Free domains put Mali back on the map – for phishing

When the African nation of Mali announced that it was going to provide free .ml domains from July, their goal was to put Mali back on the map. It appears they have now succeeded, but perhaps not in the way they had intended — thanks to the free domains, Mali now has the most phishy top-level domain of any country in the world.

Nearly 6% of the .ml domains in Netcraft's survey are currently blocked for hosting phishing sites, making it by far the phishiest TLD. In comparison, the second most phishy TLD, .bt (Bhutan), has only 0.7% of its sites blocked for phishing.

.ml domains can be quickly and easily registered at Freenom, which is owned by the Netherlands-based Freedom Registry. Registrants are required to create an account with a valid email address, and a CAPTCHA is used to try and prevent automated registrations. Domains can be registered for between 1 and 12 months initially, with an unlimited number of renewals. Domains which contain more than 3 characters are free.

It is not surprising to see free domain names being used in phishing attacks, but some TLDs have managed to tackle such fraud with astounding efficacy. The .tk TLD was taken advantage of extensively by phishers in 2011, prompting its registrar, Dot TK (another subsidiary of Freedom Registry), to introduce an anti-abuse API to allow trusted partners to shut down sites that use the .tk ccTLD. This dramatically reduced the average uptime of phishing sites which used .tk domains, making it a less attractive platform for fraudsters. Indeed, .tk does not even appear within the top 50 phishiest TLDs today; however, considering .tk and .ml share the same owner, this makes it somewhat surprising to see .ml being so heavily abused already.


A Taobao (Chinese shopping site) phish using a .ml domain, hosted in the US.

Despite the obvious appeal of a free and easily registered domain name when orchestrating a phishing attack, the phishiest TLDs are not always free, nor easy to register. Back in June, Morocco had the phishiest TLD (.ma), although it has since fallen to 12th place. As well as not being free, the administrative contact for an .ma domain must be established in Morocco; however, people living outside Morocco can still register an .ma domain through third parties.

Netcraft provides services to help protect domain registries, brand owners and hosting companies. You can also protect yourself against the latest phishing attacks by installing Netcraft's Anti-Phishing Extension and help protect the internet community by reporting potential phishing sites to Netcraft by email to scam@netcraft.com or at http://toolbar.netcraft.com/report_url

Go Daddy Assumes 850,000 RegisterFly Domains

Embattled registrar RegisterFly will transfer 850,000 domain names to GoDaddy.com, the world's largest domain registrar under an agreement brokered by ICANN, the parties announced today. The move will be welcome news to domain owners who have been unable to manage their names since RegisterFly collapsed into financial and management turmoil in February.

"We worked with ICANN to effect a migration of the RegisterFly domains to GoDaddy.com and help those customers left in limbo,” said GoDaddy.com CEO and Founder Bob Parsons. “It’s what many RegisterFly customers asked us to do. After they are moved over to GoDaddy.com, all RegisterFly customers will once again be able to manage and renew their domain names with confidence and will also enjoy the world-class support we provide all our customers. We expect the move to be completed over the next week."

"The RegisterFly situation has been extremely difficult -- first and foremost for registrants, as well as for the entire registry and registrar community," said Dr Paul Twomey, ICANN's President and CEO. "The GoDaddy.com agreement is the best possible solution for RegisterFly customers since it’s a direct and automatic transfer to a competent and experienced customer service oriented organization."

Continue reading

Two RegisterFly Sites Online as Ousted CEO Returns

ICANN is continuing to press RegisterFly to repair its management systems so domain owners can manage their names, but is now dealing directly with company founder Kevin Medina, who has been awarded control of RegisterFly by a New Jersey court. ICANN met Saturday with Medina to demand immediate action on RegisterFly's failure to provide adequate WHOIS information and make critical transfer codes (known as auth-info codes) available to customers.

ICANN's task would appear to be complicated by the fact that there are currently two RegisterFly web sites running on different infrastructures - RegisterFly.com at The Planet, and Registerfly.net at Sago Networks.

The dueling web sites are the result of a nasty split between Medina and business partner John Naruzewicz, who claimed that he owned 50 percent of RegisterFly and said the company's board had fired Medina. At the direction of "new CEO" Naruzewicz, the company filed a lawsuit accusing Medina of mismanagement and misuse of company funds. Medina denied all charges, saying he remained the sole owner of RegisterFly. Last Thursday a Newark, N.J. court agreed, awarding sole control of the company to Medina. Naruzewicz indicated that he would not appeal. "We lost and it's all over," Naruzewicz told Business Week.

Continue reading

With RegisterFly in Chaos, ICANN Threatens Action

Embattled domain registrar RegisterFly will lose its accreditation if it can't fix serious operational problems in the next 15 days. ICANN has informed the New Jersey-based registrar that it is in breach of its operating agreement, threatening enforcement action (PDF) after months of complaints from RegisterFly customers. The registrar's operations have descended into chaos this week, with its web site paralyzed amid allegations that the former president and CEO misused company funds.

As the company's principals battle one another, thousands of domain names have been caught in the crossfire. RegisterFly says that at least 75,000 customer domains expired as a direct result of the company's financial and management problems. RegisterFly is also an SSL certificate authority, making its stability an issue for about 460 site owners who are currently securing sites with FlySSL certificates.

A lawsuit filed by RegisterFly's parent company, Unified Names, blames the meltdown on misuse of company funds by President and CEO Kevin Medina, who was fired by the company's board. The suit alleges that Medina spent company funds on liposuction surgery and escort services. "After his termination, Mr. Medina deleted email accounts, access to support tools, and access for our risk/billing department to issue refunds," RegisterFly's Glenn Stansbury said in a statement posted at RegisterFlies.com, a customer protest site. RegisterFly is also reported to have changed the root password of its web server to prevent sabotage.

Continue reading

Microsoft Approved as ICANN Registrar

Microsoft has become an ICANN-accredited domain registrar, giving it the ability to sell domains directly to its customers. Microsoft has been reselling domain names from Melbourne IT, a registrar based in Australia that also provides wholesale domains to Yahoo and other hosting providers.

Microsoft's could use its new status to sell domain names for its Office Live small business hosting service, which is scheduled to come out of beta on Nov. 15 and provides a free domain name with each account. This would probably save Microsoft money on each domain sold, as wholesalers like Melbourne IT typically charge a small mark-up over the base fees from the central registry.

But not all companies that gain ICANN accreditation use it to sell their own domains. Google became a registrar last year but has yet to sell domain names to the public, preferring to use its status to focus on reducing spammy domains from its search results. Amazon.com also has ICANN accreditation, but has not pursued retail domain sales.

Go Daddy Cancels Planned IPO

Domain registrar Go Daddy has decided not to attempt an initial public offering, citing difficult market conditions, the company said yesterday. "With a war and escalating hostilities throughout the Middle East, skyrocketing oil prices and technology stocks once again taking a beating on Wall Street - now just isn't the right time for us," said Bob Parsons, CEO and founder of The Go Daddy Group.

Go Daddy's plans to raise $200 million through an IPO had been closely watched in the U.S. hosting industry, which has seen many private mergers and acquisitions but no major new IPOs since dot-com era bankruptcies by Exodus and other hosting companies that borrowed heavily to finance growth. Hostopia, which focuses on the hosting reseller market, filed plans last month for an IPO that could raise up to $40 million.

Go Daddy is the the world’s largest domain registrar, and has built a huge hosting business since entering the market in earnest in 2003. Go Daddy recently became the world’s largest hosting provider, as measured by hostnames. While the Scottsdale, Ariz. company has been cash-flow positive since 2001, it has not yet reached profitability, and lost $13.8 million in 2005 on revenues of $139 million, according to its SEC filing.

Continue reading