For the sort of domains I have to deal with - @ about a couple of hundred a day - 1. Registered using fake contact information and a freemail address 2. Hosting a live phish, or held in reserve by an individual who keeps creating more such domains to use in phish 3. The domain itself is a “cousin" Placing the domain on client-hold appears to be the only appropriate action here. These are not compromised sites These are not simply trademark infringement sites selling knockoff products They’re criminal, advertised in spam, frequently serving up malware where they’re not simply trying to steal user credentials. Unresponsive registrars with poor abuse controls (such as - take the domain down after days, and leave the registrant’s account up and running so the rest of his stockpiled domains are just fine, and new phish domains get registered by him every other day) seem to vastly outnumber the very few responsible registrars that I have had the pleasure of dealing with. Note - this is of course based on the subset of registrars that actually do get frequently abused to create phish domains. There are several that can go for days without seeing a single abusive registration. —srs
On 28-Sep-2015, at 6:22 PM, Michele Neylon - Blacknight <michele@blacknight.com> wrote:
Suresh
I don’t think many registrars are trying to abdicate responsibility BUT
The hosting provider for a domain name has a lot more control over things than the registrar.
As a registrar of record for a domain name I only have the “nuclear option”.
Compromised sites account for a lot of the spam we see coming from our network (or at least trying to).
Regards
Michele
-- Mr Michele Neylon Blacknight Solutions Hosting, Colocation & Domains http://www.blacknight.host/ http://blog.blacknight.com/ http://www.blacknight.press - get our latest news & media coverage http://www.technology.ie Intl. +353 (0) 59 9183072 Direct Dial: +353 (0)59 9183090 Social: http://mneylon.social Random Stuff: http://michele.irish ------------------------------- Blacknight Internet Solutions Ltd, Unit 12A,Barrowside Business Park,Sleaty Road,Graiguecullen,Carlow,Ireland Company No.: 370845
On 28/09/2015 13:42, "anti-abuse-wg on behalf of Suresh Ramasubramanian" <anti-abuse-wg-bounces@ripe.net on behalf of ops.lists@gmail.com> wrote:
Let me introduce you to, say, fast flux botnets that skip from one IP to another in seconds
IPs matter. So do domains. So do nameservers. So do [a bunch of other things]
Registrars can’t abdicate their responsibility by claiming spam is entirely related to IP addresses.
On 28-Sep-2015, at 5:50 PM, andre@ox.co.za wrote:
Spam is not a domain thing, it is an IP thing.
So why are we focused on domain names? a name is nothing, it cannot route, a number routes.