Sections:
Home |
Featured Blogs |
News Briefs |
Industry Updates |
Topics |
Community
RSS Feeds, Email Updates, Mobile Edition and More: CircleID Extras
About: About CircleID | Media Coverage | CircleID Blog | Contact | Advertising Programs
Terms & Policies: Codes of Conduct | Privacy Policy | Terms of Use
RSS Feeds, Email Updates, Mobile Edition and More: CircleID Extras
About: About CircleID | Media Coverage | CircleID Blog | Contact | Advertising Programs
Terms & Policies: Codes of Conduct | Privacy Policy | Terms of Use
Copyright © 2002-2008 CircleID.
Iomemo Inc.
All rights reserved unless where otherwise noted.
Local Time: Tuesday, December 02, 2008 12:21 AM PST – Page Load: 0.2872 Sec.
Local Time: Tuesday, December 02, 2008 12:21 AM PST – Page Load: 0.2872 Sec.
They got it from "industry sources" - like us for instance, and like the SURBL blocklist (www.surbl.org). Just like the APWG does. The list wasnt "definitive", trust me.
The advantage HKDNR had back then was that most - over 99% of the domains registered on the .hk ccTLD over several months - being reported were also clearly fraudulent (over 13,000 domains, bought using stolen credit cards with bogus whois data, most often the contact details of the holder of the credit card, and with random looking gmail and yahoo accounts as the domain whois contact).
So, credit to them for finally stepping up to the plate, deactivating the phish domains and putting in place due diligence measures to prevent future fraudulent signups.
Registrars who get such data arent expected to shut them all down blindly .. not by us, not by APWG. They just get a list of domains thats been found in spam reports, found by passive dns and other research methods etc. And they can apply other metrics to this, in order to deactivate them.
http://www.circleid.com/posts/hk_the_most_unsafe_domains/
I had lunch with Jonathan and Pindar today.
How OFTA obtain the list, be it SURBL or their own, is something internal to OFTA. The point is HKIRC did not take any list from anyone except their own government regulator, ie, OFTA, is the point of my article.
No domain names have being taken down without verification. HKIRC has a dispute procedure. Of all the takedowns, only 2 filed a dispute and upon further defense, the 2 of them did not pursue. Thats how targeted they are in their takedown, not 99% not 98%, but 100%. Thats the other point of my article - 99% is not good enough in this particular case.
In the zest in the pursue of spammers and phishers, sometimes people forgot there are innocent parties who might be get entangled unintentionally. No one, no domain, should be presumed of spamming or phishing, unless proven guilty.
As for your article in June, you are probably accurate altho Jonathan would probably repeat in a more positive light. The anger among the HK veterans is because they deny .HK had a problem, but that the McAfee report is based on data points that was a year old, where the problem is long resolved (6 months at least).
among the HK veterans is *not* because they deny .HK had a problem
Hi James -
Any registrar must do their own due diligence before taking domains down, just that a huge percentage of the domains registered under the .hk ccTLD were by pill spammers, for a long period of time (you dont believe me then you might want to look at the several hundreds of new domains we were blocking, every week)
HKDNR did due diligence on this and took them down.
They are free to get information from OFTA, or the HK CERT, who can source them from external sources. Or they can source them from external sources themselves, do their own due diligence and take action on those domains. They dont particularly need OFTA's commanding them to do it.
A lot of HK policy is based on self regulation, and HKDNRs own terms and conditions allowed them to take down fraudulently registered domains. They just had to apply those. And it is best practice for registrars (and HKDNR is both a registry and a registrar if I'm not wrong)
I did say in my previous article and in my reply above that HKDNR had a problem for several months and then they fixed it. I have heard some people argue that if HKDNR can wait for several months before fixing such a grave problem, they really shouldnt complain if McAfee reports on the problem several months after it is finally fixed.
I have heard the above opinion expressed, though I dont necessarily share it, just am glad that HKDNR did take action to resolve this.
https://www.hkdnr.hk/register/registraion_agreement.jsp
especially these. Now, a domain that sells fake stocks, fake pills etc, is used on botnets, and has patently fake whois information would violate at least some of these clauses, thus voiding the contract the registrant had with the HK registrar and registry.. who would just be following best practices adopted by a wide variety of registrars when they shut such domains off.
See below.
3.6 Representations and warranties by you
(a) to the best of your knowledge and belief, the Domain Name you are applying for will not infringe or otherwise violate the legal rights of any third party;
(c) your use of the Domain Name shall be bona fide for your own benefit and shall be for lawful purposes;
(d) you will not knowingly use the Domain Name in violation of any applicable laws and regulations;
(e) all information you or your Agent provides to us, including further additions or alterations to such information, is true and accurate; and