Increased usage of unregistered spam domains


Consider the spam email below:

It promotes an online casino site.  URL filtering systems that block access to such sites usually run a few checks before adding the URL to the “spam” category.  One of these checks is that the URL is registered.  Once this is known the date of registration can be checked – bad sites usually have registrations that are only several hours old and this is then an important indicator of the reputation of a site.

But what if the site is not registered (as in the spam example shown above)?  Many URL reputation systems will not blacklist such a site and will not be able to pursue any further reputation checks (such as the date of registration).  This loophole allows spammers to send out emails linking to unregistered URLs – and then register them an hour or so after the outbreak in order to prevent the URLs from being blocked.

Although this trick has been used in the past, the previous 2 weeks have seen extensive usage made with outbreaks of several hundred million emails and many thousands of unregistered URLs.  Of course a recipient who actually clicks on the link in the first hour or so will not reach the destination – but the spammers seem to think that this is worth the reduced blockage.

Go back