New York asks domain registrars to crack down on sites used for coronavirus scams
New York state officials want domain name registrars to step up their efforts towards fighting the rising number of coronavirus-related scam sites.
These include the likes of websites selling fake cures, fake vaccines, or sites peddling malware disguised as coronavirus-related apps.
During the past month, thousands of these types of domains have been registered, on a daily basis, in an ever-increasing number — a trend highlighted by a ZDNet report last week.
On Friday, following our report, New York Attorney General Letitia James sent open letters to six of the internet’s largest registrars — companies that sell domain names — asking them to deploy countermeasures that would make the registration of all COVID-19 and coronavirus-related domains much harder.
According to a copy of one of the letters, the NY Attorney General would like to see domain registrars deploy one or more of the following solutions:
- The use of automated and human reviews for all newly registered coronavirus-related domain names
- The establishing of a special channel for authorities and the general public to report coronavirus-related scam sites
- The de-registration of all reported domain names
- The deployment of systems to halt the registration of coronavirus-related domains
- The deployment of systems to block the rapid registration of coronavirus-related domains
- Updating terms of service to add clauses for “aggressive enforcement for the illegal use of coronavirus domains”
Letters were sent to GoDaddy, Dynadot, Name.com, Namecheap, Register.com, and Endurance International Group (owner of Bluehost.com, Domain.com, and HostGator.com).
ZDNet reached out to all six companies seeking comment on the letters they received. Three of the six replied.
Of the answers we received, the most comprehensive set of measures was deployed by Namecheap, according to the company’s CEO, Richard Kirkendall.
In an email, Kirkendall said his company has already been working with authorities to “proactively prevent, and take down any fraudulent or abusive domains or websites related to COVID19 or the Coronavirus.”
“These actions also include banning such terms from our available domain name search tool to prevent them from being registered going forward,” Kirkendall told us.
But only Namecheap appears to have taken proactive steps to block customers from registering coronavirus scammy-looking domains.
On the other hand, GoDaddy and Endurance said they’d continue to rely on their abuse reporting mechanisms that are currently in place.
“We have processes and procedures currently in place to investigate and respond promptly to notices of illicit customer activity, including alleged illegal activity or other violations of our terms of service,” a spokesperson for the Endurance International Group told ZDNet in an email.
GoDaddy provided a similar reply via email, but also in a tweet addressed to Attorney General James.
However, while the two companies weren’t willing to deploy proactive measures to block the registration of coronavirus-related domains, they did publicly state that once malicious coronavirus domains are reported, they will move to delist the domains.
However, the question now remains how fast will some of these domain registrars be when answering an abuse report. A 2018 study found that web hosting providers usually took three days until they took down an abusive site.
Dynadot, Name.com, and Registrar.com did not return a request for comment or did not have a contact method listed on their websites.
Attorney General James’ focus on coronavirus-related scams comes as the US Department of Justice announced on Friday a concerted effort to prioritize the prosecution of coronavirus-related crimes. The agency filed its first charges two days later, against the owners of a website claiming selling fake COVID-19 vaccine kits.