Domains/Registars/Nameservers - what is everyone talking about?
Spammers are criminals, but they rely on legitimate businesses to carry on their activities. One of the most important ways to fight spam is to notify those businesses when they are being abused by spammers.
One of those types of businesses is the "domain registrar." A "domain name" is a name like "example.com" that identifies a website. The actual computers where websites are located have numeric "IP addresses" like 127.0.0.1. Giving those websites domain names makes the internet much easier to use. But that means there have to be records and roadmaps on the internet, so that when you type "example.com" in your internet browser, the computer with that website can receive your request to view their webpage.
Someone who wants a website has to arrange to register a domain name with a registrar. The registrar then submits that domain name to a "registry," which governs the registration of all domain names for particular "TLD's" or "top level domains." TLD's you will be familiar with are ".com" and ".net," which are governed by ICANN and the InterNIC registry, but there are numerous other registries. A single registrar may register domain names with TLD's governed by several different registries, and a single registry will usually deal with multiple competing registrars. In addition, large registrars may work with "resellers," independent affiliates who bring in business for the registrar and who may do the direct customer support. Registrars must be "accredited" by the registry, and they are responsible for the actions of their resellers (who are not accredited directly).
As you will notice, the "top" level domain name is the one on the far right
of the domain name in the "URL" (or "uniform resource locator"), just before the first single "/" mark. (The URL is the full address of the web page, like http:
//ksforum.inboxrevenge.com/index.php, and includes the domain name.) In addition to the domain name like "example.com," a domain may have "subdomains" on the left of the domain name, like "forum.example.com" or "www.example.com."
The person setting up the website also has to arrange for his site to be hosted by an internet service provider, which is basically someone with a computer who will allow other people to store their website files there. His domain name will have to be associated with the IP address of that ISP's computer. He can have his site hosted on several IP addresses and even several different ISP's at once, and he can have his subdomains hosted on different computers than the main domain.
How would anyone find his website with all that going on? The information is stored on a computer that acts as a "nameserver." The registrars keep track of which nameservers have information for which domains and submit that information to the registries. The nameservers themselves have to have domain names registered, but they don't have to have websites. Their IP addresses have the special name "glue records," to distinguish the fact that nameservers don't need other nameservers to store their IP addresses. A domain name can (and should) have several nameservers (in case one goes down, the others can allow people to visit the website). And a nameserver can keep records for thousands of domains. If all the nameservers for a domain fail to function, it is impossible to view that site.
When we report a spamvertised website, we frequently report them to registrars. We look at the URL to find the domain name. We read until we hit the first single "/" then work backward. So for this URL:
the domain name is "erklsetr.com," not "google.com" nor "microsoft.html."
We can report that individual domain name, but often the spammers have dozens or hundreds or thousands of identical websites with different domain names. If we can get all the nameservers for those domains shut down, we can get all those spamvertised sites off line at once. The Complainterator tool (available at http://spamtrackers.eu/downloads/
) will look up the registrar for the domain name and the nameservers' domain names and will compose reports to send to each of them.
The caveat is that you can't shut down a nameserver that serves good websites, only nameservers controlled by the criminals. How do you know the difference? Complainterator helps, because it will automatically suppress many of the nameservers controlled by registrars themselves. In addition, if you see a nameserver's domain name was registered years ago, it is more likely to be legitimate; in any case, you will have difficulty convincing a registrar to shut down a long term customer. Most spammers' domains are registered only a few days before they show up in spam, and those that aren't shut down are abandoned once spam filters add them to their definitions. Again, shutting down the nameserver can even shut down domains that have not yet been mailed in spam.