BLOG

Palau: Spam Haven? No, but…

Over on his blog, John Levine offers up a review of the history of the .PW TLD (top-level domain). The context: Recently relaunched, .PW has perhaps immediately become a spam haven. John mentions that at least one receiver is already treating mail referencing .PW as “block on sight.” Incidentally, John’s not the only friend of mine complaining about a recent uptick of spam referencing the .PW TLD.
Based on what I’ve heard so far, my guess is that more, widespread blocking of mail referencing .PW domains seems likely.
Deja vu? It feels like .biz all over again.
May 6, 2013 update: John Levine adds, “I don’t think I’ll be unblocking mail from .PW anytime soon.”

8 comments

  1. Andrew Edelstein says

    I’m inclined to “block on site” ALL the recently added TLDs. The only reason I’ve seen for them is that spammers want to go and camp popular domain names in the new TLD for phishing attempts. For everyone else, it’s just one more TLD they have to buy up when they register their .com, to protect their brand, entirely defeating the purpose of having more TLD space in the first place.

  2. aliverson says

    Yeah, agreed. There is certainly the POTENTIAL for a legitimate use case for some of these, but if every one is going to start off with spammer land rush, then nobody legitimate is ever going to bother coming along later.

  3. steve says

    OTOH, .io is another ccTLD (for the British Indian Ocean Territory) that’s been repurposed as a pseudo-gTLD and recently become very popular amongst the Web 3.0 (4.0? what are we up to now?) crowd to host demos, project and product sites, and online services – and I’ve seen no spam problems with it at all.
    I think it’s more the ethics and operational competence of the registry running the TLD than how new (or newly purposed) the domain is. And, well, Directi … ESTDomains …

  4. FiOS-Dave says

    I am now getting over 100 spams/day. 99% of them come from:
    .si, .pw,.lk,.id,.dk,.at,.se and more.
    Also EVERY contact@ (and there have been hundreds, with NO valid ones).
    And then the obvious “buy a package deal” where the spammers use:
    RA????.biz
    RB????.biz
    thru RZ????.biz plus any other two letter combo, followed by ????.biz.
    This would make blocking a bit more difficult, but there are definitely combinations that couldn’t possibly be legit.
    As for the .pw’s, I have been getting 30-40 (so far) that all start with:
    “sleepless” followed by 1,2,3 or 4 more words.PW
    What needs to be done is for the ISPs to allow their mail handlers the option of using wildcards for blocking, as well as the ability to block TLDs.
    Of course, there should be the caveat that you might wind up blocking something you need.
    If all of these blocked addresses went into a “JUNK” folder, you could scan them for validity.
    Once you are satisfied, just change the direction of these from “JUNK” to permanently delete, without keeping them anywhere!
    I would think that most ISPs and other mail handlers would be smart enough to implement these procedures. Then we will only have to deal with the ever-more creative ones!

  5. TWSD: avoid filters – Word to the Wise says

    […] EDIT: Just got a spam for Ruby Tuesday’s using a .pw domain. […]

  6. Donesh Laher says

    Hi All,
    Ever since the spam outbreak on .pw, we as the Registry have spent the past month and a half by undertaking a massive cleanup initiative. We have not waited for the Registrars to investigate and respond to complaints; rather we have ourselves taken down domain names which have proven to be abusive. While most of the forums have attributed rock bottom prices to be the sole reason for this outbreak, our investigations prove otherwise.
    Our abuse team has been kept busy with large volumes of complaints against .pw domains, each being responded within the time frame of 24 hours (and in most cases within a matter of few hours). The team has successfully traced the source of these spammy domains to customers under a single Registrar account. This means that more than pricing, this attack manifests itself as an activity carried out by an organized group of spammers targeting one particular Registrar portfolio. Over 95% of the spam mails have been perpetrated through this single Registrar. To curb this abuse, we have considered to respond and taken down reported domain names belonging to this Registrar.
    In order to control this incident, we have tightened the nooze around other Registrars as well, thus implying the repercussions of our AUP violation (which we have been very particular about). In addition to our reactive techniques, we have also been eliminating abusive domains name at the registration phase by using pattern matching and anomaly based methods. This approach has proven to be very effective and has successfully eliminated 20-30% of domain names which are likely to be used for illicit activities.
    In addition, to responding to complaints from individual internet users, the .pw Registry has been working closing with anti-abuse entities such as Symantec ,Spamhaus and SURBL. We have also tied up with NameSentry to beef up our abuse monitoring process. Being a Registry, we have access to very limited information as compared to a Registrar. Yet we have managed to weed out and terminate abusive domain names more proactively, compared to other Registries out there.
    Last but not the least, we would like to thank each and everyone who have criticized, appreciated or raised concerns in our effort to curb the abuse. In order to assist us with our efforts, we request you to update us with your complaints at abuse@registry.pw.
    Regards
    Donesh Laher
    Cyber Security Analyst
    .PW Registry

  7. Steve Hagerman says

    I think it is very wrong to blanket ban a TLD. Like has been pointed out there are legitimate users that will be negatively impacted by such an action. I came about this story after investigating why were some remote servers blocking a domain that has never been on a spam list, and that was relatively new.
    Then I found out about this irresponsible reaction of just blocking the whole .PW TLD.
    The internet was a lot better as a whole back when Administrators didn’t worry themselves to death about whether someone classified an email as spam, or not.

  8. Gabby says

    This is so ridiculous.

    The problem with these countries is that they always have these stupid 3rd world spammers trying to scam and get money from people in the west.

    The amount of spam from the .PW TDL should have been MUCH more better regulated and controlled when rolling out these type of extensions. Sadly its the piss poor excuse of “tech support” scammers (NOT ADMINS or DEVELOPERS) who are doing majority if not 95% of the spamming issue. They go to e-schools and free sources online enough to create the little scripts and tools to create these bogus websites and fish around for gullible to use.

    Because of the amount of spam, one has to question the legimacy of a .pw website itself. How does one not no, when paying for the domains, that the .pw is a trust-worthy site to do transactions with?

    If anything regardless, I would use bit-coins in that situation that way there is no issue of Identity-Theft and the such as no personal information will be exchanged.

    However, as an indie developer I create games that aren’t regulated by the ESRB (nor do any developers have to answer to it) and some of my games are 18+. I was looking at .PW websites as they are the least restrictive on this type of content and I can host my game with 100% adult content enabled. That way as a dev I don’t have to have a host/regitional issue as some of the site I was using before (JP) had the bogus problem of literally, blocking a post that was upload SIMPLY because it contained the word animal!

    Amazing! The word ANIMAL warrants a post block and when informed of the false flag, they simply went down the list as if no regard or comprehension how silly and idiotic their algorithm censor system is. What will happen next when I am communicating to our visitors and audience? Will the word “Banana” or Rock, or even Pudding suddenly be censored and cause a potential missed update/confusion? So instead of using the word animal, I switched over to “mammal” instead which means the same thing. The post went through, so so much for their faulty censor system.

    Our audience and us as Developers deserve better. What I do not want to do is unnecessarily censor an up-coming game that is going to be heavy on story and combat with a host/region because that would indeed cause a lost of story-impact. The site itself is 18+ so words shouldn’t even be an issue so customers and visitors shouldn’t be treated like infants needing censoring.

Comment:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.