Private whois records hide spammers and help bring down a registrar
I’ve talked in the past about how many spam filters, ISPs and blocklists treat domains that are registered behind privacy protection. I’ve written about how many commercial domains behind privacy protection are used for fraud. I’ve written about multiple legal cases where the courts ruled against companies using privacy protected domains in email. I’ve even gone so far as to claim hiding domains behind privacy protection is what spammers do.
Legitimate email marketers do not hide their domains behind privacy protection services.
Spammers absolutely do hide behind privacy protection services. And because of how privacy protection works, we really don’t know which domains are used by one spammer versus another spammer. ICANN gave us a little bit of insight into just how many domains a spammer registers when they terminated Dynamic Dolphin (pdf link). This is a situation that has been brewing for most of 2013. I wrote about the notice of contract breach back in October. This morning Brian Krebs wrote a blog post saying that ICANN had terminated the agreement with Dynamic Dolphin for failing to cure the breach as noticed back in October.
If you read through the timeline, ICANN has some interesting information about privacy protected domains at Dynamic Dolphin. Data about privacy protected domains was requested from the very beginning.
June 17, 2013: ICANN sends registrar a follow up to third compliance notice [...] requesting proof that Dynamic Dolphin received payment from its customers for the registration of the domain names identified in the first compliance notice. ICANN requested registrar to provide further information regarding the domain names registered by the three customers using the registrar’s privacy service…
July 1, 2013: Registrar replies to the follow up to third compliance notice and stated that it had 13,280 domain names registered behind its privacy service, of which 9,933 were with three named beneficial users.
Nearly 3/4 of the domains registered behind Dynamic Dolphin’s privacy service belonged to three “beneficial users”. As far back as 2008, Dynamic Dolphin had a reputation for being a haven for spammers. I don’t think it’s necessarily a haven for spammers, rather a haven for a few spammers.
ICANN started this action because Dynamic Dolphin was publishing inconsistent and incorrect information. But during the course of the investigation they discovered that the president, CEO and sole shareholder of Dynamic Dolphin was convicted of a finance related felony. Because the initial application for accreditation did not accurately describe the ownership of Dynamic Dolphin nor the owner’s previous felony conviction, ICANN revoked the agreement.