[CPWG] The Bulk Registrations issue and why it is complex
John McCormac
jmcc at hosterstats.com
Sun Apr 3 18:21:50 UTC 2022
This is a kind of introduction to bulk registrations based on tracking
domain name statistics and running Web Usage surveys that measures the
rates of usage in gTLDs and ccTLDs. I've left out the brand
protection/IP aspect as that's really covered by UDRP and URS.
The bulk registrations problem is complex but DA is only part of it.
While spam, botnet C&C and some other registrations are problems in
terms of DA, many bulk registrations are often borderline "content
abuse" problems.
Some search engines still have problems with handling links from
websites and it is not uncommon to see large numbers of webspam websites
generated from scraped web content from legitimate websites, Social
Media and even search engine results. The more inbound links a website
has, the more authoritative it appears. Some search engines have been
fighting this problem for years.
The software that produces these webspam sites is quite sophisticated
and it can churn out thousands of these sites in a few hours. The
essential element is low priced or free domain names. These websites are
typically one year registrations. They do not renew. This is because the
economics do not justify paying the full-priced renewal fee. It is
cheaper to register another heavily discounted domain name either in the
same gTLD or another gTLD where there is a heavily discounted
registrations offer running.
There is also a speculative element to some bulk registrations in that
there are often mini-bubbles which target short domain names (four
letter (4Ls), five letter (5Ls) and some numerical domain names). Many
of the registries or brand owners have already registered the three
letter domain names. Again, some of these trends are linked to
discounting offers. They are not abusive registrations and often end up
on domain name sales sites. These trends may start in one gTLD and then,
once the 4Ls are all registered in that gTLD, move into other gTLDs. The
Chinese bubble in .COM and other legacy gTLDs is a good example of this
kind of trend. Most of the bubble registrations did not renew.
Affiliate landers (adult and gambling) are also a feature of bulk
registrations. There has been somewhat of a shift away from parking
undeveloped domain names on pay per click (PPC) landing pages. Again,
these types of bulk registrations have a high attrition rate. These
affiliate landers have similarities to the automatically generated
websites mentioned above.
That leaves the real problem categories in bulk registrations.
Disposable registrations used for spam are part of the bulk
registrations spectrum but detecting them is made more difficult by the
damage that GDPR and the reaction to GDPR has caused on WHOIS. The
problem of deciding what is and is not a spam domain name is compounded
by the fact that the majority of domain names in most gTLDS do not have
developed websites. The blacklists generaly operate on the principle of
detected use rather than identifying intent.
Registration for botnet C&C, phishing, pharming and other forms of abuse
can be obvious and non-obvious. Domain generation algorithms used for
C&C and other malware generate pseudorandom domain names but sometimes
these registrations already exist. The problem with a simple approach is
that some languages, like those in China, may use numbers as part of a
domain name because they sound like other words. To someone with only
experience of English, they may appear to be a random string of characters.
Separating these abusive registrations is quite difficult. In the
absence of WHOIS data and other data it is extremely difficult to guess
the intent of the registrant. With some of the affiliate lander
registrations, there is often a clustering pattern in both gTLD and
webservers. But that only happens with domain names that a have
websites. Spam registrations may only be detected once used for spam and
even then they have a finite lifespan. (Heavily discounted registrations
are disposable.)
These are the Quick Delta numbers and percentages of some new gTLDs. The
Quick Delta compares a gTLD's zonefile with the zonefile from a year ago.
March 2021 - - Retained - Deleted - Retained % - Deleted %
1,317,370 80,358 1,237,012 6.10 93.90
246,344 22,025 224,319 8.94 91.06
32,838 2,972 29,866 9.05 90.95
Other new gTLDs are quite normal and some even have Quick Delta rates
approaching those of ccTLDs (very stable). Discounting is part of the
business model of registries. They use it to grow the number of domain
name under management.
The theory is much like throwing mud at a wall to see how much sticks. A
small percentage of domain names will renew at full fee. A registry will
gradually build up a core set of domain names that may keep renewing but
the vast majority delete without being renewed. Somewhere in those bulk
registrations are the abusive registrations. It is made more difficult
by the fact that most bulk registrations are one year registrations and
the bulk registration problem is a moving target.
Regards...jmcc
--
**********************************************************
John McCormac * e-mail: jmcc at hosterstats.com
MC2 * web: http://www.hosterstats.com/
22 Viewmount * Domain Registrations Statistics
Waterford * Domnomics - the business of domain names
Ireland * https://amzn.to/2OPtEIO
IE * Skype: hosterstats.com
**********************************************************
--
This email has been checked for viruses by AVG.
https://www.avg.com
More information about the CPWG
mailing list