We are extremely surprised to find that you too have made the mistake of publishing frivolous and defamatory statements, without bothering to verify its truthfulness or accuracy.

I posted some research mostly about EST, some opinion and some links. I welcome further discussion that does not steer away from the point of the post.

Furthermore, you have completely ignored our challenge (http://blog.directi.com) to the Knujon and Hostexploit reports, which shatters the very basis of their claims. In our blog article, we have provided specific details which will at the minimum, give you strong reason to believe that Directi is being made the scapegoat and is unfairly dragged into this story. The plausible reason for victimizing us, is for the sake of enhancing the story’s sensationalism. Think about it – without implicating the likes of ICANN and Directi, Knujon and Hostexploit’s reports wouldn’t have come anywhere close to the traction and exposure it has received to date.

Sorry I didn’t ignore it. The post was written the day before your response. We had a few hours of internal delays posting it as the editor is in the USA and I’m in the UK.

Yes, Knujon shook the big tree. He might not have been 100% correct first time but he has highlighted a number of good points that were interesting. In fact my first email response to him was in your defense (in a registrar capacity), whilst I was at that concert. I did my own research at a tangent into the supply chain and the LogicBoxes setup, and discovered for myself how EST’s various registration processes worked via your systems. That I’m afraid is not a scapegoats position.

I am however glad to see your joint response. I still think there is significantly more work to be done.
This is a real opportunity to show that you are willing to listen to the community and deal with troublemakers.

It is unfortunate that you seem to make a false allegation of your own, about LogicBoxes not having an AUP for its service. Well, ever since our inception in 2001, we have a very comprehensive AUP in place, which is duly enforced with every client. A copy of the same will be followed by this post.

Now that I’d like to see. I couldn’t find on the LogicBoxes website or via google (1,2), I did find something about the not querying the API too much, and having a complaints address however nothing obvious that stated LogicBoxes could at their discretion terminate a relationship for continued abuse.
If it were published prominently the community would help out and quote it at abuse@ staff when making complaints.

If you do have an AUP that covers the LogicBoxes service how come it’s not been used yet? I can still see *new* business spreading downloaders.

Much to the contrary of what you have written, Directi continues to be one of the most proactive players today in terms of combating abuse and implementing strict AUPs. We have a significant investment in terms of manpower and processes to achieve just this. We do so, not because we’re contractually obligated, or to protect our own business interests, but because we sincerely believe in the ideology of making the internet a safer and more secure medium for conducting business. As a matter of fact, we have a ZERO tolerance policy towards unscrupulous activities, and therefore extremely shocked by this incident.

I have recognised that with your in-house registrars this is not in dispute.
As for making the internet a safer place, lets be frank for a second and get back to the focus of the post. You guys know the score with ESTDomains and friends but continue to provide them with the service layer for domain management.

On another note, I request you to understand the limitations registrars and related service providers face in tackling these issues. Despite having a dedicated abuse complaints processing team, it is impossible for us to deploy the necessary resources and expertise to manually authenticate the legal status of each of the 4 million + sponsored domain names. A false positive could lead to a significant loss for an innocent customer, for which we will be squarely responsible. Things get even more difficult when other registrars that use our platform, are less sensitive towards their moral responsibilities. Sure – we’d like to pull the plug and permanently close our business with them, but how does one protect the several hundred thousand innocent website owners that also happen to use their services?

I made no complaint about false data as I did not want to muddy the waters of responsibility further because I clearly realise the issues involved.
I’m McAfee’s representative for all domain related matters at the APWG so I do understand the limitations of registries in this area, registrars are a different kettle of fish as they have AUP’s in their arsenal. In much of this abuse I recognised that Directi are not the registrar, they are only the service platform and did my best to stress that point. I’m sure you’re aware that this is exactly where AUP’s and proactive abuse management come in to play. You clearly know what these customers (resellers and registrars) are up to and yet you let them continue to be new business, you can appreciate why the community want to progress this matter further.

Please don’t suggest that domains on bad-guys accounts that have not had complaints are fine. Given that you appear to use an infinite reseller model I assume you can see every individual customer accounts too. The Internet community is not going to fuel your abuse operations, just the reactive abuse operations.

[Readers - do not visit the domains in the next paragraph]
Some examples if I may: If you get a complaint about silafine .com (domain created yesterday) for hosting some malware you need to look at the other domains on the account too (I’m betting on : zowidicen ytujezuruwa orelilukaryd takeworiwu .com being related somehow), rinse and repeat, and ding the reseller/registrar for repeatedly not paying attention too. Thankfully your abuse ops took down the backend for this scam on request, and here is the proof of the pudding they moved to another domain owned by the same guy “seodancer@gmail.com” who also ownes malware-scan.com, spyshredderscanner.com on a different reseller and probably 100 others too, but you have previously suspended powerantivirus .net but not the others including powerantivirus .cc that was registered at the same time?

I would also sincerely request you to ensure that in the future when referencing reports of this nature, you extend to the subject, an opportunity to confirm the facts.

We’ll also be glad to clarify your doubts on the above mentioned facts, over a conference call. If you’d like that, do provide us with an appropriate time and number on which you can be reached.

I’m clearly an advocate here and I don’t doubt the content of my post, but of course I’m willing to discuss the points raised and I’m more than willing to help if you’re taking action.
I’ve left you a message with my direct contact details with your assistant.

Directi’s anti abuse staff also have an invite to the next APWG meeting (Wed/Thur sessions). It’s a great place to discover what the criminals are actually doing and press the flesh with those fighting cybercrime.

Some of the reputation damage that has been caused as a result of this incident is probably beyond repair. However, I do hope to receive your full support in taking remedial actions for the sake of limiting this damage, and for fulfilling a moral responsibility.

I’m inclined to disagree here too. It’s an opportunity to flex that AUP and show your fortitude to protect the the online community. Also you really shouldn’t be worried about reputation if you are confident you’re process is adequately dealing with situations created by black-hat customers before they get to this stage. Acting on the perpetrators will do more good for your reputation in the long run than acting on individual domain complaints.

We are extremely surprised to find that you too have made the mistake of publishing frivolous and defamatory statements, without bothering to verify its truthfulness or accuracy.

Furthermore, you have completely ignored our challenge (http://blog.directi.com) to the Knujon and Hostexploit reports, which shatters the very basis of their claims. In our blog article, we have provided specific details which will at the minimum, give you strong reason to believe that Directi is being made the scapegoat and is unfairly dragged into this story. The plausible reason for victimizing us, is for the sake of enhancing the story’s sensationalism. Think about it – without implicating the likes of ICANN and Directi, Knujon and Hostexploit’s reports wouldn’t have come anywhere close to the traction and exposure it has received to date.

It is unfortunate that you seem to make a false allegation of your own, about LogicBoxes not having an AUP for its service. Well, ever since our inception in 2001, we have a very comprehensive AUP in place, which is duly enforced with every client. A copy of the same will be followed by this post.

Much to the contrary of what you have written, Directi continues to be one of the most proactive players today in terms of combating abuse and implementing strict AUPs. We have a significant investment in terms of manpower and processes to achieve just this. We do so, not because we’re contractually obligated, or to protect our own business interests, but because we sincerely believe in the ideology of making the internet a safer and more secure medium for conducting business. As a matter of fact, we have a ZERO tolerance policy towards unscrupulous activities, and therefore extremely shocked by this incident.

On another note, I request you to understand the limitations registrars and related service providers face in tackling these issues. Despite having a dedicated abuse complaints processing team, it is impossible for us to deploy the necessary resources and expertise to manually authenticate the legal status of each of the 4 million + sponsored domain names. A false positive could lead to a significant loss for an innocent customer, for which we will be squarely responsible. Things get even more difficult when other registrars that use our platform, are less sensitive towards their moral responsibilities. Sure – we’d like to pull the plug and permanently close our business with them, but how does one protect the several hundred thousand innocent website owners that also happen to use their services?

I would also sincerely request you to ensure that in the future when referencing reports of this nature, you extend to the subject, an opportunity to confirm the facts.

We’ll also be glad to clarify your doubts on the above mentioned facts, over a conference call. If you’d like that, do provide us with an appropriate time and number on which you can be reached.

Some of the reputation damage that has been caused as a result of this incident is probably beyond repair. However, I do hope to receive your full support in taking remedial actions for the sake of limiting this damage, and for fulfilling a moral responsibility.

Best Regards,

Sandeep Ramchandani
Strategic Partner Manager – The Directi Group
Tel : +1 (832) 295 1535 Extn: 7624
Fax : +1 (904) 369 0153