The Spamhaus Project

blog

Spamhaus welcomes ICANN INFERMAL study

As supporters of any initiative driven to make the internet a safer place, we were delighted when ICANN recently announced funding for the INFERMAL research project into domain cyberattacks. Discover what exactly the INFERMAL project is and what they’re hoping achieve.

by The Spamhaus TeamMay 05, 20233 minutes reading time

Jump to

Introduction

As supporters of any initiative driven to make the internet a safer place, we were delighted when ICANN recently announced funding for the INFERMAL research project into domain cyberattacks. Discover what exactly the INFERMAL project is and what they’re hoping achieve.### INFERMAL: Advancing domain cybersecurity

On April 25th ICANN, the multi-stakeholder group that coordinates – amongst other things – the gTLD domain space, announced that they are funding the Inferential Analysis of Maliciously Registered Domains (INFERMAL) research project. The project aims to systematically analyze the preferences of cyberattackers when registering domain names for malicious use. Using the research, they intend to distil possible measures to mitigate malicious activities across top-level domains.

Spamhaus supports a safe namespace

At Spamhaus we welcome any efforts to create a cleaner and safer namespace. Over our many years working in domain name and DNS reputation, we’ve seen time and time again that readily available access to domain names is a big enabler for the many forms of online (and sometimes offline) crime. We also observe certain TLDs and registrars consistently housing larger numbers of malicious domains than others. It’s exactly these types of issues the INFERMAL project will investigate.

Cheap domains drive cybercrime

We know there is a strong correlation with price per domain: if the activity you do causes your domain names to be blocked or taken down, you can only continue if you get new domain names. Hence, a lower price easily enables criminals to buy more domains for the same amount of money, in turn driving the volume of the abuse. Furthermore, we also see registry-registrar specific promotions, where certain TLDs are only cheap at specific registrars. Yet, it isn’t only cheap domains that are the problem.

Free tools for fraudulent domains

There are tools that make bulk registration easier, free DNS hosting and payment methods that make it harder to deploy strong Know-Your-Customer procedures. Possibly the most brazen example of this was used at the now defunct registrar Alpnames: they offered free tools to generate random domain names in bulk, in case the registrant didn’t have any names in mind.

Who is heading up the project?

The INFERMAL project will be coordinated by Dr. Maciej Korczyński from the Grenoble Institute of Technology in France, who has a strong established background in DNS and domain names research, focusing on the role they play in cybersecurity. We’re hopeful for good results and insight coming from this project, especially as it aims to consider features that are traditionally hard to measure. We’ll be following ICANN and the INFERMAL research project with a keen eye to see how their research develops.

Read the, ‘Quarterly Spamhaus Domain Reputation Update’, for latest insight into the domain abuse Spamhaus researchers are observing and trends with newly observed domains.

Help and recommended content

See below for helpful articles and recommended content