A few days ago we noted how cheap dot .ICU domains are being registered en masse at NameCheap, and are used for spam.
The spammers are using email databases grazed from WHOIS records and send a streak of emails advertising drones, weight loss products, and other unsolicited and invasive messages.
They are using Cloudflare as a reverse proxy, hiding their real location that typically is in eastern Europe. The Cloudflare DNS is turned on only when the mass emailing occurs, and it’s then turned off.
It turns out the problem isn’t a particular TLD, but the price they can be registered at. Right now, the same spammers are registering dot .Best domain names.
What are the common denominators?
- NameCheap as the domain registrar
- Cloudflare as the DNS provider
- Cheap cost for domain registrations, less than $2 dollars per domain
Domain cost is vital to spammers because they use cheap throwaway domains; once these are blocked, they move onto the next one. NameCheap seems to have a knack at forging agreements with Registries willing to drop the retail registration costs substantially.
When domain registration prices drop to shitty numbers, spammers are attracted to the shit like flies.
What needs to be done to overcome this spamming flood?
- NameCheap and other registrars should refuse such pricing agreements with Registries
- Registries should be penalized by ICANN for the amount of spam they produce until it’s properly regulated
- Cloudflare and other reverse proxy providers should not enable domains registered for less than 30 days, and should block known abusers proactively
If you are a victim of this massive campaign of spam enabled by the above parties, send them a piece of your mind:
- NameCheap: abuse@namecheap.com
- Cloudflare: registrar-abuse@cloudflare.com
- ICANN: link to Registrar abuse report form
The domain industry and consumers in general should take this type of spam very seriously, and not feel powerless when it happens.
