Knowing that a minority of companies control most of the sites advertised in spam helps put the junk email problem into better perspective. To illustrate this consider a typical spam campaign. The emails are generated by tens of thousands of malware compromised machines and networks on the Internet. They send millions of spam messages to millions of victims. Sounds like a big problem, right? Not exactly. Because the number of actual websites advertised in those millions of messages is rather small in comparison the derivative of a spam campaign is seriously reduced. Reducing the true size even further is the fact that these real websites are held by one or maybe two registrar companies per campaign. Imagine that a spam campaign is a balloon. A balloon is actually made of a very small amount of real material, it only appears bigger because it's full of hot air. The huge volume of sent spam messages is the hot air that pushes the boundaries the Internet's resources, making the problem look bigger than it is. However, the air only stays in the balloon because it is knotted at the bottom. The registrars are this knot.

Graphic here:
http://www.knujon.com/news.html#05202008

Another thing I was thinking....

XIN Net for example....hmm...I wonder (and many others too, I'm sure) if they have _ANY_ "legit"/non-illegal domains registered by them...?

In my case, the balloon would be XIN Net (which is made of a very small amount of real domains)- and it appears to be a huge registrar, due to all of the one-off, illegal domain registrations, registered using stolen credit cards.


BTW, glad to see you back active on hte forums, KnujOn

Food for thought.

To hell with my gut feel, let's look at the actual statistics.

Just how big is Xin Net / Sino-I.com?
http://www.domaintools.com/internet-statistics/registrar-stats-2007.html
Number 19 on the chart.
GoDaddy is 25 times their size, Enom is 10 times their size.

Just how polluted are their registered domains?
http://rss.uribl.com/nic/
Compared with the big boys, Xin Net is very polluted.

Very polluted. And it's pills pills pills. Pills for breakfast, pills for lunch, pills for dinner.

That's my feel, too. Testing the theory, and looking at the last 20 Xin Net registered sites to hit url=http://rss.uribl.com/nic/XIN_NET_TECHNOLOGY_CORPORATION.html]spam traps[/url] in the last 20 minutes as a sample and feeding them into IDSpam to brand them -

manusuxbig.com MaxGain+
holepeople.com Canadian Pharmacy
hellupakse.com LNHSolutions
ontaornia.com Canadian Healthcare
personloud.com Canadian Pharmacy
oatronadls.com King Replicas
nciueai.com MaxGain+
swaruggu.com Canadian Healthcare
humoalit.com Canadian Healthcare
truttya.com King Replicas
systemsegment.com Canadian Pharmacy
bexerz.com Canadian Healthcare
producemorning.com Canadian Pharmacy
nuyeaoiru.com Canadian Healthcare
liaokest.com Exquisite Footwear
camebreak.com Canadian Pharmacy
nearwife.com Canadian Pharmacy
oieajlo.com VPXL - Penis Enlargement
fractionbranch.com Canadian Pharmacy
stupeedmu.com MaxGain+

Pills, potions, watches and shoes

Look at this: http://fluxor.laser.dico.unimi.it/~fluxor/

Tracking fast-flux, most of it is at Xinnet

Note to intrepid neophytes like myself to the wonderful world of fast-flux: there's a one-minute explanation (with pointers to more info, if you must) on Wikipedia here.

Edited to add a statement of bewilderment at the data on the FluXOR page from the University of Milan's LASER initiative, linked to by KnujOn: mouse over the two line graphs there to see the rapidly increasing amount of data on bad networks and agents they're collecting...

Staggering. But mostly illustrative of KnujOn's point is the pie chart: take out Xin Networks and Beijing Innovative Linkage and... Some others will jump in.