A few days ago we noted how cheap dot .ICU domains are being registered en masse at NameCheap, and are used for spam.
The spammers are using email databases grazed from WHOIS records and send a streak of emails advertising drones, weight loss products, and other unsolicited and invasive messages.
They are using Cloudflare as a reverse proxy, hiding their real location that typically is in eastern Europe. The Cloudflare DNS is turned on only when the mass emailing occurs, and it’s then turned off.
It turns out the problem isn’t a particular TLD, but the price they can be registered at. Right now, the same spammers are registering dot .Best domain names.
What are the common denominators?
- NameCheap as the domain registrar
- Cloudflare as the DNS provider
- Cheap cost for domain registrations, less than $2 dollars per domain
Domain cost is vital to spammers because they use cheap throwaway domains; once these are blocked, they move onto the next one. NameCheap seems to have a knack at forging agreements with Registries willing to drop the retail registration costs substantially.
When domain registration prices drop to shitty numbers, spammers are attracted to the shit like flies.
What needs to be done to overcome this spamming flood?
- NameCheap and other registrars should refuse such pricing agreements with Registries
- Registries should be penalized by ICANN for the amount of spam they produce until it’s properly regulated
- Cloudflare and other reverse proxy providers should not enable domains registered for less than 30 days, and should block known abusers proactively
If you are a victim of this massive campaign of spam enabled by the above parties, send them a piece of your mind:
- NameCheap: abuse@namecheap.com
- Cloudflare: registrar-abuse@cloudflare.com
- ICANN: link to Registrar abuse report form
The domain industry and consumers in general should take this type of spam very seriously, and not feel powerless when it happens.
Copyright © 2024 DomainGang.com · All Rights Reserved.
Arachnitec, namecheap.com assholes continue to allow extreme numbers of spam sent from their domains. These domains need to be blocked! opensubscribe.club is just one of the spammer domains!
NAMECHEAP SENDS ME AT LEAST 40-50 UCE SPAM EMAILS , PER WEEK. THEY HIDE BEHIND ENOM.COM, THEIR OWNER, WHO, IN TURN, USES WHOISGUARD, AS A PROXY TO HIDE THEIR SPAM. I NOTIFIED THE FTC, IN WRITING, ABOUT 3 MONTHS AGO, AND THEY SAID THEY HAVE SECERAL COMPLAINTS, REGARDING ENOM AND NAMECHEAP. THEY ARE CRIMINALS, AVOID AT ALL COSTS.
I get 20-40 spam and scam email a DAY from Namecheap’s friends and customers…and they do nothing about it, because $$$. Scum. Namecheap should be shut down. How they have gotten away with it for so long is beyond me.
This continues to date and the response I got from a report to the abuse email account at namecheap.com was to request that I fill out a super detailed form including pictures of the abuse – TEXT in this case. Basically making it more difficult to report than to abuse – siding with the spammers registering multiple domains every day for this, often where the new domain name only varies by one character.
Now, how can I block any text or any email from ANY domain registered to or by namecheap.com? Use this domain registrar at your own risk to be blocked by association frankly.
NotMe – I agree with your position and share your frustration. Complaint filers should not have to go through endless hoops to be addressed.
Unfortunately there’s no easy way to block such spam. If your email arrives via a hosted account, there are settings you can enable that gauge every email’s “spam score” and either let it through or not.
We block ALL the trash TLD’s. GURY, CYOU, INFO, ICU, all that crap. I am thinking about writing script to do a whois on every incoming email and block any domain that was registered through Namecheap. I hate those assholes. Blocking individual domains is a waste of time, they change them every few hours.
I am from Central Florida and have begged the action reporters on several TV stations to put their reporters on it for an official position of both cloudflare, enon etc and they say that there is no real financial hardship just inconvenience. I would love to “Team” up with anyone reading this to join a group to start putting heat on ICANN who is intentionally ignoring this and pleading they Can’t help.
I own a web hosting company and they are almost impossible to block because they change so much and often, blocking, spam assassin, and out other software is still allowing thousands of emails. I am now on a mission to end this BS. Anybody in?