ICANN Gives Notorious Internet Registrar Stay of Execution - for the Moment

ICANN has held off terminating the accreditation of EstDomains, an Internet registrar long accused of being an open house for malware distributors. The move comes a day after ICANN notified EstDomains in a letter it was shutting it down due to EstDomains' president being convicted on fraud and money laundering charges.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Just when EstDomains appeared to be on the proverbial chopping block, it has gotten a stay of execution.

ICANN (Internet Corporation for Assigned Names and Numbers) stated Oct. 29 it will hold off on shutting down the notorious Estonian domain registrar pending a review. The decision came a day after ICANN informed EstDomains that it was terminating its accreditation Nov. 12 due to EstDomains' president, Vladimir Tsastsin, being convicted in February on money laundering and fraud charges in Estonia.

In the termination letter sent Oct. 28, ICANN stated it planned to move the roughly 281,000 domains under EstDomains' management to another registrar. However, EstDomains responded with a letter stating Tsastsin had resigned as president in June, and that his conviction is being appealed to Estonia's Supreme Court. According to the letter, the registrar did not inform ICANN of the change because it did not believe it was a requirement under its agreement.

"To assess the merits of the claims made in EstDomains' response, ICANN has stayed the termination process as ICANN analyzes these claims," ICANN officials said in a statement.

News of the pending termination was greeted with glee by several members of the security community. EstDomains has long been accused of playing nice with malware distributors. Over the past several years, it has provided domain registration services to the infamous RBN (Russian Business Network) as well as cyber-criminal organizations tied to spam campaigns and other activity.

For its part, EstDomains has denied links to malware distribution, going so far as to send out press releases to that effect. Ironically however, the controversy over malware is not relevant to ICANN's decision. Instead, at issue is a section of the Registrar Accreditation Agreement that states accreditation can be revoked if any officer or director of a registrar is convicted of a financial crime unless that person is removed.

"ICANN will take all reasonable measures to protect the interests of registrants during the stay period and the subsequent termination process that may follow," ICANN officials said.