Previous month:
March 2010
Next month:
May 2010

April 2010

Abuse of Domain Name Privacy Protection Services

Privacy is the ability to control what one reveals about oneself over the Internet and who can access that personal information. In certain countries, privacy is an inalienable right, while inothers it is a privilege. In the domain name registration world, privacy is, well... complicated.

ICANN requires that registrars collect contact information for domains registered in generic top level domains, and also requires that registrars make this information publicly available for business, technical, and administrative purposes through WHOIS services. Domain registration contact information may well be the same as a natural person's contact information, which under other circumstances or policy (e.g., healthcare regulations) would be regarded as personal information.

The public versus private policy issues that enate from the WHOIS obligation have been the source of ongoing debate in the Internet community for over a decade. Over the course of this long debate, certain entrepreneurs determined that a market opportunity had presented itself: a natural person desiring to protect his or her personal identifying information against public disclosure would pay to protect this information. Some registrars now offer privacy protection services. Such services are advertised as providing registrants with protection from spam or public display of their contact information. Predictably, criminals including spammers allegedly exploit these same privacy controls to evade detection by security and law enforcement agents.

In the past six months, I've conducted two studies to learn whether domains associated with spam and other malicious activities use privacy protect services and to what extent. My first study, Privacy registrations at the notorious 3FN, showed that 38% of the domains allegedly hosting a range of criminal activities used protected registration services. This percentage ishigher than the use of protected registration services among a general population studied by the National Opinion Research Center (NORC).  My colleague Steve Sheng called my attention to the fact that the NORC study results would be helpful in determining the validity of our study into the abuse of domain name privacy protection services. After demonstrating that my 3FN study was statistically significant using a two proportion test (where NORC's results provided a second proportion), Steve convinced me that we should run a second, larger study.

For the second study, we obtained over 50,000 domains identified by The SpamHaus Project as hosting spam. From these, we extracted a random sample of 2000 domains, and collected registration records for 1286 domains registered in GTLDs. In this sample, we determined that 31% of the spam domains used privacy protection services. The results are again statistically significant, using the NORC study as a second proportion.

I presented the initial results of this study and compared these to the 3FN study at  INET Asia. The presentation is available here (viewer below)  Steve has automated much of the study methodology, so we hope to be able to compare multiple data points in the future to better understand what attracts criminals to certain providers, whether certain other "flocking" behaviors can be observed, and other questions of this kind.