Domain Name Wire

Domain Name Wire

  • ICANN Puts eNom and Moniker “On Notice”

    1. BY - May 27, 2008
    2. Domain Registrars
    3. 9 Comments

    eNom and Moniker were named in “Worst Spam Offenders” report.

    In the words of Stephen Colbert, ICANN has put eNom and Moniker “On Notice”. The two registrars were named in a recent report from KnujOn titled “The 10 Worst Registrars in terms of spam advertised junk product sites”.

    That title is a bit misleading, or perhaps I’m the only one who doesn’t quite understand how KnujOn calculated which registrars were worst. The report (pdf) considered a number of factors for determining which registrars has the most “spam advertised junk product sites”:

    Reported Sites: Raw count of reported sites advertised through spam
    Proportion of Reported to Total: Proportion of total spam-reported to total domain count
    Raw Aggression: Number of spam instances advertising domains at this registrar
    Proportional Aggression: Proportion of total spam instances to the total domains at the registrar.
    Overall Score: An overall rating based on each of the above results
    Inaccuracy Count: Total count of inaccurate registration records
    Inaccuracy Rating: Proportion of inaccurate records to total domains at the registrar
    Trademark Factor: Volume of sites noted for featuring trademarked brands

    The report did not consider which email addresses were used to send spam, but rather which domains these spam emails sent traffic to. As you can see above it also considered the percentage of bad whois records and domains that included trademarks.

    The reports suggests that eNom is heavy on trademark domains (3rd place) while Moniker has a lot of inaccurate whois data (0.4% of records). I’m not sure how this data was collected and it certainly could have been designed to stack the odds against these registrars, which are known for managing large domainer portfolios.

    Regardless, ICANN felt it worthy enough to send a notice to these registrars, with a particular emphasis on whois inaccuracy. ICANN sends about 75 “enforcement” notices each month.

9 Comments
  • Hi Andrew, happy to explain the ratings. We wanted to take as many factors into consideration as possible. You will note that the #1 slot: Xin Net is not a very big registrar. In fact, the biggest registrars do not appear in the top ten – mostly because they actually take steps to minimize access and damage by cybercrooks. Our numbers took into consideration each company’s share of the market and their rate of illicit proliferation on several levels. If the numbers appear stacked against any registrar, they stacked them against themselves. The other important number is the number of messages/emails sent for each domain held by the registrar. So, if their number is “100” that means an average of 100 spams were recorded for each domain held – not that each domain had been advertized by spam, this is a general population stat like saying there are 10 handguns for each person in the country, not everyone has 10 handguns. Hope this helps.

  • “In fact, the biggest registrars do not appear in the top ten – mostly because they actually take steps to minimize access and damage by cybercrooks.”

    eNom is the 2nd largest registrar and Moniker is #8. So I would say that statement is inaccurate.

  • @Knujon – So if Moniker had, say, one domain registered at it that had one million spam messages sent about it, that could tip the scales even though it’s just one domain?

    Also, can you explain how the trademark numbers and invalid whois numbers were determined?

    Thanks

  • c'mon domains says:

    May 27, 2008 at 3:16 pm

    Knujon is just another internet vigilante that is just as bad as the spammers themselves. Your emails getting filtered without a bounce or any explanation?

    Blame characters like the one of above. They cause just as much disruptions to email and the internet as the spammers themselves. I agree there needs to be a solution to spamming but these idiot vigilantes are absolutely not the answer.

  • What was meant was that the top ten is not totally populated by huge registrars, yes enom and moniker are big, but smaller registrars with higher concentrations of illicit sites are actually more prominent. Not inaccurate, just not fully explained in a mini-blurb.

    There’s obviously several categories of product-related spam. Spam and Sites advertizing non-specific “male enhancers” or “weight loss” pills are distinct from spam that relates to particular brand names of pharmaceuticals. The trademark rating takes this into consideration: does this spam-site feature vague products or specific knockoffs? The specific knockoff or counterfeit is more serious because it harms not only the consumer but also the manufacturer, the market and public trust.

    It would tip the scales if there was one domain with a million spams, but this is not the case they are much more evenly distributed. The point being, given the extent of the abuse, how could the registrar not know? The record inaccuracies are measured by our software.

    <>

    Ah, I am selling counterfeit goods all around the world and infecting networks with malware? Assisting policy enforcement and conducting research is no vigilantism.

    <>

    We have nothing to do with black lists or filtering. So if your emails bounce it has nothing to do with KnujOn. However, I will wear your “idiot vigilante” tag with pride.

  • @ Knujon – thanks for the added information. How do trademark typos play into your rankings? For example, if a registrar has a lot of customers registering typos of trademarks, would that affect your trademark score?

  • It appears that I am one of thse idiot vigilantes. KnujOn recives email from users all across the globe. They many use filters of their own choosing. We check for accuracy, then file complaints, which are evaluted again (twice). We check sites like spamhause registrarStats, bl[ao]cklists, independent researchers, conference presentations,etc. This is not a loose cannon operation. We hve a terrabyte data that we draw from, plus years of work by others on the problm. It is just that the time has come to put a stop to the crap.

  • This report reminds me of spews. Like them ICANN is out of touch with whats really going on. Did you happen to consider that spammers “spoof” domains and even IP addresses to send their spam? This has been going on for years. Get with the program already. If ICANN does like SPEWS did and starts pressuring registrars to suspend domains due to spam emails which were very likely spoofed emails and any of mine get suspended you can take notice of the fact that I will do you just like I did them and hunt you down. SPEWS owners had to crawl under a rock they had so many angry web hosts and domain owners after them. But I have a feeling you’re already there.

  • JJ – I suppose that would be the case if Knujon were anything like spews, but it isn’t. Yes we are aware that headers are spoofed, but we are not talking about the source of the email, we’re talking about transaction sites. Sites selling knockoff goods, etc. When you “hunt me down” will it be with a pitchfork and a torch?

    Andrew – typo-squatting was not part of this study, but we do have something on that coming out shortly and since you asked, I will post it here first when it is ready.

Leave a Reply