[dns-operations] shunning malware-hosting registrars

Mark E. Jeftovic markjr at easydns.com
Tue Jan 28 16:12:52 UTC 2014

Stephane Bortzmeyer wrote:
> On Tue, Jan 28, 2014 at 10:43:21AM -0500,
>  Daniel Sterling <sterling.daniel at gmail.com> wrote 
>  a message of 31 lines which said:
>> Would it be possible for the larger DNS community to blacklist and
>> stop serving domains from registrars that are known to be friendly
>> to malware authors? For example, the recent FileZilla malware [1]
>> uses domains hosted by Naunet.ru. The Avast staff say that registrar
>> "ignores requests to suspend illegal domains."
> This goes on a very slippery slope. First, "illegal" does not mean the
> same thing in different countries (showing a female bare breast may be
> illegal in Saudi Arabia but not in Sweden). Second, evaluating if
> something is actually illegal can be tricky, even for a trained
> judge. Third, once you start doing this, you can bet a lot of money
> that many people will request it from you: the entertainment industry,
> the State, the local police, the local cult, etc.

Stephane is absolutely correct, there is a slippery slope here that had
to be considered.

Wearing our registrar hat, we just went through a couple of battles on
this front, where third parties deign to decide what is "legal" and end
up coercing registrars into taking down entire businesses with zero due
process (I refer to NAPB takedown requests and to a lesser extent the
City of London Police thing).

So "illegal" is a very mercurial word, in our case we state that if you
want to take something down because *you* say it's "illegal", then you
need a court in our home province to agree with you and order us to take
it down.

That said, it is consistent with this stance to take down a any domain
involved in any kind of net abuse. Our ToS say as much and spreading
malware certainly qualifies.

- mark

Mark E. Jeftovic <markjr at easydns.com>
Founder & CEO, easyDNS Technologies Inc.
+1-(416)-535-8672 ext 225
Read my blog: http://markable.com

More information about the dns-operations mailing list