BLOG

Private whois records hide spammers and help bring down a registrar

I’ve talked in the past about how many spam filters, ISPs and blocklists treat domains that are registered behind privacy protection. I’ve written about how many commercial domains behind privacy protection are used for fraud. I’ve written about multiple legal cases where the courts ruled against companies using privacy protected domains in email. I’ve even gone so far as to claim hiding domains behind privacy protection is what spammers do.

Legitimate email marketers do not hide their domains behind privacy protection services.

Spammers absolutely do hide behind privacy protection services. And because of how privacy protection works, we really don’t know which domains are used by one spammer versus another spammer. ICANN gave us a little bit of insight into just how many domains a spammer registers when they terminated Dynamic Dolphin (pdf link). This is a situation that has been brewing for most of 2013. I wrote about the notice of contract breach back in October. This morning Brian Krebs wrote a blog post saying that ICANN had terminated the agreement with Dynamic Dolphin for failing to cure the breach as noticed back in October.

If you read through the timeline, ICANN has some interesting information about privacy protected domains at Dynamic Dolphin. Data about privacy protected domains was requested from the very beginning.

June 17, 2013: ICANN sends registrar a follow up to third compliance notice [...] requesting proof that Dynamic Dolphin received payment from its customers for the registration of the domain names identified in the first compliance notice. ICANN requested registrar to provide further information regarding the domain names registered by the three customers using the registrar’s privacy service…

July 1, 2013: Registrar replies to the follow up to third compliance notice and stated that it had 13,280 domain names registered behind its privacy service, of which 9,933 were with three named beneficial users.

Nearly 3/4 of the domains registered behind Dynamic Dolphin’s privacy service belonged to three “beneficial users”. As far back as 2008, Dynamic Dolphin had a reputation for being a haven for spammers. I don’t think it’s necessarily a haven for spammers, rather a haven for a few spammers.

ICANN started this action because Dynamic Dolphin was publishing inconsistent and incorrect information. But during the course of the investigation they discovered that the president, CEO and sole shareholder of Dynamic Dolphin was convicted of a finance related felony. Because the initial application for accreditation did not accurately describe the ownership of Dynamic Dolphin nor the owner’s previous felony conviction, ICANN revoked the agreement.

Comment:

Your email address will not be published. Required fields are marked *

  • AOL compromise

    Lots of reports today of a security problem at AOL where accounts are sending spam, or are being spoofed in spam runs or something. Details are hazy, but there seems to be quite a bit of noise surrounding this incident. AOL hasn't provided any information as of yet as to what is going on.4 Comments


  • ReturnPath on DMARC+Yahoo

    Over at ReturnPath Christine has an excellent non-technical summary of the DMARC+Yahoo situation, along with some solid recommendations for what actions you might take to avoid the operational problems it can cause.No Comments


  • AOL problems

    Lots of people are reporting ongoing (RTR:GE) messages from AOL today.  This indicates the AOL mail servers are having problems and can't accept mail. This has nothing to do with spam, filtering or malicious email. This is simply their servers aren't functioning as well as they should be and so AOL can't accept all the mail thrown at them. These types of blocks resolve themselves. 1 Comment


Archives