The Spamhaus Project


Congratulations to CNNIC (China)

by The Spamhaus TeamDecember 17, 20093 minutes reading time

China Internet Network Information Center (CNNIC) - China's own domain regulator - last week criticised and some other Chinese registrars for the excessive inaccuracy in registration information (called "Whois" data).

From this week, buyers of ".cn" Country Code Top Level Domains (ccTLDs) are required to provide paperwork - such as company credentials and a stamped seal - in support of their domain applications. Precautions like this were long overdue, as ".cn" domains had become synonymous with spam, pornography, fraud and other cybercriminal activities - so much so that many networks outside China had started blocking incoming mail containing links that used ".cn" domains. Still other large email provider systems have threatened to do the same soon if the trend continued.

Commendable though CNNIC's action is, Spamhaus fears that unless modified, it will not have much impact on their problem. The reason is simple: it seems that the provided paperwork will be "validated" by CNNIC, and if suspect, then the domain's buyer is given a full week to update their credentials to valid data. In most of the cases where harm is done (phishing, malware, illegal drug spam) the domains are useless to the criminals after a few days anyway because they become widely blocked, so it will not make much difference to the criminals if their domains are shut down then because the credentials are not valid. The very low price charged for ".cn" domains when purchased in bulk (from one to eighteen Yuan - £0.10/$0.15 US to £1.80/$2.70 US per domain) compared to other TLDs, has made them just a "throw away cost" for the American and Russian criminal spam gangs who are behind most of them.

If this scheme is to work, the credentials must be checked and validated BEFORE the DNS is activated to make the domain usable.

Now this WOULD deter the criminals. Indeed a number of other countries' registries would benefit from adopting a similar policy - such as the United Kingdom and Belgium (.uk, .be), whose domains have recently been widely abused by the "Avalanche" botnet gang. Spamhaus hopes that China may decide to lead the way in maintaining a clean, spam/fraud/crime free national domain-space.

CNNIC, CNCERT, and individal Chinese registrars have been sent information about fraudulent and cybercrime domains since 2007, but the proportion of those domains that are actually taken down as a result has so far been disappointingly low.

Also, unlike other ccTLD registries, CNNIC has not yet shared its domain zone data with the widely respected anti-spam, anti-fraud and anti-cybercrime organizations (of which Spamhaus is just one). This sharing helps Spamhaus work with both the registry and the individal registrars to identify the bad domains and suspend them. Spamhaus would welcome an opportunity to enter into a Memorandum of Understanding (MoU) with CNNIC to make information sharing of this nature possible.

So as we extend our congratulations to CNNIC for this good first step in trying to reclaim the ".cn" ccTLD for the honest Chinese internet users, we stress that further steps do still need to be taken.

Help and recommended content

See below for helpful articles and recommended content