In a second report regarding the concentration of websites advertised through junk e-mail, the anti-spam outfit KnujOn has published a top of domain registrars most favored by cyber criminals. The report uses spam activity data collected by the organization since June 2008.

The interesting fact is that, while there are about 900 domain registrars accredited by the Internet Corporation for Assigned Names and Numbers (ICANN) operating at the moment, the ten in this list are responsible for administering 82.90% of all domains used in the spam campaigns documented by KnujOn.

The top 10 most spam-friendly domain registrars as established by KnujOn goes as follows:


1. Xin Net (Second Time at #1)
2. eNom
3. Network Solutions
4. Register.com
5. Planet OnLine
6. RegTime
7. OnlineNIC
8. Spot Domains (domainsite)
9. Wild West
10. HiChina Web Solutions

The anti-spam organization has explained its methodology used to establish the top 10 in detail. The final rankings have been actually obtained by averaging four individual scores representing the total number of spammed domains per registrar, the percentage of the registrar's entire portfolio that those spammed domains represent, the total number of spam e-mails used to advertise the domains and the rate of spam messages per each spam domain.

Therefore, when it comes to the total number of spammed domains, eNom tops the chart by far with 32,610 abused domains, being seconded by Planet OnLine with some 20,604 illicit domains, followed by Network Solutions with 11,105. OnlineNIC and Xin Net occupy the fourth and fifth position with very close numbers, 9,624 and 9,346 domains, respectively. Register.com (5,228), Spot Domains (3,752), Wild West (3,106), RegTime (1,552) and HiChina (999) complete the list.

These figures are somewhat irrelevant if the total number of maintained domains for each registrar is not taken into account. Thus, when looking at the size of each portfolio, things become totally different. The 20,604 illicit domains operated by Planet OnLine represent a whooping 38.7% of its entire portfolio of 53,202.

RegTime comes in second with 5.3% of all its domains being spammed, and Spot Domains in third with 1% of its portfolio being abused. The other registrars have scored under 1% on this scale, with eNom actually being in the last 5, the 32,610 abusive domains operated by it representing only 0.4% of the 8,840,000 it maintains (largest portfolio in the list).

When it comes to the total number of spam messages advertising illicit domains, Xin Net has amounted for 3,228,041, which puts it in first place, followed by eNom with 1,294,595. Network Solutions (582,583) and Register.com (308,738) occupy the third and forth positions, while the rest have amounted for under 100,000 junk messages.

Xin Net's domain names taken individually are also the most spammed ones, with each one being advertised by an average of 345.4 messages. Register.com is in second place in this chart, but with a considerably lower score of 59 junk e-mails per domain. RegTime and Network Solutions come in third and forth, with 54 and 52.5, respectively. The rest have averaged under 50 messages per domain.

"First, to us these numbers indicate a problem at the cited Registrar, it does not mean a Registrar is criminal or evil. Far from it, we believe this is a question of effective controls and good policy. Registrars may lack adequate abuse staff or awareness of the problem. Some simply do not know who their bad customers are. It is important to understand that these problems can be fixed!," the KnujOn researchers explain in their report.

In order to prove that this report is of great significance, KnujOn presents the impact that its last one had. The previous report on spam activity applied to domain registrars was released in May 2008 and presented a considerably different list:

1. Xinnet Bei Gong Da Software
2. Beijing Innovative Networks
3. TodayNIC
4. Joker
5. eNom, Inc.
6. MONIKER
7. Dynamic Dolphin
8. The Nameit Co/AITDOMAINS.COM
9. PDR
10. Intercosmos/DIRECTNIC

Due to that report, the anti-spam fighters point out, Beijing Innovative Networks and Joker received Breach Notices by ICANN and risked losing accreditation. As a result, they brought significant improvements to their operations. TodayNIC chose to work together with KnujOn and also cleaned its house. Dynamic Dolphin, KnujOn notes, was being used mainly by spam kingpin Scott Richter, who's operations were shut down, dropping the registrar's abuse count.

Directnic and Moniker were among the contesters of the report, but both have since terminated thousands of abusive websites. Intercosmos has also enforced a very strong anti-abuse policy and cleaned up its act, the anti-spam outfit underlines. The new report also comes with a twist, KnujOn planning to analyze each of the registrars that have made it individually to the list. More detailed reports will be separately published about every one of the them during the next ten days.