Getting a handle on spam emanating from generic top-level domains

Generic top-level domains are often used for spam and malware attacks. There are steps they can take, though, to reduce the amount.

Getting a handle on spam emanating from generic top-level domains
Pixabay

Since I posted my tome about the generic top-level domains (gTLDs), I’ve received mostly bouquets. A few brickbats were also metaphorically hurtled through the window. I’m disturbing business models fostered by the new gTLDs.

A lawyer who doesn’t want to be named just threw a tort across the transom. It ended up as junk mail, but I fished it out and responded.

+ Also on Network World: Best practices for email security +

Another reply came from the .xyz gTLD. They were miffed. Yes, they know they get used for spam because some of their registrars—the sales side of gTLDs—sell their domain for dirt, actually for pennies in some cases. It’s nice to get a hook in the mouth of a legitimate customer. If a domain is successful, then it’s going to earn money.

The .xyz folks are very insistent that they clean up their domain—and fast. I sent a few spams across their abuse account, and, yes, it was certain death for a few spammer or spam-target accounts.

Please give .xyz people a round of applause, as others don’t do this.

Or maybe some do. I don’t know because they never reply saying, “We killed the account.” This frustrates me to no end. Most TLDs I’ve tested are black holes. You either get nothing or a message send-time-out-gave-up notice from one’s email program. Even .xyz doesn’t normally send one of those great messages saying, “Thanks, we closed their accounts.”

Registrars run wild

Do they not want to infuriate their registrars? Do they send reports saying, thanks for verifying that these people are both real and not part of an IP list of fraudsters, malware writers or spammers? No. No such thing exists. Registrars can pretty much sign up who they like.

Instead, white-listed or even nominally authenticated, actual-working domains are the crux of a new market in software.

There is the problem that authentication somehow also means absence of anonymity. Why is this a problem? Anonymity needs protection for many reasons I won’t go into.

The .xyz people say they’ll take complaints about other domains, too. It’s not easy to see if this works, but a proof of concept aided by the .xyz people seems to corroborate this.

The problem is cheap domain names, easily registered with little to no authentication by hungry registrars who are ostensibly aiding the poor getting online, become easy pickings for spammers and worse. Authentication costs money, and added costs cut into already slim revenue models, reducing registrars’ motivation to authenticate users.

The spam, the malware and more don’t cease.

My suggestion

What might help? Certificate-based reporting parsers. Put these on the front end of mail servers (after actual authentication), and automatically send reports to SOMEONE WHO CARES to deal with the problem. Why certificates? Easy answer—they vouch for authenticated sources.  

If the gTLDs don’t take down the offenders within 24hrs and also send an authenticated reply message, they lose their domain. The TLD registries can also extend this to their network of registrars. It won’t stop spam, but it will cut it down with some initial noisiness.

Copyright © 2016 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022