Cloudmark is now part of Proofpoint. Learn More

About Proofpoint

.ML and .CF TLDs: The Next Likely Spam Havens

Starting in July 2013, the countries of Mali and the Central African Republic will start giving away .ML and .CF domain names for free. Here are some quotes from the Press Release:

Mali became the first African nation to announce it will give its domains for free. Today the Dot ML Registry published the launch schedule for the .ML top level domain space. Dot ML – the Mali domain name – will be operated by the Agence des Technologies de l’Information et de la Communication (AGETIC) as a generic, unrestricted, clean and global TLD focusing on individuals and businesses in – and outside Mali.

“We are proud to be the first African nation to give domain names for free. “, says Moussa Dolo, General Manager of AGETIC. “By providing free domain names to internet users worldwide we will put Mali back on the map. We wish to show the rest of the world the fantastic opportunities our country has to offer. “

Although it may be a good source of publicity for the countries of Mali and the Central African Republic, they will likely end up being havens for spam. Spammers must rotate the domain names in their call-to-action URLs as they get filtered as spam, and having a limitless pool of free domain names lowers their costs. Even a cost of a few dollars per domain name adds up if the domain name can only be used for tens of messages before being rendered useless.

The company operating the .ML and .CF registries (Freedom Registry) also runs the .TK registry, which also gives away free domains. Out of ~140k domain names ending in .TK in our system, nearly 90% of them are spammy. The following graph compares the percentage of .TK domain names identified as spam by our system against other popular TLDs.

chart_1

If .ML/.CF end up being abused in the same way as .TK, the publicity Mali and the Central African Republic receive will not be the kind they really want. Hopefully they will learn the lesson of .co.cc, which offered free domain names under .co.cc with full DNS, became a spam haven, and went offline in late 2012, or .pw, which has the highest percentage of hostnames identified as spam by our system in the above graph.

The negative impact of providing free domain names extends beyond the registrar itself. A registrar has a duty to protect the rest of the Internet from abuse of their services. Providing free domain names without controls on how they are used lowers costs for spammers and makes it harder for anti-spam companies like Cloudmark to protect user’s inboxes.


2 thoughts on “.ML and .CF TLDs: The Next Likely Spam Havens”

  1. The “Spam/legit Hostnames by TLD” is one of the most telling metric I’ve come across yet. Well done. I was wondering if you ever published a full chart such as the one in this article?

    Since it was published, I’m afraid the worst happened for those newly-freed TLD: massive spam. Having registered one such domain myself to see how it would behave (particularly on Google), I’ve noticed that they are highly penalized. Even for the least competitive terms and the most benign site content.

    Kind regards,
    Max

  2. We started receiving spams from: news1@monsremi.ml, news1@denshots.ml, news1@dogybail.ml, news1@icedsoph.ml, news1@milkadam.ml which is bad enough. Yesterday the SOB POS under news1@milkadam.ml also spammed other people under our company email and we have been receiving profanity laced responses. Trying to explain to these people that we are not the spammers is a waste of time. Stupid POS scum of the earth who has nothing to do in his worthless life. Each time we block the POS, the POS spams us with another email. Mali – the country of stupids, dimwits, nitwits, morons, nincompoops, scum of the earth POS.

Leave a Reply

Your email address will not be published. Required fields are marked

Learn More About Cloudmark
Our Products
News and Events
Site Map  •  Privacy Policy  •  ©2002–2018 Cloudmark, Inc.