Private whois records hide spammers and help bring down a registrar

I’ve talked in the past about how many spam filters, ISPs and blocklists treat domains that are registered behind privacy protection. I’ve written about how many commercial domains behind privacy protection are used for fraud. I’ve written about multiple legal cases where the courts ruled against companies using privacy protected domains in email. I’ve even gone so far as to claim hiding domains behind privacy protection is what spammers do.

Legitimate email marketers do not hide their domains behind privacy protection services.

Spammers absolutely do hide behind privacy protection services. And because of how privacy protection works, we really don’t know which domains are used by one spammer versus another spammer. ICANN gave us a little bit of insight into just how many domains a spammer registers when they terminated Dynamic Dolphin (pdf link). This is a situation that has been brewing for most of 2013. I wrote about the notice of contract breach back in October. This morning Brian Krebs wrote a blog post saying that ICANN had terminated the agreement with Dynamic Dolphin for failing to cure the breach as noticed back in October.

If you read through the timeline, ICANN has some interesting information about privacy protected domains at Dynamic Dolphin. Data about privacy protected domains was requested from the very beginning.

June 17, 2013: ICANN sends registrar a follow up to third compliance notice […] requesting proof that Dynamic Dolphin received payment from its customers for the registration of the domain names identified in the first compliance notice. ICANN requested registrar to provide further information regarding the domain names registered by the three customers using the registrar’s privacy service…

July 1, 2013: Registrar replies to the follow up to third compliance notice and stated that it had 13,280 domain names registered behind its privacy service, of which 9,933 were with three named beneficial users.

Nearly 3/4 of the domains registered behind Dynamic Dolphin’s privacy service belonged to three “beneficial users”. As far back as 2008, Dynamic Dolphin had a reputation for being a haven for spammers. I don’t think it’s necessarily a haven for spammers, rather a haven for a few spammers.

ICANN started this action because Dynamic Dolphin was publishing inconsistent and incorrect information. But during the course of the investigation they discovered that the president, CEO and sole shareholder of Dynamic Dolphin was convicted of a finance related felony. Because the initial application for accreditation did not accurately describe the ownership of Dynamic Dolphin nor the owner’s previous felony conviction, ICANN revoked the agreement.


Your email address will not be published. Required fields are marked *

  • Lost in the mists of time

    Over on the Farsight Security blog Joe St. Sauver talks about some of the early days of online abuse, on usenet. Laura and I were on the periphery of early usenet abuse, mostly as users, but Usenet (and IRC) around then were the places we both started with email abuse.No Comments

  • Ongoing Yahoo delays

    I've been hearing from folks over the last few days that they're seeing an uptick in deferrals from Yahoo! The deferrals are not uniform. ESPs report they're seeing some, but not all, customers affected. Other ESPs aren't seeing any changes. It's not just you. But it would be very worthwhile to dig into engagement and other stats. It's possible this is a new normal at Yahoo! and they're tightening filters to catch mail that doesn't fit their standards but was previously difficult to filter.No Comments

  • AOL starts using Sender Score Certification

    Good news for Sender Score Certified IPs. Return Path recently announced that AOL has joined the list of ISPs offering preferential treatment to certified IPs.  1 Comment