.PW domains a "Spam Haven"

Discussion in 'In The News' started by roundabout, May 3, 2013.

  1. roundabout

    roundabout VIP

    Joined:
    Feb 17, 2011
    Messages:
    2,713
    Likes Received:
    154
    Trophy Points:
    63
    Poor Palau

    Palau is a tiny country of about 20,000 people with excellent snorkeling in the South Pacific. Like every country, it has a two-letter country domain .PW. Back in 2004, Palau leased .PW to Encirca, who tried to brand it as Personal Web, with approximately no success. Late last year, DirectI took it over and rebranded it as Professional Web. They went through an ICANN-style sunrise and landrush process and apparently got tens of thousands of defensive registrations. About a month ago, they opened it up to everyone with very cheap $5 registrations, and the spam began.

    A few days ago questions about spam from .PW started showing up on a lot of lists about e-mail operations, from lists about general spam management to the spamassassin users list to some private lists for system operators. Everyone was seeing the same thing, vast amounts of spam from .PW addresses, and no legitimate mail at all. People with access to passive DNS reported a lot of different .PW domains in use in spam, about 10,000 of the total of 50,000 that DirectI claims.

    Although they have a fine set of rules on the .PW web site forbidding spam and other evil, I don't get the impression that it occurred to DirectI that they need to take compliance seriously. (They're also an ICANN gTLD registrar, and do not have a great reputation for abuse management in that context, either.)

    DirectI's .PW abuse reporting page isn't very helpful. They suggest that you look up the registrar through a web form and notify the registrar. Uh, no. Since they have a database of all the domains, it would take a junior programmer about 20 minutes to write a script that picks a .PW domain out of an e-mailed abuse report, looks it up, and forwards it to the appropriate registrar, if they actually wanted to deal with abuse.

    One one of the lists I read, a DirectI employee popped up, which was nice, and suggested that we send abuse reports to a couple of addresses, neither of which was [email protected] or [email protected] (the only e-mail address on their web site.) Once again, uh, no.

    At this point, people I know at at least one large webmail system tell me that it's too late to save .PW, they're filtering it as block on sight and see no reason to revisit that any time soon. I hope nobody in Palau, the legitimate home of .PW, is counting on using a .PW address for their own mail or web site. A little poking around finds palaugov.net (the main government web site), palaunet.com (the phone company), and palauopa.org (the public auditor), so it appears that they gave up on .PW a long time ago.

    If DirectI were serious about abuse management, what would they do, particularly given the tension between the marketing department who wants to sell as many domains as possible to anyone with five bucks, and everyone else who doesn't want a public nuisance? The main thing is to plan ahead and get feedback loops of various sorts set up. Contact large mail providers, and ask for a feed of spam from .PW addresses or touting .PW web sites. Many will be happy to do it. There are also service bureaus that aggregate reports, again who should be able to provide close to real time intelligence to shut down abusers.

    As noted above it's probably too late for .PW, but this should be a lesson for the operators of the thousand new domains that ICANN is likely to approve starting later this year. Some of the domains are closed, only available to the sponsor (typically corporate vanity domains) but a lot are intended to be open to anyone. Will the registries plan ahead for effective compliance? I'm not holding my breath.

    Source:
    http://jl.ly/Email/palau.html
     
  2. roundabout

    roundabout VIP

    Joined:
    Feb 17, 2011
    Messages:
    2,713
    Likes Received:
    154
    Trophy Points:
    63
    ROFL's...

    I don't think I'll be unblocking mail from .PW any time soon

    One of the managers at .PW sent me a note saying that (paraphrased) now that the world knows their customers are gushing spam, they're finally starting to set up some of the anti-abuse measures that they should have done in the first place.

    But then I got my first response to an abuse report:

    Um, zeusprod.com is one of my customers, to whom their .PW customer sent spam. I don't know how they think they "locked" it, and I'm fairly sure that I don't want to know.

    Really, running an abuse desk isn't rocket science, and a company like DirectI that has been on the net for 15 years should have figured it out by now. But they haven't, and since it seems utterly improbable that anyone I want to hear from will use .PW, we can avoid the problem by filtering it all out before anyone sees it

    Source:
    http://www.jl.ly/Email/pwnope.html
     

Share This Page