ICANN Wants to Trap WHOIS Abusers for Study

Group sends our RFP for whois abuse study.

ICANN, through Generic Names Supporting Organization (GNSO), is seeking proposals from qualified companies to study whois abuse. One of its proposed mechanisms for studying abuse is to set up a number of test domain names to see what happens to the whois data created for them.

A similar study (pdf) was conducted in 2007, but only to research whois harvesting for spam. In the new study, GNSO will also check for postal/phone solicitations, phishing, and identity theft.

A number of scams are perpetrated using e-mail addresses harvested from whois. Two popular ones are the renewal scam — which seeks to get you to transfer your domain to another registrar — and the domain appraisal scam. Whois data is also used for marketing. Even large companies have used whois data for marketing in the past; I once received a mailing from Yahoo addressed using whois contact information.

I have long proposed having a registry, or even ICANN-level domain masking service. This would mask all registration email addresses as domain.tld@verisign.com or similar, and would forward all mail to the domain owner. This would allow the registry or ICANN to shut down scams. (Although this probably isn’t a responsibility they’d like). Doing this would require a thick-whois model.

More information on ICANN’s RFP is here.

Re-Ranking KnujOn’s Spam Domain Registrar List

Using a different, simpler, and better methodology, here are the top spam registrars.

The internet media goes abuzz when KnujOn (“No Junk” backwards) releases its report of the domain name registrars with the most spam. But few people question the methodology behind the report, and blindly shame the top registrars on the report.

If you know me, I don’t take things at face value. And that’s why I’m presenting a re-ranking of KnujOn’s report based on a simpler and better methodology.

First, let’s look at how KnujOn ranks domain registrars for spam. Realize that KnujOn is looking for domain registrars that have domain names that are advertised in spam, not domain names that supposedly send spam. It calculates four scores for each registrar:

1. The raw number of domains held by the Registrar advertised in spam
2. The number of spam messages used to advertise those domains
3. The percentage of the whole Registrar portfolio that the spammed domains represents
4. The rate of spam messages per spammed domain

KnujOn admits that the raw number of domains advertised in spam (#1) is likely to be higher at a big registrar, which is why it also calculates the percentage (#3). But it calculates the final score by taking the score from each of the four areas and taking a simple average.

It’s a methodology, but I don’t think it’s a good one. It unfairly hurts big registrars. To be fair, KnujOn isn’t trying to say #10 is necessarily better than #9. It’s trying to shed light on the situation and get results.

So I propose a simpler methodology, and that is to only consider stat #3. KnujOn was nice enough to send me data on the top 10 registrars with regards to #3:

1.0% SPOTDOM (domainsite)
0.4% ENOM

You’ll notice some differences between this list and KnujOn’s average list. Missing from the top 10 on my list that IS on KnujOn’s list is GoDaddy’s Wild West Domains. Frankly, I’m surprised WWD has any problem given how vigilant GoDaddy is about shutting down spam sites. Jumping into the top 10 is Name.com.

A few registrars stand out. What’s going on at Planet Online, which has over 50,000 domain names under management? Any why doesn’t eNom do anything about spam when it’s so quick to hand over domain names to Kentucky?

Of course, the rate of spam messages per domain, as used in Knujon’s calculation, could show that a registrar shuts down a spammed domain quickly upon receiving reports. So maybe a combination of #3 and #4 make sense.

KnujOn’s data may not be perfect, including its sample set of spam, but hats off to them for bringing these issues to light. Regardless of which methodology you prefer, it’s clear that a handful of registrars have a big spam problem.

Dear Maxunis, Thanks for the Spam

Auction seller sends (lots of) spam to promote his domain name.

Dear “Maxunis”,

I received your e-mail from maxunis@gmail.com this morning about your auction of a domain name on Sedo. In fact, all four of the e-mails. In your four e-mails (from your e-mail address maxunis@gmail.com) you wrote:

Dear Sir/Madam,

Your website features strongly in search engines when looking for “Adult Video” or “Adult Videos” and I believe this precise and short domain name would form a useful addition to your business.

The name “—.com” would be an important marketing tool, and it is great for the market you are in. This is because the name itself will give you the edge on your competitors and will prove to be of strategic value to your current or new business online presence.

The name “—.com” is short, rare, memorable, and very descriptive and could be used for your main web site or for one to complement it. The term is extremely easy to market and promote.

—.com is currently on Sedo auction with NO reserve price.

Good luck and I hope you will have a chance to win it.

Please excuse me if you received this email more then once.

I’m a bit confused. I have no idea what web site I might own that shows up for “adult video”, since I don’t own any adult web sites. Second, your “excuse me” for sending the e-mail more than once isn’t accepted. Couldn’t you have at least filtered your spam list to eliminate duplicate e-mail addresses? It’s one thing if you sent the message to four different e-mail addresses I own, but the same one?

Of course it’s against Sedo’s rules to spam a promotion. But I guess, maxunis@gmail.com, that you’re going to make a mint on the domain sale, so congrats to you.

Ahem…in case anyone missed that, the spammer’s e-mail address is >>maxunis@gmail.com<<