Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
Congratulations to CNNIC (China)

2009-12-17 14:51:00 UTC   |   by Richard Cox   |  
Recent News Articles

Suspicious network resurrections

Spamhaus Botnet Threat Update: Q2-2020

Tracking Qbot

Spamhaus Botnet Threat Update: Q1-2020

The Current State of Domain Hijacking, and a specific look at the ongoing issues at GoDaddy

It was the best of times, it was the worst of times

Weaponizing Domain Names: how bulk registration aids global spam campaigns

Amazon Web Services - thwarting spam with a decade-old best practice

Older News Articles:
Spamhaus News INDEX

China Internet Network Information Center (CNNIC) - China's own domain regulator - last week criticised and some other Chinese registrars for the excessive inaccuracy in registration information (called "Whois" data).

From this week, buyers of ".cn" Country Code Top Level Domains (ccTLDs) are required to provide paperwork - such as company credentials and a stamped seal - in support of their domain applications. Precautions like this were long overdue, as ".cn" domains had become synonymous with spam, pornography, fraud and other cybercriminal activities - so much so that many networks outside China had started blocking incoming mail containing links that used ".cn" domains. Still other large email provider systems have threatened to do the same soon if the trend continued.

Commendable though CNNIC's action is, Spamhaus fears that unless modified, it will not have much impact on their problem. The reason is simple: it seems that the provided paperwork will be "validated" by CNNIC, and if suspect, then the domain's buyer is given a full week to update their credentials to valid data. In most of the cases where harm is done (phishing, malware, illegal drug spam) the domains are useless to the criminals after a few days anyway because they become widely blocked, so it will not make much difference to the criminals if their domains are shut down then because the credentials are not valid. The very low price charged for ".cn" domains when purchased in bulk (from one to eighteen Yuan - £0.10/$0.15 US to £1.80/$2.70 US per domain) compared to other TLDs, has made them just a "throw away cost" for the American and Russian criminal spam gangs who are behind most of them.

If this scheme is to work, the credentials must be checked and validated BEFORE the DNS is activated to make the domain usable.

Now this WOULD deter the criminals. Indeed a number of other countries' registries would benefit from adopting a similar policy - such as the United Kingdom and Belgium (.uk, .be), whose domains have recently been widely abused by the "Avalanche" botnet gang. Spamhaus hopes that China may decide to lead the way in maintaining a clean, spam/fraud/crime free national domain-space.

CNNIC, CNCERT, and individal Chinese registrars have been sent information about fraudulent and cybercrime domains since 2007, but the proportion of those domains that are actually taken down as a result has so far been disappointingly low.

Also, unlike other ccTLD registries, CNNIC has not yet shared its domain zone data with the widely respected anti-spam, anti-fraud and anti-cybercrime organizations (of which Spamhaus is just one). This sharing helps Spamhaus work with both the registry and the individal registrars to identify the bad domains and suspend them. Spamhaus would welcome an opportunity to enter into a Memorandum of Understanding (MoU) with CNNIC to make information sharing of this nature possible.

So as we extend our congratulations to CNNIC for this good first step in trying to reclaim the ".cn" ccTLD for the honest Chinese internet users, we stress that further steps do still need to be taken.

Spamhaus Information

Press Office
Spamhaus News Index
Spamhaus in the media
About Spamhaus
Spamhaus Official Statements
Article Information

Permanent link to this news article:
Congratulations to CNNIC (China)

Subscribe to RSS News Feed
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.
© 1998-2020 The Spamhaus Project SLU. All rights reserved.
Legal  |  Privacy