An influx of spam that takes advantage of cheap domain registrations has been targeting mailboxes since the beginning of October.
When Registries offer domains below cost in agreement with registrars, unscrupulous spammers jump on the occasion, registering throw-away domain names en masse.
The recent spam onslaught utilizes NameCheap as the registrar, Cloudflare for DNS proxying, and at least two domain registries, one of which is dot .Best.
What are dot .Best domains?
According to the dot .Best Registry, it’s an alternate gTLD to allow professionals present their identity online.
Ntldstats shows that there are almost 50,000 dot .Best domains, and the stats curve indicates that the recent promotions of about $1.80 per .Best domain, have given NameCheap the title of the registrar of choice, with 36% of the pie at 17,000 .Best domains.
Officers from the dot .Best Registry reached out to us, to acknowledge and address the issue of spam that such promotions contribute to.
Mr. Adrien Honoré, COO of dot .Best, told us the following:
“We have reduced the registration price and are launching promotion in order for a majority of people to use it (good usage) and to reserve their names for the launch of the Social Network the.best.
I totally agree with you, and we are setting some blocking and execution against Spam and other frauds. We appreciate your feedback.”
Mr. Honoré continued, indicating the dot .Best registry pledges to improve the current situation involving spam:
“We listen carefully the domain professionals and users. And it is good to have people like you sharing in order to be aware of this kind of topics. we bought the .Best for our social network and we have also to work on the domains industry part to make sure .Best remain a strong branding and marketing word world worldwide.
.Best is a great extension and I we work with registrars and everyone, to report this activity. We already do many reports and blocking, so once again thank you and do not hesitate to contact me, we take this seriously.”
We reached out to Mr. Cyril Fremont, CEO of dot .Best, who addressed the issue with the same attention:
“Due to our growth and coming social network, we are actually developing a new strict policy of our Best domain usage to eradicate spam, phishing and trademark cybersquatting (see for instance: brands.best). Let me know if I can help with anything regarding the .Best registry or THE.Best social network.
We totally understand as we are fighting/finding/implementing new solutions day after day to reduce our abuse in a pro-active mode.”
It’s definitely refreshing to witness the prompt involvement of the dot .Best Registry’s officers in response to our documented complaint. Hope to see some immediate action coming from the entity that handles the money trail as well, NameCheap.
Yeah, thats why I still see thousands of attempts to send garbage to by domain from hundreds of different “.best” domains. I say “attempts” because I have blanket blocked ANY attempt to send mail from any host or domain in that TLD. Just a sample of the last hour:
2019-11-16 12:08:46 H=(swordbrick.best) [45.91.151.15] rejected MAIL : (BLD) swordbrick.best BLOCKED AT MAIL
2019-11-16 12:42:15 H=(screwrefer.best) [45.91.151.17] rejected MAIL : (BLD) screwrefer.best BLOCKED AT MAIL
2019-11-16 12:47:28 H=(checkfavor.best) [45.91.151.16] rejected MAIL : (BLD) checkfavor.best BLOCKED AT MAIL
2019-11-16 12:48:03 H=(screwrefer.best) [45.91.151.17] rejected MAIL : (BLD) screwrefer.best BLOCKED AT MAIL
2019-11-16 12:57:33 H=(valueworld.best) [45.91.151.18] rejected MAIL : (BLD) valueworld.best BLOCKED AT MAIL
2019-11-16 12:57:37 H=(runnerstaff.best) [185.82.75.39] rejected MAIL : (BLD) runnerstaff.best BLOCKED AT MAIL
2019-11-16 13:17:54 H=(lobbybase.best) [185.254.29.98] rejected MAIL : (BLD) lobbybase.best BLOCKED AT MAIL
I think I’m going to block the whole f* .best domain in my custom rules.