I recently blogged about two reports related to business practices of web-related companies. One of those companies, Directi, was the direct target of the KnujOn report and was mentioned in Jart Armin’s report, as well. I blogged about Directi’s response to the KnujOn report last week.

This week, Directi, KnujOn, and HostExploit (Jart’s company) released a joint statement:

In light of recent developments, Jart Armin of HostExploit.com, Bhavin Turakhia, CEO of Directi and Garth Bruen of Knujon have had an open dialogue and mutually agreed to release this joint statement as an accurate representation of facts, clearing any previous misconceptions and reaffirming their common goal to combat abuse on the Internet.

You can read the statement for the specifics, but I want to applaud the public commitment by all three parties to working together to fight badware. So far, Jart tells us that they have removed thousands of badware and spam domains. It will be interesting to see how this plays out and, in particular, how Garth, Jart, and other members of the security community evaluate Directi’s follow-through.

Also this week, both Directi and EstDomains (which was mentioned prominently in Jart’s report) contacted us to request that we send any data about domains registered through their respective services to them so they can take appropriate action. We don’t currently analyze registrars, though we hope to sometime soon, and we will, of course, make the data available to the registrars to the extent practicable if/when we have such data.

All of this activity raises an interesting (and long-standing) question about the role of domain registrars in policing content of sites. Should a domain registrar be expected to deactivate a domain that is known to be associated with badware? If so, who is the authority that decides which sites should be taken down? How is the process kept transparent? How are errors corrected? What about legitimate sites that have been infected without the owner’s knowledge (like many of those that are in our Clearinghouse?) What about sites that are potentially "bad" in other ways, like violating local laws, perpetuating defamation, or trafficking in child pornography? Let us know what you think in the comments.

A few days ago, I mentioned a report by KnujOn regarding the Directi Group. Directi e-mailed us today to state their side of the story:

Directi is not linked with any of the activities described in that report and Knujon, in their research have never bothered to get their facts straight from either ICANN or us.

They also forwarded us a message that they sent directly to KnujOn contradicting several specific points of the KnujOn report.

Hot on the heals of yesterday’s report about Atrivo by Jart Armin, there is a new report by security research group KnujOn investigating what appear to be some shady business practices by the Directi Group:

In our continuing effort to shed light on the dark corners of the Internet we have produced this report on the Directi Group, a fairly large player in the Registrar world. We have highlighted their use of the controversial service PrivacyProtect.org, their association with EstDomains, their continued sponsorship of fake pharmacy domains, and their apparent ability to get Registrar accreditations for 48 Phantom Companies.

[Update: Directi has since worked with KnujOn and Jart Armin to address these concerns.]