.ML and .CF TLDs: The Next Likely Spam Havens

Share with your network!
Starting in July 2013, the countries of Mali and the Central African Republic will start giving away .ML and .CF domain names for free. Here are some quotes from the Press Release: Mali became the first African nation to announce it will give its domains for free. Today the Dot ML Registry published the launch schedule for the .ML top level domain space. Dot ML - the Mali domain name - will be operated by the Agence des Technologies de l'Information et de la Communication (AGETIC) as a generic, unrestricted, clean and global TLD focusing on individuals and businesses in - and outside Mali. “We are proud to be the first African nation to give domain names for free. “, says Moussa Dolo, General Manager of AGETIC. “By providing free domain names to internet users worldwide we will put Mali back on the map. We wish to show the rest of the world the fantastic opportunities our country has to offer. “ Although it may be a good source of publicity for the countries of Mali and the Central African Republic, they will likely end up being havens for spam. Spammers must rotate the domain names in their call-to-action URLs as they get filtered as spam, and having a limitless pool of free domain names lowers their costs. Even a cost of a few dollars per domain name adds up if the domain name can only be used for tens of messages before being rendered useless. The company operating the .ML and .CF registries (Freedom Registry) also runs the .TK registry, which also gives away free domains. Out of ~140k domain names ending in .TK in our system, nearly 90% of them are spammy. The following graph compares the percentage of .TK domain names identified as spam by our system against other popular TLDs.
chart_1
If .ML/.CF end up being abused in the same way as .TK, the publicity Mali and the Central African Republic receive will not be the kind they really want. Hopefully they will learn the lesson of .co.cc, which offered free domain names under .co.cc with full DNS, became a spam haven, and went offline in late 2012, or .pw, which has the highest percentage of hostnames identified as spam by our system in the above graph. The negative impact of providing free domain names extends beyond the registrar itself. A registrar has a duty to protect the rest of the Internet from abuse of their services. Providing free domain names without controls on how they are used lowers costs for spammers and makes it harder for anti-spam companies like Cloudmark to protect user's inboxes.