The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes after the Dutch registrar was sued by Meta, which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.
Freenom is the domain name registry service provider for five so-called “country code top level domains” (ccTLDs), including .cf for the Central African Republic; .ga for Gabon; .gq for Equatorial Guinea; .ml for Mali; and .tk for Tokelau.
Freenom has always waived the registration fees for domains in these country-code domains, presumably as a way to encourage users to pay for related services, such as registering a .com or .net domain, for which Freenom does charge a fee.
On March 3, 2023, social media giant Meta sued Freenom in a Northern California court, alleging cybersquatting violations and trademark infringement. The lawsuit also seeks information about the identities of 20 different “John Does” — Freenom customers that Meta says have been particularly active in phishing attacks against Facebook, Instagram, and WhatsApp users.
The lawsuit points to a 2021 study (PDF) on the abuse of domains conducted by Interisle Consulting Group, which discovered that those ccTLDs operated by Freenom made up five of the Top Ten TLDs most abused by phishers.
“The five ccTLDs to which Freenom provides its services are the TLDs of choice for cybercriminals because Freenom provides free domain name registration services and shields its customers’ identity, even after being presented with evidence that the domain names are being used for illegal purposes,” the complaint charges. “Even after receiving notices of infringement or phishing by its customers, Freenom continues to license new infringing domain names to those same customers.”
Meta further alleges that “Freenom has repeatedly failed to take appropriate steps to investigate and respond appropriately to reports of abuse,” and that it monetizes the traffic from infringing domains by reselling them and by adding “parking pages” that redirect visitors to other commercial websites, websites with pornographic content, and websites used for malicious activity like phishing.
Freenom has not yet responded to requests for comment. But attempts to register a domain through the company’s website as of publication time generated an error message that reads:
“Because of technical issues the Freenom application for new registrations is temporarily out-of-order. Please accept our apologies for the inconvenience. We are working on a solution and hope to resume operations shortly. Thank you for your understanding.”
Although Freenom is based in The Netherlands, some of its other sister companies named as defendants in the lawsuit are incorporated in the United States.
Meta initially filed this lawsuit in December 2022, but it asked the court to seal the case, which would have restricted public access to court documents in the dispute. That request was denied, and Meta amended and re-filed the lawsuit last week.
According to Meta, this isn’t just a case of another domain name registrar ignoring abuse complaints because it’s bad for business. The lawsuit alleges that the owners of Freenom “are part of a web of companies created to facilitate cybersquatting, all for the benefit of Freenom.”
“On information and belief, one or more of the ccTLD Service Providers, ID Shield, Yoursafe, Freedom Registry, Fintag, Cervesia, VTL, Joost Zuurbier Management Services B.V., and Doe Defendants were created to hide assets, ensure unlawful activity including cybersquatting and phishing goes undetected, and to further the goals of Freenom,” Meta charged.
It remains unclear why Freenom has stopped allowing domain registration. In June 2015, ICANN suspended Freenom’s ability to create new domain names or initiate inbound transfers of domain names for 90 days. According to Meta, the suspension was premised on ICANN’s determination that Freenom “has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest.”
A spokesperson for ICANN said the organization has no insight as to why Freenom might have stopped registering domain names. But it said Freenom (d/b/a OpenTLD B.V.) also received formal enforcement notices from ICANN in 2017 and 2020 for violating different obligations.
A copy of the amended complaint against Freenom, et. al, is available here (PDF).
March 8, 6:11 p.m. ET: Updated story with response from ICANN. Corrected attribution of the domain abuse report.
Absolutely disgusting.
This is just a conspiracy by scum who seek to take the right to independence, the right to host your own web content, away from the human race. Zuckerberg is an avatar of evil.
The .tk domain (at least) is listed in a lot of anti-spam software as: if it’s there, it’s spam. Don’t bother to look further.
Regarding the lack of registration fees, when you read the fine print (or see comments on HN) you discover you are “borrowing” _their_ domain with _your_ chosen spelling. If they see a lot of traffic (that is to say, DNS lookups) they will demand payment. Once you pay, then it becomes your domain. More or less.
I suppose malware operators rely on the time delay between registration and the discovery of lots of DNS lookups.
“If they see a lot of traffic (that is to say, DNS lookups) they will demand payment. Once you pay, then it becomes your domain. More or less.”
No, that’s not a skeevy business operation at all. Yeesh.
This usually isnt a problem for me, as most of the time I’m using freenom for a temporary website/development purposes. Not everyone is using it for spam, but as they say, 1 bad apple spoils the bunch.
so you are saying, there might actually be a random good apple here or there in the totality of a truckload of rotten apples?
ICANN does not regulate country code domains, so I don’t think that’s why .tk domains aren’t available for registration.
Freenom’s model involves monetizing traffic when the free domains expire.
Feenom was one of the most popular domain name registry providers when it comes to free service. Now, it’s a turning point.
Honestly this seems like a good thing. Anyone running web services anywhere is constantly under attack from those domains. Freenom must be forced to change its ways, and it’s reasonable for Facebook to ask reimbursement of the additional moderation costs caused by Freenom’s recklessness. On the other hand, it wouldn’t necessarily be appropriate for this to be policed by anyone other than the private sector, because you don’t want a broad rule such a prohibition of free domains just because one provider failed at doing it properly.
This news article is false in many ways. You should really do your research before writing. Freenom has actually closed domain registrations down months ago, so blaming a meta lawsuit from March 3 really makes you look ignorant when domain registrations have been shut down since the beginning of the year (JAN 2nd capture of the notice: https://web.archive.org/web/20230102202710/https://www.freenom.com/en/index.html?lang=en ). Do your research bro.
Okay, bro, thanks. The story notes that the Meta lawsuit was originally filed in Dec. 2022, so I don’t think it’s out of the realm of possibility to say there could be a connection between the two.
Mike,
Go back to Reddit. Thanks “bro”/”bruh”
Sincerely,
Everyone
Don’t be telling others to do their research when you be getting dates wrong lmao
In thıs time very bıg earhtquake in my country many human died, up 20 firends of me die 1.5 months we are checkig every where. Out of the computer not fake ı am sorry for be awake all time computer because ı could alive and help animals and humans. Thank you very much for comments
In thıs time very bıg earhtquake in my country many human died, up 20 firends of me die 1.5 months we are checkig every where. Out of the computer not fake ı am sorry for be awake all time computer because ı could alive and help animals and humans. Thank you very much for comments
Freenom already stopped free registrations before the Meta lawsuit was announced. It’s not directly related.
There is usually correspondence between companies before lawsuits are filed.
Cease and desist etc.
I had the opportunity to experiment that since August 2022 the free records on Freenom were not successful from August 2022. The platform allowed to complete the entire registration order, after confirmation a message of OK appeared, but no domain was recorded and in its account reserved area, no order was stored.
That way they can monitor the attempts.
But I don’t think this is a good idea.
As someone who looks at the proxy community often, we are mostly kids on chromebooks, and the go-to register for domains is Freenom, Namecheap, and Porkbun, but Freenom was the best because it was free, so this most likely will affect us in some way. But then again, Meta is picking on smaller companies, their argument does have some ground, but arnt you trying to make your silly meta-verse?
I shouldn’t be saying this here but to be honest this hacker should be reviewed, I just used his services, and he’s the best, experience and ethical. Contact him for any hacking and recovery support via email, (wisetechhack@ gmail .com) you can tell him I referred you
SCAM, a very obvious one by the way, typical Bidenista scammer
I really dont think online registration, many times ı wrote as ın october 2022 and ı think am waiting top much. I am working long hours and only open computer my cat plays youtube video or ı am checkıng patients report or another clinicjobs, or CT I m not fake or scam, congragulatıons sitting all time behind the computer could be very hard. Its not my survey findig magazines and another thinks matching and find a result. I dont think and now ıts comic. I am not know system, ı sand a folder with Ups and and ı am waıtıng maıl or cargo… this century am ı alone dont lıke sitting computer. Thanks for comment ıf ı were you may ı thınk as you
My original Linux Tips site was on a .gq (Freenom) domain name. It was paid for, but the rest of the web treated me like a black sheep ’cause of the .gq domain name. Even if I did everything absolutely perfect, no emails would make it through the filters – some, like @outlook.com wouldn’t even put the emails in the spam folder.
I don’t understand, why Meta would sue the domain registrar, instead of suing the criminal themselves.
The freenom is just a registrar.
It’s like suing a car manufacturer, since some bank rubbers used its brand to rub a bank!
I don’t think it is even legal.
They’re suing the registrar to find out who their bad customers are. Then they will sue or go after the criminals once they’re identified. At least, that seems to be the strategy.