Abused Top Level Domains” list to provide a much more useful insight into abuse levels.
Rather than simply showing unexplained percentages of “badness” in each TLD, the spam-fighting organization’s daily report now exposes the hard numbers, in domain terms, underneath.
For example, on today’s list Famous Four Media’s .download is the most-abused TLD with 82% bad domains.
That percentage is based on SpamHaus categorizing 11,431 domains as abusive of the 13,945 .download domains that crossed its systems.
But the gTLD has 67,500 domains in its zone file, so the actual percentage of abusive domains could be as low as about 17%, much lower than SpamHaus’s 82%.
Whether you think the 82% metric is fair will depend on whether you think SpamHaus’s sample — about 20% of the full .download zone — is representative.
Some of the other TLDs on its list have even smaller sample sizes.
Minds + Machines’ .work is ranked #2 on the SpamHaus list with 73.3% badness, based on a SpamHaus-seen sample of 6,297 domains, something like 7% of the full .work zone.
Registries criticized SpamHaus for publishing misleading data when this list was first published in March, and I agreed with them.
Now that the group is publishing empirical data alongside its percentages, the conversation can now shift to something along the lines of:
“Is it okay that at least 17% of .download domains are abusive?”
To which the answer I believe is a clear: “Hell, no.”
The SpamHaus daily report can be found here.

Schilling, Famous Four rubbish Spamhaus “worst TLD” league

Uniregistry and Famous Four Media have trashed claims by Spamhaus that their gTLDs are are much as 75% spam.
FFM says it is “appalled” by the “wholly inaccurate” claims, while Uniregistry boss Frank Schilling said Spamhaus has “totally jumped the shark here.”
In a statement to DI today, FFM chief legal officer Oliver Smith said the spam-fighting organization’s recently launched World’s Worst TLDs list is “reckless”, adding that the numbers are:

not only wholly inaccurate, but are misleading and, potentially, injurious to the reputation of Famous Four Media and those TLDs it manages. It is particularly worrisome that Spamhaus’s “findings” seem to have been taken as gospel within certain corners of the industry, despite not being proffered with any analytical methodology in support of the same.

The Spamhaus report, which is updated daily, presents the 10 TLDs that are more spam than not.
The rank is based on a percentage of domains seen by Spamhaus that Spamhaus considers to be “bad” — that is, are advertised in spam or carry malware.
Today, Uniregistry’s .diet tops the chart with “74.4% bad domains”, but the scores and ranks can and do shift significantly day by day.
Spamhaus describes its methodology like this:

This list shows the ratio of domains seen by the systems at Spamhaus versus the domains our systems profile as spamming or being used for botnet or malware abuse. This is also not a list that retains a long history, it is a one-month “snapshot” of our current view.

The words “seen by the systems at Spamhaus” are important. If a domain name never crosses Spamhaus’s systems, it isn’t counted as good or bad. The organization is not running the whole zone file against its block-list to check what the empirical numbers are.
In important ways, the Spamhaus report is similar to the discredited Blue Coat report into “shady” TLDs last September, which was challenged by myself and others.
However, in a blog post, Spamhaus said it believes its numbers are reflective of the TLDs as a whole:

In the last 18-years, Spamhaus has built its data gathering systems to have a view of most of the world’s domain traffic. We feel the numbers shown on this list are representative of the actual full totals.

I disagree.
In the case of .diet, for example, if 74% of the full 19,000-domain zone was being used in spam, that would equate to 14,000 “bad” domains.
But the .diet zone is dominated by domains owned by North Sound Names, the Frank Schilling vehicle through which Uniregistry markets its premium names.
NSN snapped up well over 13,000 .diet names at launch, and Schilling said today that NSN owns north of 70% of the .diet zone.
That would mean either Uniregistry is a spammer, or Spamhaus has no visibility into the NSN portfolio and its numbers are way the hell off.
“Spamhaus’ assertion that 74% of the registrations in the .diet space are spam is a numerical impossibility,” Schilling said. “They totally jumped the shark here.”
NSN’s domains don’t send mail, he said.
He added that diet-related products are quite likely to appear in spam, which may help account for Spamhaus’s systems identifying .diet emails as spam. He said:

Spamhaus is a high-minded organization and we applaud their efforts but this report is so factually inaccurate it casts into doubt the validity of everything they release. Spamhaus should be smarter than this and at a minimum consult with registries (our door is open) to gain a better understanding of the subject matter they wrongly profess to be expert in.

Similarly, FFM’s .review gTLD was briefly ranked last week as the “worst” gTLD at 75.1% badness. With 66,000 domains, that would mean almost 50,000 names are spammy.
Yet it appears that roughly 25,000 .review domains are long-tail geo names related to the hotels industry, registered by a Gibraltar company called A Domains Limited, which appears to be run by AlpNames, the registry with close ties to FFM itself.
Again, if Spamhaus’s numbers are accurate, that implies the registrar and/or registry are spamming links to content-free placeholder web sites.
FFM’s Smith says the registry has been using Spamhaus data as part of its internal Registry Abuse Monitoring tool, and that its own findings show significantly less spam. Referring to .review’s 75% score, he said:

This simply does not accord with FFM’s own research, which relies heavily on data made available by Spamhaus. The reality is that, in reviewing registration data for the period 8 February to 8 March 2016, only 4.8% of registered domains have been blacklisted by Spamhaus – further, it is questionable as whether every single such listing is wholly merited. When reviewing equivalent data for the period of 1 January to 8 March 2016 across ALL FFM managed TLDs this rate averages out to a mere 3.2%.

I actually conducted my own research into the claims.
Between March 8 and March 15, I ran the whole .review zone file through the Spamhaus DBL and found 6.9% of the names were flagged as spam.
My methodology did not take account of the fact that Spamhaus retires domains from its DBL after they stop appearing in spam, so it doesn’t present a perfect apples-to-apples comparison with Spamhaus, which bases its scoring on 30 days of data.
All told, it seems Spamhaus is painting a much bleaker picture of the amount of abuse in new gTLDs than is perhaps warranted.
During ICANN meetings last week and in recent blog comments, current and former executives of rival registries seemed happy to characterize new gTLD spam as a Famous Four problem rather than an industry problem.
That, despite the fact that Uniregistry, Minds + Machines and GMO also feature prominently on Spamhaus’s list.
I would say it’s more of a low prices problem.
It’s certainly true that FFM and AlpNames are attracting spammers by selling domains for $0.25 wholesale or free at retail, and that their reputations will suffer as a result.
We saw it with Afilias and .info in the early part of the last decade, we’ve see it with .tk this decade, and we’re seeing it again now.

Registrars warn of huge domain suspension scam

Customers of at least half a dozen large registrars been targeted by an email malware attack that exploits confusion about takedown policies.
The fake suspension notices have been spammed to email addresses culled from Whois and are tailored to the registrar of record and the targeted domain name.
Customers of registrars including eNom, Web.com, Moniker, easyDNS, NameBright, Dynadot and Melbourne IT are among those definitely affected. I suspect it’s much more widespread.
The emails reportedly look like this:

Dear Sir/Madam,
The following domain names have been suspended for violation of the easyDNS Technologies, Inc. Abuse Policy:
Domain Name: DOMAIN.COM
Registrar: easyDNS Technologies, Inc.
Registrant Name: Domain Owner
Multiple warnings were sent by easyDNS Technologies, Inc. Spam and Abuse Department to give you an opportunity to address the complaints we have received.
We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.
We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.
Click here and download a copy of complaints we have received.
Please contact us by email at mailto:abuse@easydns.com for additional information regarding this notification.
Sincerely,
easyDNS Technologies, Inc.
Spam and Abuse Department
Abuse Department Hotline: 480-124-0101

The “click here” invitation leads to a downloadable file, presumably containing malware.
Of course, the best way to check whether your domain name has been genuinely suspended or not is to use it — visit its web site, use its email, etc.
As domain suspensions become more regularly occurrences, due to ICANN policies on Whois accuracy for one reason, we can only expect more scams like these.

ICANN boss warns against “content policing” calls

ICANN should resist attempts to turn the organization into a content regulator responsible for fighting piracy, counterfeiting and terrorism.
That’s according to CEO Fadi Chehade, speaking in Dublin yesterday at the opening ceremony of ICANN’s 54th public meeting.
His remarks have already solicited grumbles from members of the intellectual property community, which are eager for ICANN to take a more assertive role against registries and registrars.
Speaking to a packed auditorium, Chehade devoted a surprisingly large chunk of his opening address to the matter of content policing, which he said was firmly outside of ICANN’s remit.
He presented this diagram, breaking up the internet into three layers. ICANN plays in the central “logical” section but has no place in the top “societal” segment, he said.

“Where does ICANN’s role start and where does ICANN’s role stop?” Chehade posed. “It’s very clear Our remit starts and stops in this logical yellow layer. We do not have any responsibility in the upper layer.”
“The community has spoken, and it is important to underline that in every possible way, ICANN’s remit is not in the blue layer, it is not in the economic/societal layer,” he said. This is a technical organization.”
That basically means that ICANN has no responsibility to determine which web sites are good and which are bad. That’s best left to others such as the courts and governments.
Chehade recounted an anecdote about a meeting with a national president who demanded that ICANN shut down a list of terrorism-supporting web sites.
“We have no responsibility to render judgement about which sites are terrorists,” he said, “which sites are the good pharmacies, which sites are the bad pharmacies, which sites are comitting crimes, which sites are infringing copyrights…”
“When people ask us to render judgement on matters in the upper layer, we can’t.”
With that all said, Chehade added that ICANN should not shirk its duties as part of the ecosystem, whether through voluntary measures at registries and registrars or via contractual enforcement.
“Once determinations are made, how do we respond the these?” he said. “I hope, voluntarily.”
He gave the example of credit card companies that voluntarily stop doing business with web sites that have been reported to be involved in crime or spam.
The notion of registrars adhering to a set of voluntary principles was first floated by ICANN’s chief compliance officer, Allen Grogan, in a blog post earlier this month.
It was the one bone he threw to IP interests in a determination that otherwise came down firmly on the side of registrars.
Grogan had laid out a minimum set of actions registrars must carry out when they receive abuse reports, none of which contained a requirement to suspend or delete domain names.
The Intellectual Property Constituency appeared to greet Chehade’s speech with cautious optimism, but members are still pushing for ICANN to take a stricter approach to contract compliance.
In a session between the IPC and the ICANN board in Dublin this morning, ICANN was asked to make these hypothetical voluntary measures enforceable.
Marc Trachtenberg disagreed with Chehade’s credit card company example.
“The have an incentive to take action, which is the avoidance of future potential costs,” he said. “That similar incentive does not exist with respect to registries and registrars.”
“In order for any sort of voluntary standards to be successful or useful, there have to be incentives for the parties to actually comply with those voluntary standards,” he said.
“One possibility among many is a situation where those registries and registrars that don’t comply with the voluntary standards are potentially subject to an ICANN compliance action,” he said.
It’s pretty clear that this issue is an ongoing one.
Chehade warned in his address yesterday that calls for ICANN to increase its policing powers will only increase when and if its IANA contract is finally divorced from US government oversight.
Grogan will host a roundtable tomorrow at 10am Dublin time to discuss possible voluntary mechanisms that could be created to govern abuse.

Pirate Bay a victim as Go Daddy suspends hundreds of new gTLD domains

New gTLDs may have only been in general availability for a few weeks, but there’s already evidence of substantial abuse.
Go Daddy has suspended at least 305 new gTLD domain names, putting them on its spam-and-abuse.com name servers, standard Go Daddy practice for domains suspected of abuse.
Over 250 of these were put on the naughty step in the last 24 hours.
The suspended names include, notably, thepiratebay.guru, which matches the name of controversial torrent site frequented by people who like downloading copyrighted material for free.
The Pirate Bay has been switching TLDs like crazy recently, as one ccTLD after another shuts down its latest attempt to find a reliable home.
The .guru domain is registered under Go Daddy’s Domains By Proxy privacy service, so it’s not clear if it actually belongs to The Pirate Bay or to an opportunistic third party.
Other suspended names include premium-looking names such as electric.guru, sexualhealth.guru, as well as obvious cybersquatted names such as verizon.guru (not registered to Verizon).
But the majority of the suspended names seem to belong to a single registrant in Washington state, all in .guru and largely “pigeon shit” names such as bestdrinksites.guru and bestfashionsites.guru.
While 305 seems like a large number (albeit only 0.2% of the current new gTLD names sold), it appears that so far a single individual is responsible for most of the “abuse” in new gTLDs.

ICANN cans “Spam King” registrar

ICANN has terminated the registrar accreditation of Dynamic Dolphin, which it turned out was owned by self-professed “Spam King” Scott Richter.
The company has until December 20 to take down its ICANN logo and cease acting as a registrar.
ICANN, in its termination notice (pdf) late last week, said that it only became aware earlier this month that Richter was the 100% owner of Dynamic Dolphin.
Richter grew to fame a decade ago for being one of the world’s highest-profile spammers. He was sued for spamming by Microsoft and Myspace and was featured on the popular TV program The Daily Show.
As well as being a thoroughly unpleasant chap, he has a 2003 conviction for grand larceny, which should disqualify him from being the director of an ICANN-accredited registrar.
He removed himself as an officer on October 9 in response to ICANN’s persistent inquiries, according to ICANN’s compliance notice.
But he was much too late. ICANN has terminated the accreditation due to the “material misrepresentation, material inaccuracy, or materially misleading statement in its application”.
The question now has to be asked: why didn’t ICANN get to this sooner? In fact, why was Dynamic Dolphin allowed to get an accreditation in the first place?
Former Washington Post security reporter Brian Krebs has been all over this story for five years.
Back in 2008, with a little help from anti-spam outfit KnujOn, he outed Richter’s links to Dynamic Dolphin when it was just a Directi reseller.
Yesterday, Krebs wrote a piece on his blog going into a lot of the background.
Another question now is: which registrar is going to risk taking over Dynamic Dolphin’s registrations?
As of the last registry reports, Dynamic Dolphin had fewer than 25,000 gTLD domains under management.
According to ICANN’s termination notice, 13,280 of these use the company’s in-house privacy service, and 9,933 of those belong to just three individuals.
According to DomainTools, “Dynamic Dolphin Inc” is listed as the registrant for about 23,000 names.
According to KnujOn’s research and Krebs’s reporting, the registrar was once among the most spam-friendly on the market.

Directi fighting “massive” .pw spam outbreak

Recently relaunched budget TLD .pw is being widely abused by spammers already, but registry manager Directi said it’s enforcing a “zero tolerance” policy.
Anti-spam software makers and users have over the last week reported a “massive” increase in email spam from .pw domain names.
Security giant Symantec reports that .pw jumped to #4 in its rankings of TLDs used in spammed URLs in the week ending April 26.
Anti-spam vendor Fort even recommended its customers block the entire TLD at their mail gateways, blogging:

Since we have yet to see a legitimate piece of mail for the .pw domain but have recently seen massive amounts of spam from this domain, we are recommending that you block mail form this domain as soon as practical.

Anti-spam mailing lists have been full of people complaining about .pw spam, according to spam expert John Levine.
Our own TLD Health Check ranks .pw at #19 in abusive domains (which tracks phishing and malware domains rather than spam) for May, having not ranked it at all before April.
But Sandeep Ramchandani, head of Directi’s .PW Registry unit, told DI that the company has deactivated 4,000 too 5,000 .pw domains for breaching its anti-abuse policy.
He said that a single registrar was responsible for the majority of the abusive names, and that the registrar in question has had its discount revoked, resulting in newly registered domains from it going down to “almost nothing”.
“If you remove that registrar, the percentage of abusive names to non-abusive names is not alarming at all,” Ramchandani said.
He said the company has a “zero tolerance” approach to spam. It’s been communicating with many of its critics to let them know it’s on the case.
He noted that it’s not surprising that people are seeing more bad traffic from .pw than good — spammers tend to start using their domains immediately, whereas legitimate registrants take a bit longer.
Directi, which reported 50,000 names registered in the first three weeks of general availability last week, is now up to 100,000 names.
Many of the names were registered via the same aforementioned registrar, so more are likely to be turned off, Ramchandani said.
.pw is the ccTLD for Palau, but Directi brands it as “Professional Web”. It’s going for the budget end of the market, selling domains for less than .com prices even if you exclude discounts.

Beckstrom probed over bizarre spam complaint

ICANN’s Ombudsman looked into a complaint that former CEO Rod Beckstrom allegedly spammed community members the day after he left the organization, it has emerged.
Whoever filed the complaint evidently did not like Beckstrom one bit.
According to Ombudsman Chris LaHatte, who rejected the complaint, the complainant said:

I wish to file a formal complaint about the below SPAM originating from ICANN’s servers. Since Mr. Beckstrom has left yesterday it is clear that he cannot have had access to ICANN infrastructure any longer. If however this were the case, one would have to consider YET ANOTHER serious breach. In any case I do not wish to receive communications of any kind from this person, Mr. Beckstrom. Please confirm receipt of this complaint, commence an investigation and advise me of the outcome.

LaHatte found that the email in question was “a courteous farewell and introduction to the new CEO” sent to between 50 and 60 people, all movers and shakers in the ICANN community.
According to LaHatte, who blogged about the complaint today:

After discussing this matter with the ICANN staff, it is clear that this email was in fact not spam in the common meaning of the term. Spam is usually considered bulk emailing sent indiscriminately to very large numbers of recipients. By way of contrast, 60 emails specifically tailored for groups of recipients is hardly unusual within a large organisation such as ICANN.

I know Beckstrom was not a massively popular individual with some in the ICANN community, but this complaint seems to be way out of proportion for a simple unwanted email.
Somebody out there needs to take a chill pill.