Spamming owners of newly registered domain names

Just one example of spam based on whois records.

We all know that people mine whois databases to sell stuff. It’s incredibly cheap and easy to do these days: compare the zone files, get the new registrations, and then run whois lookups. There are even people selling the entire .com whois database for a few hundred bucks.

This makes it easy for people to spam new domain name registrants and sell them services they don’t need, like search engine submission.

Last week I registered a handful of .com domain names at Uniregistry. Shortly thereafter I received this email: Click here to continue reading…

Cheap domain names are spammers’ favorites

New report shows that spammers love some of the cheap new domain name options.

Spammers churn through a lot of domain names. As soon as deliverability sinks with one, they move on to the next.

That might explain this chart in Architelos’ June NameSentry Abuse Report:

architelos-spam

The bulk of improper use of new top level domain names is spam, and this chart shows which new TLDs are being abused the most.

See a pattern here? All of the big ones are cheap domains. In fact, all of the domains on this chart can be picked up for $2 or less at some registrars (although some only through limited time specials).

If a spammer needs to cycle though 1,000 domains this week, paying $2 per domain vs. $8 makes a bit difference.

You can view the entire NameSentry report here (pdf).

ICANN Wants to Trap WHOIS Abusers for Study

Group sends our RFP for whois abuse study.

ICANN, through Generic Names Supporting Organization (GNSO), is seeking proposals from qualified companies to study whois abuse. One of its proposed mechanisms for studying abuse is to set up a number of test domain names to see what happens to the whois data created for them.

A similar study (pdf) was conducted in 2007, but only to research whois harvesting for spam. In the new study, GNSO will also check for postal/phone solicitations, phishing, and identity theft.

A number of scams are perpetrated using e-mail addresses harvested from whois. Two popular ones are the renewal scam — which seeks to get you to transfer your domain to another registrar — and the domain appraisal scam. Whois data is also used for marketing. Even large companies have used whois data for marketing in the past; I once received a mailing from Yahoo addressed using whois contact information.

I have long proposed having a registry, or even ICANN-level domain masking service. This would mask all registration email addresses as domain.tld@verisign.com or similar, and would forward all mail to the domain owner. This would allow the registry or ICANN to shut down scams. (Although this probably isn’t a responsibility they’d like). Doing this would require a thick-whois model.

More information on ICANN’s RFP is here.

Re-Ranking KnujOn’s Spam Domain Registrar List

Using a different, simpler, and better methodology, here are the top spam registrars.

The internet media goes abuzz when KnujOn (“No Junk” backwards) releases its report of the domain name registrars with the most spam. But few people question the methodology behind the report, and blindly shame the top registrars on the report.

If you know me, I don’t take things at face value. And that’s why I’m presenting a re-ranking of KnujOn’s report based on a simpler and better methodology.

First, let’s look at how KnujOn ranks domain registrars for spam. Realize that KnujOn is looking for domain registrars that have domain names that are advertised in spam, not domain names that supposedly send spam. It calculates four scores for each registrar:

1. The raw number of domains held by the Registrar advertised in spam
2. The number of spam messages used to advertise those domains
3. The percentage of the whole Registrar portfolio that the spammed domains represents
4. The rate of spam messages per spammed domain

KnujOn admits that the raw number of domains advertised in spam (#1) is likely to be higher at a big registrar, which is why it also calculates the percentage (#3). But it calculates the final score by taking the score from each of the four areas and taking a simple average.

It’s a methodology, but I don’t think it’s a good one. It unfairly hurts big registrars. To be fair, KnujOn isn’t trying to say #10 is necessarily better than #9. It’s trying to shed light on the situation and get results.

So I propose a simpler methodology, and that is to only consider stat #3. KnujOn was nice enough to send me data on the top 10 registrars with regards to #3:

38.7% PLANETONLINE
5.3% REGTIME
1.0% SPOTDOM (domainsite)
0.9% XINNET
0.8% ONLINENIC
0.4% ENOM
0.2% NAME.COM
0.2% REGISTER.COM
0.2% NETSOL
0.2% HICHINA WEBSOLUTIONS
0.1% DOMAIN DISCOVER
0.1% TUCOWS
0.1% WILDWESTDOM
0.1% FABULOU S

You’ll notice some differences between this list and KnujOn’s average list. Missing from the top 10 on my list that IS on KnujOn’s list is GoDaddy’s Wild West Domains. Frankly, I’m surprised WWD has any problem given how vigilant GoDaddy is about shutting down spam sites. Jumping into the top 10 is Name.com.

A few registrars stand out. What’s going on at Planet Online, which has over 50,000 domain names under management? Any why doesn’t eNom do anything about spam when it’s so quick to hand over domain names to Kentucky?

Of course, the rate of spam messages per domain, as used in Knujon’s calculation, could show that a registrar shuts down a spammed domain quickly upon receiving reports. So maybe a combination of #3 and #4 make sense.

KnujOn’s data may not be perfect, including its sample set of spam, but hats off to them for bringing these issues to light. Regardless of which methodology you prefer, it’s clear that a handful of registrars have a big spam problem.

Dear Maxunis, Thanks for the Spam

Auction seller sends (lots of) spam to promote his domain name.

Dear “Maxunis”,

I received your e-mail from maxunis@gmail.com this morning about your auction of a domain name on Sedo. In fact, all four of the e-mails. In your four e-mails (from your e-mail address maxunis@gmail.com) you wrote:

Dear Sir/Madam,

Your website features strongly in search engines when looking for “Adult Video” or “Adult Videos” and I believe this precise and short domain name would form a useful addition to your business.

The name “—.com” would be an important marketing tool, and it is great for the market you are in. This is because the name itself will give you the edge on your competitors and will prove to be of strategic value to your current or new business online presence.

The name “—.com” is short, rare, memorable, and very descriptive and could be used for your main web site or for one to complement it. The term is extremely easy to market and promote.

—.com is currently on Sedo auction with NO reserve price.

Good luck and I hope you will have a chance to win it.

Please excuse me if you received this email more then once.

I’m a bit confused. I have no idea what web site I might own that shows up for “adult video”, since I don’t own any adult web sites. Second, your “excuse me” for sending the e-mail more than once isn’t accepted. Couldn’t you have at least filtered your spam list to eliminate duplicate e-mail addresses? It’s one thing if you sent the message to four different e-mail addresses I own, but the same one?

Of course it’s against Sedo’s rules to spam a promotion. But I guess, maxunis@gmail.com, that you’re going to make a mint on the domain sale, so congrats to you.

Ahem…in case anyone missed that, the spammer’s e-mail address is >>maxunis@gmail.com<<