90% of the Illicit Sites Tracked by KnujOn Clustered at 20 registrars.
The 10 Worst Registrars in terms of spam advertised junk product sites and compliance failure
- Xinnet Bei Gong Da Software
- BEIJING Networks
- Todaynic
- Joker
- eNom, Inc.
- MONIKER
- Dynamic Dolphin
- The Nameit Co/AITDOMAINS.COM
- PDR
- Intercosmos/DIRECTNIC
70 Registrars are in mystery locations
La liste noire des registrars
Analysis: Crackdown on domain name crooks
The Spam Balloon
"Worst Spam Offenders" Notified by ICANN
ICANN Responds to KnujOn Report, Issues Notices to Non-Compliant Registrars
Scott Richter is a registrar?
New Study May Hold Key to Blocking Spam
Wall of shame: 10 worst registrars
Spam domains use small number of registrars
Most Spam Sites Tied to a Handful of Registrars
20 registrars control 90% of illicit domains, says Knujon
Whittling spam down to a manageable level
90% of the Illicit Sites Tracked by KnujOn Clustered at 20 registrars
What is a registrar?
What is an Illicit Domain?
How were the 10 worst rated?
Are the sites/domains in question sending spam?
Scoring factors and metrics
What is a registrar?
Registrars are companies that have been granted authority to issue domain names. Domain names are the "mywebsite.com" names that stand in place of the literal Internet Protocol address (IP) that designates where the web content is served from, i.e. 123.0.123.0. This is similar to saying "Joe's House" instead of "94 West Street Apt 2, Phoenix, Arizona 96782-1234, United States". Domain names are easier to remember and more descriptive.
Because of the large responsibility and power endowed to registrars by the Internet Corporation of Assigned Names and Numbers (ICANN) registrars have a strict set rules they must abide by. However, KnujOn has found that a minority of registrars are skirting these rules and the result is a vacuum with little enforcement or oversight that online criminals have filled with websites selling bogus prescription drugs, knockoff luxury products, pirated software, fake consumer goods, and phantom mortgages. The activities behind this illicit traffic and the products themselves represent serious threats to personal health and safety as we at the economy in general. Learn more about the path of fake products sold in spam. (PPT)
What is an Illicit Domain?
For the purposes of this research an Illicit Domain is generally defined by the following three characteristics:
- Advertised using spam, whether email, IM, fax, SMS, blogs, forums, etc.
- The site promotes products or services that are either: illegal, dangerous, stolen, counterfeited, pirated, hijacked, contraband, diverted, misrepresented, deceptive, or even non-existent.
- The owners use identity theft, corporate obfuscation, forged industry licenses, brandjacking, registration fraud, lifted web content, or stolen credit cards as a standard procedures to set up transaction sites
How were the 10 worst rated?
Not every registrar is the same size. Some registrars have millions of domains while others only a few hundred. We took this into consideration and compared the number of reported spam-advertized junk product sites to the total number domains held by the registrar. We have also included the KnujOn Aggression rating which measures the volume of reported spam messages compared with other registrars and contrasted against the total number of domains held by the specific registrar. KnujOn accepts tens of thousands of junk email samples from the public every day. The bulk of samples used in this study we processed in 2007. The rate of inaccurate registration records and the number of sites featuring trademarked goods are also measured. Finally, the individual scores of each registrar were compared against their peers in order to highlight where the trouble spots are. By looking a many factors we see where certain registrars are failing the consumer, their own customers and their official obligations to the Internet community. Email users continually ask "why do I still get spam?" The answer is that a lack of oversight, auditing and enforcement have allowed a structure to develop inside the Internet that supports spam and illicit product traffic on the Internet.
Are the sites/domains in question sending spam?
No. This is an important distinction. Spam is typically sent from compromised networks and computers unbeknownst to the owners through a variety of Malware. KnujOn is not primarily focused on the spam sending operations (botnets). KnujOn's work in this case deals with the advertised sites where actual transactions take place. In this case a transaction could be an exchange of money for junk products, an theft of money, a theft of identity/information, and/or the delivery of malware to a victim's machine. It would be rare for an advertised illicit site to actually be sending spam. The distribution of the spam-illicit-product operation provides a layer of obfuscation and deniability for those profiting from spam advertising. KnujOn believes that enforcement efforts are best focused on the transaction side rather than the advertisement.
Registrar Ratings as a PDF(pdf)
Scoring factors and metrics
- Total Domains: Total number of domains held by registrar
- Reported Sites: Raw count of reported sites advertised through spam
- Proportion of Reported to Total: Proportion of total spam-reported to total domain count
- Raw Aggression: Number of spam instances advertising domains at this registrar
- Proportional Aggression: Proportion of total spam instances to the total domains at the registrar.
- Overall Score: An overall rating based on each of the above results
- Inaccuracy Count: Total count of inaccurate registration records
- Inaccuracy Rating: Proportion of inaccurate records to total domains at the registrar
- Trademark Factor: Volume of sites noted for featuring trademarked brands
The List
- Xinnet Bei Gong Da Software
Area Building 2, Level 1, BDA Beijing 100176 China
Total Domains: 897,962
Reported Sites: 15,551 4th highest for site volume (each site is pulled from a spam email)
Proportion of Reported to Total: 1.7% - 4th
Raw Aggression: 1,644,986 - 1st (Total count of spam emails featuring domains at this registrar)
Proportional Aggression: 183.19 -3rd (meaning 183 spams for each domain they hold)
Overall Score: 3 1st, the worst
Inaccuracy Count: 10,383 2nd for inaccuracies (in the last 12 months)
Inaccuracy Rating: 1% (Typical inaccuracy percentage is 0.004%, anything higher than 0.5% is bad)
Trademark Factor: 1st (This is based on site content and scoring for trademarked brands)
Xin Net's Bottomless Bottle of PillsIn an effort to continue highlighting concerns at specific providers we will focus on each company listed in KnujOn top 10 of the worst spam-related registrars. ICANN responded Friday to this list which included Xin Net as #1. Xin Net has been the focus of controversy and efforts at CastleCops recently and is heavily connected to Fast Flux operations as evidenced by this analysis at the Universitΰ degli Studi di Milano. Xin Net accounts for 75% of the Fast Flux traffic. The University of Milan Dipartimento di Informatica e Comunicazione has found 10,570 malicious domains at Xin Net connected to Fast Flux. KnujOn's Xin Net illicit domain count is fast approaching 30,000. Much of this traffic and spam advertises "Canadian Pharmacy" type sites as seen below:
- BEIJINGNN
20/F, Block A, SP Tower, Tsinghua Science Park Building 8, No.1 Zhongguaneun East Road Haidian District, Beijing 100084 China
Total Domains: 303,801 Reported Sites: 10,083 -8th highest for site volume
Proportion of Reported to Total: 3.3% - 3rd
Raw Aggression: 857,688 - 2nd
Proportional Aggression: 282.31 - 2nd
Overall Score: 3.75 2nd
Inaccuracy Count: 6705 - 6th
Inaccuracy Rating: 2%
Trademark Factor: 5th
- Todaynic
Rm 603-605 6B, Xihai Building No. 221 Renmin E. Road Zhuhai City, Guangdong Province 519000 China
Total Domains: 66,314
Reported Sites: 2,958 -13th highest for site volume
Proportion of Reported to Total: 4.5% - 2nd
Raw Aggression: 342,511 - 4th
Proportional Aggression: 516.5 - 1st
Overall Score: 5 3rd
Inaccuracy Count: 2260 8th
Inaccuracy Rating: 3%
Trademark Factor: 11th
- Joker
Hansaallee 191-193 40549 Duesseldorf Germany
Total Domains: 636,431
Reported Sites: 9051 -9th highest for site volume
Proportion of Reported to Total: 1.42% - 7th
Raw Aggression: 487,727 - 3rd
Proportional Aggression: 76.63 - 4th
Overall Score: 5.75 4th
Inaccuracy Count: 7746 4th
Inaccuracy Rating: 1%
Trademark Factor: 27th
- eNom, Inc.
15801 NE 24th St. Bellevue, WA 98008 USA
Total Domains: 11,040,841
Reported Sites: 47,007 sites - 1st
Proportion of Reported to Total: 0.42% - 11th
Raw Aggression: 317,677 instances or messages - 5th
Proportional Aggression: 2.9 - 9th
Overall Score: 6.5 5th
Inaccuracy Count: 8530 3rd
Inaccuracy Rating: 0.1%
Trademark Factor: 3rd
- MONIKER
20 SW 27th Ave. Suite 201 Pompano Beach, Florida 33069
Total Domains: 2,725,240
Reported Sites: 30628 -2nd highest for site volume
Proportion of Reported to Total: 1.12% - 8th
Raw Aggression: 87,071 - 9th
Proportional Aggression: 3.19 - 8th
Overall Score: 6.75 6th
Inaccuracy Count: 11,680 1st
Inaccuracy Rating: 0.4%
Trademark Factor: 21st
- Dynamic Dolphin
5023 W 120th Ave #233 Broomfield CO
Total Domains: 45,019
Reported Sites: 7,846 -10th highest for site volume
Proportion of Reported to Total: 17.42% - 1st
Raw Aggression: 23,825 - 16th
Proportional Aggression: 52.92 - 6th
Overall Score: 8.25 7th
Inaccuracy Count: 4744 6th
Inaccuracy Rating: 10%
Trademark Factor: 22nd
- The Nameit Co/AITDOMAINS.COM
421 Maiden Lane Fayetteville, N.C. 28301
Total Domains: 155,474
Reported Sites: 2620 -16th highest for site volume
Proportion of Reported to Total: 1.68% - 5th
Raw Aggression: 103,786 - 7th
Proportional Aggression: 66.75 -5th
Overall Score: 8.25 8th
Inaccuracy Count: 1433 8th
Inaccuracy Rating: 1%
Trademark Factor: 45th 9. PDR
- PDR
14525 SW Millikan #48732 Beaverton Oregon, 97005-2343
Total Domains: 1,751,224
Reported Sites: 13,025 - 6th highest for site volume
Proportion of Reported to Total: 0.74% - 9th
Raw Aggression: 45,319 13th
Proportional Aggression: 2.59 - 10th
Trademark Factor: 9.5 9th
Inaccuracy Count: 6986 5th
Inaccuracy Rating: 0.4%
Trademark Factor: 20th
- Intercosmos/DIRECTNIC
650 Poydras Street, Suite 1150 New Orleans, Louisiana 70130
Total Domains: 1,125,148
Reported Sites: 4918 -11th highest for site volume
Proportion of Reported to Total: 0.43% - 10th
Raw Aggression: 50678 - 12th
Proportional Aggression: 4.504118569 - 7th
Overall Score: 10 10th
Inaccuracy Count: 868 12th
Inaccuracy Rating: 0.1%
Trademark Factor: 13th
4 Companies Control Bulk of U.S. Registrar Accreditations
If one were to look at the Internic directory it would appear that there are 529 ICANN accredited registrars in the United States. Having this many different companies would give the appearance that there is diversity and competition in the domain marketplace. However, you would be wrong. Four companies control 318 accreditations: eNom (116), Directi/PDR (47), Dotster (51), and Snapnames (104). Another 122 accreditations are owned by only 23 companies. What is left are 136 registrars that appear independent. So, that would make 163 the realistic count not 529. Considering this data the U.S. Registrar industry looks less like a an open and competitive market and more like a cartel.
Accreditations Controlled by eNom
|
Accreditations Controlled by Snapnames
|
Accreditations Controlled by Directi/PDR
|
Accreditations Controlled by Dotster
|