Company tries to emulate Chinese TM domain scam, fails miserably

The trademark domain name scam is one of the oldest in the book.

A registrar from China emails you, saying that someone is trying to register domain names very similar to your trademark or existing domain names. They’re checking with you as a courtesy to see if you’d like to register the domains first.

Although it might seem like a kind gesture, it’s all a lie. They’re trying to get you to register domain names through them.

Now a Brazil company is apparently trying the same tack. But it hasn’t figured out how to mail merge similar domain names in its spam. Here’s the message I just got:


We have identified domain registration attempts that you already have in other extensions.

Avoid the loss of these domain:


Check availability on our website and register now:

Grateful for your attention,

Team / Registracom Nice try.

There’s no record of an ICANN Accredited registrar with the name RegistraCom.

Spamming owners of newly registered domain names

Just one example of spam based on whois records.

We all know that people mine whois databases to sell stuff. It’s incredibly cheap and easy to do these days: compare the zone files, get the new registrations, and then run whois lookups. There are even people selling the entire .com whois database for a few hundred bucks.

This makes it easy for people to spam new domain name registrants and sell them services they don’t need, like search engine submission.

Last week I registered a handful of .com domain names at Uniregistry. Shortly thereafter I received this email: Click here to continue reading…

Cheap domain names are spammers’ favorites

New report shows that spammers love some of the cheap new domain name options.

Spammers churn through a lot of domain names. As soon as deliverability sinks with one, they move on to the next.

That might explain this chart in Architelos’ June NameSentry Abuse Report:


The bulk of improper use of new top level domain names is spam, and this chart shows which new TLDs are being abused the most.

See a pattern here? All of the big ones are cheap domains. In fact, all of the domains on this chart can be picked up for $2 or less at some registrars (although some only through limited time specials).

If a spammer needs to cycle though 1,000 domains this week, paying $2 per domain vs. $8 makes a bit difference.

You can view the entire NameSentry report here (pdf).

ICANN Wants to Trap WHOIS Abusers for Study

Group sends our RFP for whois abuse study.

ICANN, through Generic Names Supporting Organization (GNSO), is seeking proposals from qualified companies to study whois abuse. One of its proposed mechanisms for studying abuse is to set up a number of test domain names to see what happens to the whois data created for them.

A similar study (pdf) was conducted in 2007, but only to research whois harvesting for spam. In the new study, GNSO will also check for postal/phone solicitations, phishing, and identity theft.

A number of scams are perpetrated using e-mail addresses harvested from whois. Two popular ones are the renewal scam — which seeks to get you to transfer your domain to another registrar — and the domain appraisal scam. Whois data is also used for marketing. Even large companies have used whois data for marketing in the past; I once received a mailing from Yahoo addressed using whois contact information.

I have long proposed having a registry, or even ICANN-level domain masking service. This would mask all registration email addresses as or similar, and would forward all mail to the domain owner. This would allow the registry or ICANN to shut down scams. (Although this probably isn’t a responsibility they’d like). Doing this would require a thick-whois model.

More information on ICANN’s RFP is here.

Re-Ranking KnujOn’s Spam Domain Registrar List

Using a different, simpler, and better methodology, here are the top spam registrars.

The internet media goes abuzz when KnujOn (“No Junk” backwards) releases its report of the domain name registrars with the most spam. But few people question the methodology behind the report, and blindly shame the top registrars on the report.

If you know me, I don’t take things at face value. And that’s why I’m presenting a re-ranking of KnujOn’s report based on a simpler and better methodology.

First, let’s look at how KnujOn ranks domain registrars for spam. Realize that KnujOn is looking for domain registrars that have domain names that are advertised in spam, not domain names that supposedly send spam. It calculates four scores for each registrar:

1. The raw number of domains held by the Registrar advertised in spam
2. The number of spam messages used to advertise those domains
3. The percentage of the whole Registrar portfolio that the spammed domains represents
4. The rate of spam messages per spammed domain

KnujOn admits that the raw number of domains advertised in spam (#1) is likely to be higher at a big registrar, which is why it also calculates the percentage (#3). But it calculates the final score by taking the score from each of the four areas and taking a simple average.

It’s a methodology, but I don’t think it’s a good one. It unfairly hurts big registrars. To be fair, KnujOn isn’t trying to say #10 is necessarily better than #9. It’s trying to shed light on the situation and get results.

So I propose a simpler methodology, and that is to only consider stat #3. KnujOn was nice enough to send me data on the top 10 registrars with regards to #3:

1.0% SPOTDOM (domainsite)
0.4% ENOM

You’ll notice some differences between this list and KnujOn’s average list. Missing from the top 10 on my list that IS on KnujOn’s list is GoDaddy’s Wild West Domains. Frankly, I’m surprised WWD has any problem given how vigilant GoDaddy is about shutting down spam sites. Jumping into the top 10 is

A few registrars stand out. What’s going on at Planet Online, which has over 50,000 domain names under management? Any why doesn’t eNom do anything about spam when it’s so quick to hand over domain names to Kentucky?

Of course, the rate of spam messages per domain, as used in Knujon’s calculation, could show that a registrar shuts down a spammed domain quickly upon receiving reports. So maybe a combination of #3 and #4 make sense.

KnujOn’s data may not be perfect, including its sample set of spam, but hats off to them for bringing these issues to light. Regardless of which methodology you prefer, it’s clear that a handful of registrars have a big spam problem.