The Spamhaus Project

news

More Domain Stats: The 10 Most Abused Registrars

by The Spamhaus TeamMay 17, 20163 minutes reading time

Filling in The Spamhaus Project's domain panorama in our "Top-10 Worst" pages, we have added a page for The 10 Most Abused Domain Registrars. It breaks out by registrar the ratio of bad domains versus total domains as seen by our systems in the course of a rolling two-week window. While other registrars have numerically more bad domains, that is a result of the sheer size of their domain corpus, and they have a lower ratio of bad to good domains. Those larger registrars take effective measures to prohibit spammers and remove bad domains from their services, and thus polish their own reputations.

It is important to consider that these data represent domains seen by Spamhaus systems, and not a registrar's total domain corpus. Domains in this data are in active use, showing up in mail and spam feeds, and related DNS traffic. Other domains may be parked or used for traffic outside of our systems' focus, and those domains are not included in this summary.

People in the security community might wonder why they don't see some registrars on this list which are all too familiar to them. Most likely that is because those registrars have significant numbers of legitimate domains and that makes the bad/good ratio lower. Those registrars may also have learned from their past reputation problems and now make an effort to reduce the number of bad domains using their registration service. Registrars presently on this list can learn from that and apply policies to reduce the fraction of bad domains in their corpus.

Our FAQ has asked, "Can registrars suspend domains for spam and abuse?" for about ten years. The answer, of course, is "yes, they can," and all registrars should include an Acceptable Use Policy (AUP) as part of every domain sales agreement. An AUP provides contractual authority for the registrar to rescind or suspend domains for abuse, or even ban entire accounts. Appropriate "Role Accounts" and "Feedback Loops", as well as a network of contacts in the security community, will help a registrar identify problems in a timely way. By stopping abuse of their service, a registrar enhances its reputation among good clients as it shuns bad ones.

At the time these "Top 10" registrar stats first appeared in May 2016, they ranged from 84.3% bad domains (Domainers Choice) to 34.1% bad (NetOwl). Spamhaus would very much like to see both the fraction of bad domains and total number of bad domains drop across all registrars, and towards that end we might still have some more data to show you in a little bit more time.