ICANN Heeds Call to Ban Abusive Registrars
Well, it seems that ICANN has indeed been listening to security researchers that have been increasingly critical of certified registrars that appear to be letting cybercriminals abuse their services.
Or it has in fact been moving to enforce its rules of operation for registrars a bit more aggressively.
Earlier this week, ICANN issued so-called "breach notices" to two such companies that have recently been highlighted in reports by spam and malware researchers KnujOn for allowing spammers, illegal online pharmacies and malware distributors to use their services to do business.
ICANN sent the notices to accredited registrars Beijing Innovative Linkage Technology Ltd., doing business as DNS.com.cn, and Joker.com, for failing to comply with Section 3.7.8 of its Registrar Accreditation Agreement (RAA) which requires registrars to take "reasonable steps to investigate" Whois inaccuracy claims.
To quote ICANN, Section 3.7.8 of the RAA requires registrars, "...upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate the claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy."
So, in effect ICANN is finally calling these guys out for not doing their due diligence to ensure that cybercriminals can use them as a proxy to rip people off.
ICANN had actually sent initial "Notices of Concern" regarding the same issue to both firms in May after an initial report listing abusive registrars was published by KnujOn, which recently pushed another major registrar, Directi, to mend its own ways and another, EstDomains, to promise to do the same.
"Both (DNS.com.cn, and Joker.com) subsequently assured ICANN that they were investigating Whois inaccuracy claims and had suitable processes in place to do so. However, ICANN found compelling evidence leading to a conclusion that both DNS.com.cn and Joker.com do not appear to be taking reasonable steps to investigate these claims as required," ICANN said in a statement.
To avoid the commencement of the termination process, DNS.com.cn and Joker.com must now "cure the cited breaches within 15 days."
If not, ICANN said it will "pursue all remedies available under the terms of the RAA, including possible termination."
DNS.com.cn has over 300,000 domain names under management and Joker.com has over 600,000 domain names under management, according to the regulatory agency.
"Every KnujOn participant and supporter needs to give themselves a big pat on the back tonight because you made this happen," KnujOn chief Garth Bruen said in a statement e-mailed to supporters and posted on his Web site. "KnujOn processed your submissions and filed thousands of complaints and tracked them continuously to ensure contracts were observed and the public trust was not broken."
Nice job by KnujOn, and good job of stepping up by ICANN, this is how this whole process and community is supposed to operate.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.