For what it’s worth, I reported dozens of domains used in phishing scams to Namecheap and their support could not possibly give less of a crap. I reported about 26 domains used in SMS scams in Australia and Namecheap refused to action more than one domain. As far as I’m aware, the remaining 25 or so are still active.
Their chat support is unable to take spam complaints and instead directs you to their “Legal & Abuse Department” based in Eastern Europe. And what you get is basically what you’d expect from an underpaid, disgruntled level one IT support.
You should report illegal activities to the authorities, not companies.
I wouldn't expect Namecheap, a low cost registrar with "cheap" in its name, to have the legal resources to investigate or make a conclusion for each accusation that comes their way for one of their 10 million domain names.
As with everything internet related, I think there's a vast misunderstanding of scale, and difficulty in automation (domains sniping!), for what they're facing.
I also wouldn't expect them to hand out information to anyone that asks for it, especially a large company known for misusing any information they can get their hands on, without a subpoena.
I think the real solution would have to come from a third party group(s) that could collect, monitor, and produce high quality reports, with a high level of accuracy, that all of these registrars could use. Who would fund these groups? Probably whomever gains/loses less from the phishing scams being terminated.
> I wouldn't expect Namecheap, a low cost registrar with "cheap" in its name, to have the legal resources to investigate or make a conclusion for each accusation that comes their way for one of their 10 million domain names.
Exactly. And if they _did_ I'd be just as concerned that they're now allowing a vector to take domains down.
Balancing the two is difficult..
Actually, if it violates their tos they should normally appreciate the report and take action on it.
Of course, but how would they know? The vector I refer to is my ability to create "evidence" and report you to their customer service.
Eg, i'd wager the GGP comment who reported 26 domains did so in a manner that would be fairly easy to fake. So what is the requirement of reports? Too loose and it's easy to fake, too strict and it becomes to difficult to report _(or too costly to verify)_.
Every domain had the same content, was styled in the same format (something like a28d92.com, then b28d92.com...) and all were acting as redirection platforms for phishing sites and all were registered on the same day.
It wasn't hard to verify or easy to fake, or loose. Namecheap's legal/abuse department are just completely incompetent/don't care about their own TOS.
Has anyone tried maintaining a blacklist of sites or some kind of fuzzy domain resolver as a paid extension for businesses?
Like this one?
https://dns.yandex.com/advanced/
I am sure there are other examples not in cahoots with the Russian government.
There's a lot more regulation and guidance around taking down a phishing site at the domain level, rather than at the provider level. (E.g. Hosting company, CloudFlare and other DNS providers, etc.) If I remember correctly, ICANN requires takedowns to be either compelled by law enforcement, or done through the UDRP[1], whereas the providers themselves are typically more able to quickly respond to abuse. In addition, phishing domains are typically short lived, as once they're flagged by Google Safe Browsing[2] and the like, they're essentially worthless to the ne'er-do-wells that purchase them, regardless of if they're actually taken down.
[1]: http://www.icann.org/en/dndr/udrp/policy.htm [2]: https://safebrowsing.google.com/
This is not correct. It is not their job to police the internet.
The analogy is more like writing a messaging app then being asked to revoke access to someone because they are texting while driving.
Not attempting to excuse their lack of action, but there are cases where it's somewhat understandable why a registrar may not take action. For instance, if the only service they're actually providing is registration, the domain belongs to a long time customer, and they aren't hosting the site or dns, they're only left with one very blunt action they can take. It's frustrating for sure, but registrars are very hesitant to take such harsh action on long-standing customers.
In that example the domain is likely compromised though, so you need to be reporting to all the hosting providers involved as well and not just the registrar.
Why would they care at all? They are a domain registrar that's it. Not their place or responsibility to police domains.
This probably comes down to narrowing the number of people who can take action on these requests, as per the potential abuse that could come from taking action on invalid requests.