Jacque and all, Please excuse the lengthy CC list. But due to the mismanagement of the ALAC list ensuring receipt of my response to this was required. I'm quite sure that (HKDNR) was very surprised. I am however not sure that the reasons they gave for being so surprised are entirely honest. I myself have not experienced much spam/phishing Email originating from .HK domains. Nor have I heard from any our members of such either. I will check with our study group that has been engaged on an ongoing basis in tracking, researching, and collecting data on "Bad Domains" as you put it Jacque. Our study also did show a high recidivism of spam, phishing, SQL injection attempts, and attempted hacking from .INFO domains and were tracked to various bogus IP address assignments. My own personal data base going back to 2004 shows that approx. 16% of the spam and phishing attempts originated from .INFO domains. Currently I block 47 .INFO domain Names as a result. All have been reported to us-cert.gov and several have been reported to ic3.gov for investigation as is appropriate. Although I along with several of our members have attempted in to prevail with Afilias in doing a much better job of policing their registrants, those efforts have been almost entirely not effective. Ergo it is our policy by majority decision to discontinue contacting Afilias on such incidents, and simply reporting each and every incident, blocking those domain names and associated IP addresses first, than forwarding those reports to afilias if our members feel so inclined in hopes of breaking the errant recessive cycle of abuse by Afilias'es registrants and Afilias itself. To date, this has met with only some cooperation. In my professional capacity at work, we currently for our customers, whom are mostly service providers and independent hosters for those that have requested, we block all .INFO related network traffic and internally due to the recidivism and ongoing arogant and inconsiderate attitude as well as slowness or response to incidents by Afilias, all .INFO traffic is blocked until the Registry for .INFO is redelegated. The response vs cost of resources just wasn't and isn't worth the effort. -----Original Message-----
From: "Jacqueline A. Morris" <jam@jacquelinemorris.com> Sent: Jun 6, 2008 10:33 AM To: "Brendler, Beau" <Brenbe@consumer.org> Cc: At-Large Worldwide <alac@atlarge-lists.icann.org> Subject: Re: [At-Large] Bad domains McAfee study
Hi Beau There's been some discussion on the cc lists about this as you can imagine. Here's the .hk response to the media:
We are very surprised to learn about the research findings from McAfee. In fact, in a meeting organized by Anti-Phishing Working Group last week in Tokyo Japan, Hong Kong Domain Name Registration (HKDNR) was invited to present its best practice in combating suspicious websites. We are trying to get in touch with the research author to gain more insights into this research and the findings. The research report shows the figures and analysis of the whole of last year. In particular, the report claimed that 9.9 million websites have been tested. It is suspected that most of the malicious sites were tested several months ago and no long exist.
HKDNR is committed to providing a safe Internet environment for the community and has put in place various measures against suspicious websites. We have been working closely with Office of the Telecommunications Authority (OFTA), Hong Kong Police and Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) to monitor and control the situation. In August last year, in conjunction with the list of suspicious domains provided by OFTA, we suspended over 10,000 domains in regard. Following that initiatives, the situation with ‘.hk’ related suspicious websites has been greatly improved.
We actively review our systems and domain name registration procedures and policies. Particularly, we have more stringent documentary requirements to combat suspicious websites registered overseas in order to catch up with the fast-changing Internet world. We also want to call for the general community to be aware of the issue and report to related authorities whenever they have queries accessing a web site.
Brendler, Beau wrote:
http://www.msnbc.msn.com/id/24966835?GT1=43001
"McAfee found the most dangerous domains to navigate to are ".hk" (Hong Kong), ".cn" (China) and ".info" (information)."
Apologies if you've seen this already.
BB
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org
At-Large Official Site: http://atlarge.icann.org
_______________________________________________ ALAC mailing list ALAC@atlarge-lists.icann.org http://atlarge-lists.icann.org/mailman/listinfo/alac_atlarge-lists.icann.org
At-Large Official Site: http://atlarge.icann.org
Regards, Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!) "Obedience of the law is the greatest freedom" - Abraham Lincoln "Credit should go with the performance of duty and not with what is very often the accident of glory" - Theodore Roosevelt "If the probability be called P; the injury, L; and the burden, B; liability depends upon whether B is less than L multiplied by P: i.e., whether B is less than PL." United States v. Carroll Towing (159 F.2d 169 [2d Cir. 1947] =============================================================== Updated 1/26/04 CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS. div. of Information Network Eng. INEG. INC. ABA member in good standing member ID 01257402 E-Mail jwkckid1@ix.netcom.com My Phone: 214-244-4827