[Michael]

I have blogged on this in the past, and everyone in the security arena is also commenting on this presently. I am very pleased to see that EstDomains has been de-accredited by ICANN, the governing entity that coordinates the allocation and assignment of the three sets of unique identifiers for the Internet.

In short, they have pulled the plug on EstDomains ability to register websites.

The reason they invoked for the de-accreditation was that The CEO of EstDomains, Vladimir Tsastsin, has been convicted of credit card fraud, document forgery, and money laundering, and sentenced to 3 years of prison in Estonia. Apparently a criminal conviction violates a clause in the agreement that ICANN had with EstDomains, and allowed them to terminate the RAA (Registrar Accreditation Agreement).

This feels an awful lot like Al Capone being sent to jail for tax evasion, and not for the numerous other crimes he committed. That ICANN had to wait for something like this to take action, when EstDomains active participation in the cyber crime ecosystem has been the worst kept secret, for so long, clearly demonstrates that they intend to continue with their "we don't police" approach to registrar accreditation.

Going to jail for tax evasion, as befell Al Capone, is still going to jail. Having your Registrar status revoked for having a criminal record, rather than for brazenly providing domain registrar services to the criminal element, is still having your registrar status revoked.

At least it is a step in the right direction. Mikko Hyppönen of F-secure has a very informative blog entry on exactly just how long this has been going on. http://www.f-secure.com/weblog/

And now, ICANN is looking for someone to take over the bulk of the sites that EstDomains managed.
http://www.icann.org/en/announcements/announcement-2-28oct08-en.htm

I don't envy whoever gets this job, but I do have a few suggestions: Compare the approx 280,000 domains against all the major blacklists. Anyone on the list gets dropped. Examine the balance by parsing it through the Google safe browsing API, Drop whatever else turns up.

This may feel a little too much like "throwing away the baby with the bathwater" to some, but it beats the alternative of just pulling the plug on the whole lot. Besides, I suspect that the number of domains will be considerably smaller after that process...

Jean "TinFoilHatMan" Taggart