Home / Blogs

Proxy-Privacy User Higher for Illicit Domains

Garth Bruen

WHOIS issues are looming large for the ICANN meeting next week, starting with an all-day WHOIS Policy Review on Sunday (background). WHOIS is a subject that has been the recent topic of a number of issues including a debacle over potentially disclosing the identities of compliance reporters to spammers and criminal domainers. For those unacquainted with the purpose of WHOIS, I would recommend Paul Vixie's excellent article.

One of the controversial sub-issues is privacy-proxy domain registrations which allow a registrant to replace their WHOIS details with the contact information a of privacy shield company. The privacy-proxy business is a nebulous world with no standards and little accountability. Supporters claim it protects victims and political activists from attacks and private citizens from getting spammed or scammed. Critics, like me, contend it is a loose system run on behalf of criminals and spammers. Additionally, the illicit use of privacy-proxy erodes the legitimate use. This is compounded by the fact that many privacy-proxy services are phantom companies themselves.

In September of last year ICANN released the results of a study estimating 18% usage of privacy-proxy services in the gTLD (full report). However, Knujon research has revealed that privacy-proxy usage is significantly higher among illicit domain registrations. We looked at two specific categories: spammed domains and illicit pharmacy domains. The conventional logic has always been that spammers and criminals would not waste money on privacy services, that they would simply falsify registration data or use "throw-away" free email addresses. We know this is not the case. One section of a report KnujOn will issue on Tuesday March 15th will show 33% usage of privacy-proxy registrations for domains advertised in spam and 39 to 51% usage among illicit pharmacy domains.

KnujOn studied 13,277 repeatedly spammed domains over six months and found that among the general population, most registrants used unmonitored or false yahoo.com, gmail.com, hotmail.com, and other free-email accounts in the registration. However, six out of the top ten spam registrations were through Registrar-sponsored privacy services. Also, 31 of the all the 152 registrant emails domains collected were privacy services.

For illicit pharmacy domains, the numbers are even more interesting. Once again gmail, yahoo, hotmail and aol "throw-aways" were most popular but 15 out of the top 20 contact emails used were at privacy services, most were the services offered by the sponsoring Registrar. Among the general population of 27,414 illicit pharmacy domains studied 39% used privacy-proxy. Within the 50th percentile there is 45% privacy usage, in the 25th percentile it is 48%. Among the top 50 contact email domains 51% were privacy services. The most used privacy services had 8,380 illicit pharmacies as customers.

For some, the question still remains, why pay for a privacy service when bogus WHOIS information is easy to use? There are a variety of reasons. First, it adds another layer of obfuscation to confound investigators. A separate KnujOn study found over 100 illicit pharmacy domains, that had the privacy service removed after complaints, had false WHOIS underneath. A second reason is that it provides additional cover for illicit registrants by creating an unaccountable phantom third party that is neither completely registrant nor Registrar. This is evidenced in multiple UDPRs where a brand owner eventually wins an infringing domain name through default but the true identity of the original owner is never revealed.

There are many more issues including which privacy services are compliant with the ICANN RAA and who owns the privacy services heavily used by illicit domainers. This will be detailed in our full report.

By Garth Bruen, Internet Fraud Analyst and Policy Developer. More blog posts from Garth Bruen can also be read here.

Related topics: Cybercrime, Cybersquatting, DNS, Domain Names, Registry Services, ICANN, Internet Governance, Law, Policy & Regulation, Privacy, Security, Spam, Top-Level Domains, Whois

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Stopping Illegal Activity Online - It's More Complicated Than It Seems

The "Bottom Dilemma"

Taking It to the Streets

The New TLD Registry Example to Follow

The ITU Busan Plenipotentiary

Related News

Topics

Industry Updates – Sponsored Posts

ICANN Los Angeles Recap Webinar

TLD Registry Appoints First China General Manager, Mr Jin Wang

TLD Registry Opens China Headquarters in "China's Silicon Valley"

.nyc Goes Public to Brand the Big Apple

pink.host: Breast Cancer Awareness by Bluehost

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Director Wins ICANN's 2014 Leadership Award

Radix Announces the Addition of .tech to Its Portfolio

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Infographic: Where in the World Do Chinese People Live?

Public Interest Registry Seeks Leaders to Serve on its NGO Community Advisory Council

Neustar to Build Multiple Tbps DDoS Mitigation Platform

Auctions Update: MMX Wins .law and .vip

LogicBoxes Partners with I-Content to Implement Vertical Integration for .RICH and .ONL

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

General Availability Kicks Off for .Website, .Press and .Host

New .ORGANIC Top-Level Domain Welcomes Leading Brands As .ORGANIC Pioneers

Dot Chinese Online and Dot Chinese Website Featured in EURid's World Report on IDNs 2014

Sponsored Topics

Afilias

DNS Security

Sponsored by
Afilias
Verisign

Security

Sponsored by
Verisign
dotMobi

Mobile

Sponsored by
dotMobi
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines