.ICU TLD spammers move to the .XYZ TLD

After noticing that the majority of the .ICU spam campaigns were drying up, I headed over to Namecheap to find out which gTLD was the next likely target for abuse. Well, what do you know, Namecheap was throwing out .XYZ domains for 1$ a pop.

.XYZ domain spam

To confirm my suspicions, I performed a quick query for any email originating from .XYZ domains. As I feared, spam from .XYZ domains had been flowing in since early December of 2019. To add insult to injury, the messages were delivered through the same service providers responsible for the .ICU spam campaign.

Dear Namecheap

So what happens when Joe Nobody inquires Namecheap regarding this highly questionable business?

The domain in question is not hosted with us and we don’t have access to SMTP servers it’s using. Thus, have no possibility to check email logs to confirm spamming activity. Please report this abusive activity to the domain hosting provider.

As specified by the Legal team, that upon receiving a complaint, a case will be initiated only if the reported domain names are blacklisted by any of our trusted anti-spam organizations.

Kind regards,
Namecheap Team

Translation: We already got paid, now f**k off and complain to the bulletproof hosting provider instead.

I would seriously consider paying good money for a quick peek at the actual WHOIS records for some of these .XYZ bulk registrations. I suspect there is a high probability that Namecheap is doing zero vetting.

Anyhow, my thanks for your valiant effort in this matter Spamcheap!