ICANN Puts eNom and Moniker “On Notice”

eNom and Moniker were named in “Worst Spam Offenders” report.

In the words of Stephen Colbert, ICANN has put eNom and Moniker “On Notice”. The two registrars were named in a recent report from KnujOn titled “The 10 Worst Registrars in terms of spam advertised junk product sites”.

That title is a bit misleading, or perhaps I’m the only one who doesn’t quite understand how KnujOn calculated which registrars were worst. The report (pdf) considered a number of factors for determining which registrars has the most “spam advertised junk product sites”:

Reported Sites: Raw count of reported sites advertised through spam
Proportion of Reported to Total: Proportion of total spam-reported to total domain count
Raw Aggression: Number of spam instances advertising domains at this registrar
Proportional Aggression: Proportion of total spam instances to the total domains at the registrar.
Overall Score: An overall rating based on each of the above results
Inaccuracy Count: Total count of inaccurate registration records
Inaccuracy Rating: Proportion of inaccurate records to total domains at the registrar
Trademark Factor: Volume of sites noted for featuring trademarked brands

The report did not consider which email addresses were used to send spam, but rather which domains these spam emails sent traffic to. As you can see above it also considered the percentage of bad whois records and domains that included trademarks.

The reports suggests that eNom is heavy on trademark domains (3rd place) while Moniker has a lot of inaccurate whois data (0.4% of records). I’m not sure how this data was collected and it certainly could have been designed to stack the odds against these registrars, which are known for managing large domainer portfolios.

Regardless, ICANN felt it worthy enough to send a notice to these registrars, with a particular emphasis on whois inaccuracy. ICANN sends about 75 “enforcement” notices each month.


  1. says

    Hi Andrew, happy to explain the ratings. We wanted to take as many factors into consideration as possible. You will note that the #1 slot: Xin Net is not a very big registrar. In fact, the biggest registrars do not appear in the top ten – mostly because they actually take steps to minimize access and damage by cybercrooks. Our numbers took into consideration each company’s share of the market and their rate of illicit proliferation on several levels. If the numbers appear stacked against any registrar, they stacked them against themselves. The other important number is the number of messages/emails sent for each domain held by the registrar. So, if their number is “100” that means an average of 100 spams were recorded for each domain held – not that each domain had been advertized by spam, this is a general population stat like saying there are 10 handguns for each person in the country, not everyone has 10 handguns. Hope this helps.

  2. says

    “In fact, the biggest registrars do not appear in the top ten – mostly because they actually take steps to minimize access and damage by cybercrooks.”

    eNom is the 2nd largest registrar and Moniker is #8. So I would say that statement is inaccurate.

  3. Andrew says

    @Knujon – So if Moniker had, say, one domain registered at it that had one million spam messages sent about it, that could tip the scales even though it’s just one domain?

    Also, can you explain how the trademark numbers and invalid whois numbers were determined?


  4. c'mon domains says

    Knujon is just another internet vigilante that is just as bad as the spammers themselves. Your emails getting filtered without a bounce or any explanation?

    Blame characters like the one of above. They cause just as much disruptions to email and the internet as the spammers themselves. I agree there needs to be a solution to spamming but these idiot vigilantes are absolutely not the answer.

  5. says

    What was meant was that the top ten is not totally populated by huge registrars, yes enom and moniker are big, but smaller registrars with higher concentrations of illicit sites are actually more prominent. Not inaccurate, just not fully explained in a mini-blurb.

    There’s obviously several categories of product-related spam. Spam and Sites advertizing non-specific “male enhancers” or “weight loss” pills are distinct from spam that relates to particular brand names of pharmaceuticals. The trademark rating takes this into consideration: does this spam-site feature vague products or specific knockoffs? The specific knockoff or counterfeit is more serious because it harms not only the consumer but also the manufacturer, the market and public trust.

    It would tip the scales if there was one domain with a million spams, but this is not the case they are much more evenly distributed. The point being, given the extent of the abuse, how could the registrar not know? The record inaccuracies are measured by our software.


    Ah, I am selling counterfeit goods all around the world and infecting networks with malware? Assisting policy enforcement and conducting research is no vigilantism.


    We have nothing to do with black lists or filtering. So if your emails bounce it has nothing to do with KnujOn. However, I will wear your “idiot vigilante” tag with pride.

  6. Andrew says

    @ Knujon – thanks for the added information. How do trademark typos play into your rankings? For example, if a registrar has a lot of customers registering typos of trademarks, would that affect your trademark score?

  7. says

    It appears that I am one of thse idiot vigilantes. KnujOn recives email from users all across the globe. They many use filters of their own choosing. We check for accuracy, then file complaints, which are evaluted again (twice). We check sites like spamhause registrarStats, bl[ao]cklists, independent researchers, conference presentations,etc. This is not a loose cannon operation. We hve a terrabyte data that we draw from, plus years of work by others on the problm. It is just that the time has come to put a stop to the crap.

  8. JJ says

    This report reminds me of spews. Like them ICANN is out of touch with whats really going on. Did you happen to consider that spammers “spoof” domains and even IP addresses to send their spam? This has been going on for years. Get with the program already. If ICANN does like SPEWS did and starts pressuring registrars to suspend domains due to spam emails which were very likely spoofed emails and any of mine get suspended you can take notice of the fact that I will do you just like I did them and hunt you down. SPEWS owners had to crawl under a rock they had so many angry web hosts and domain owners after them. But I have a feeling you’re already there.

  9. says

    JJ – I suppose that would be the case if Knujon were anything like spews, but it isn’t. Yes we are aware that headers are spoofed, but we are not talking about the source of the email, we’re talking about transaction sites. Sites selling knockoff goods, etc. When you “hunt me down” will it be with a pitchfork and a torch?

    Andrew – typo-squatting was not part of this study, but we do have something on that coming out shortly and since you asked, I will post it here first when it is ready.

  10. Ben Israel says

    Enom, Enom Central, Bulk Registry – are the poorest, incompetent, unprofessional, service providers of hosting who think they are Gods of their own domain (lol). I just told them one of my web sites were hacked and they stated that “Well, it’s compromised, it’s compromised.” WOW! That’s like saying hey your family member was just violated and for them to say “Well…if they were violated, they were violated.” PURE GRADE A – 1st Class Idiots – All of them. I have dealt with them for so long that I am glad that this happened because I had over 100 web sites registered with them and slowly I have been migrating away from them and this weekend I will leave them forever!!!!! I can’t wait. DO NOT USE EMOM UNDER ANY CIRCUMSTANCES – READ “www.RipOffReport.Com” and BBB Enom – Horrible company run by people with an 80 IQ….if that.

Leave a Reply