Domain Name Abuse Detection & Mitigation – NameSentrySM

NameSentrySM Product Description

NameSentrySM is an innovative anti-abuse monitoring and mitigation platform specifically designed for domain name registries and registrars that allows you to monitor and manage the security and reputation of your TLD or domain portfolio in near-real-time. Offered as a SaaS subscription, you can start using it immediately with minimal cost to implement.

NameSentrySM aggregates, monitors, and analyzes abuse data from the world’s most reputable blocklist providers to alert you about domains and IP addresses in your TLD or namespace that are involved in phishing, malware, spamming, botnets, and other problems. NameSentrySM’s complete set of configurable workflow tools can alert you and your registrars to problems, track incident status, perform automated mitigations, and more.

NameSentrySM saves you the costs associated with staffing and building software, as well as the costs associated with abuse mitigation and related customer service. It’s also an easy and effective way to comply with ICANN’s new TLD abuse monitoring and reporting requirements (Specification 11(3)b).

The easy-to-use online portal points out clusters of problems, alerting you to hotspots and priority problems. You can set the customizable preferences to track specific kinds of problems, automatically notify registrars about incidents, open tickets for your staff, and even suspend domains automatically if you wish. It also provides ad-hoc reporting features, intelligence and comparative metrics to other TLDs, and IP address monitoring. NameSentrySM customers also receive access via API.

NameSentrySM FAQs

What kinds of domain abuse does NameSentry capture?

NameSentrySM tracks domain names used for phishing, malware, prominent scams, domains advertised in spam, and domains and IP addresses being used by botnets. NameSentrySM also shows you IP addresses that are used to host abuse or are infected with malware. Because abuse types are often interrelated (for example, spam messages often advertise malware URLs),
NameSentrySM Enterprise quickly makes meaningful correlations and presents them to you in actionable format. We are constantly monitoring various data sources to ensure NameSentrySM employs the most reliable and comprehensive sources at any given time. In addition to the data sources we mine additional meta-data such as the Whois record, nameservers, IP addresses and registrars to provide users with greater context to perform mitigation actions.

How timely is the information in NameSentrySM?

Time is crucial when fighting abuse. Our data sources are updated continuously, with changes available to you within minutes of detection. We only work with providers who maintain their data carefully in order to provide our subscribers with fresh, reliable data and early warnings of problems.

Does NameSentrySM meet the abuse-related requirements in ICANN’s new registry contract?

Yes. NameSentrySM provides the technical analysis, tracking, and reporting required in Specification 11(3)b of ICANN’s new TLD contract. NameSentrySM can also meet the needs of TLDs that agreed to higher levels of monitoring and mitigation beyond the base contract, such as via PICs.

Every nTLD Registry Agreement says:
Specification 11 3.b: “Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.”

To comply with ICANN’s new registry contract, can I simply conduct periodic sampling in my TLD?

The contract says that “Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats …” Sampling and random checks will not reveal whether domains in the TLD are being used to perpetrate security threats. Sampling and random checks miss almost all abuse, and poorly-planned assessments will allow a TLD to remain infested with problems.

Why shouldn’t I just build a solution myself?

Up to now, the process for detecting and mitigating abuse has been very cumbersome, manual, and for the most part inconsistent. You can license individual data feeds, but each one has a different format, delivery method, and so on. There is significant effort and cost required to pull in, normalize, and store all the data. And then there’s the cost of designing and building a system that makes sense of the data and allows your staff to work with it. NameSentrySM does all that work for you, so you get the benefits without the headaches.

We’ve also negotiated with data vendors to achieve economies of scale and to bring those cost benefits directly to our clients.

What if I want to focus on one type of abuse differently than other types?

One of NameSentrySM’s core principle is to allow you to customize handling of different abuse cases, according to your organization’s policies and priorities. Prior to set-up, we will work with you to set up monitoring and workflow rules that meet your needs.

How flexible is NameSentrySM’s architecture to add data feeds?

We’ve designed the system to be flexible, and to accommodate new feeds as desired. We can also grant access to them on a per-customer basis. In all cases we maintain the currency of the data, and incorporate it into our reporting and archiving.

How does NameSentrySM identify abusive domains associated with e-mail?

Since the definition of “spam” varies by jurisdiction, our approach focuses on domain names that are advertised in e-mail, and is sent using abusive methods, and/or is attempting to exploit Internet users.

The domains on our lists are typically advertised by e-mail sent from botnets (a very illegal and abusive activity), or using other deceptive methods. The mail is received at “honeypot” mailboxes that have never been subscribed to legitimate mailing lists. And the destination sites being advertised are undesirable, including drive-by malware sites, phishing sites, rogue pharma domains, scams, and piracy sites.

Our data sources are used by most ISPs and corporations around the world to block abusive e-mail and sometimes, Web access to harmful sites.

How are various top-level domains treated in NameSentrySM? Are all treated or scanned equally?

We treat all TLDs the same. Our data sources have detection assets around the globe and are designed to find problems wherever they occur in the world domain space. Some TLDs have lower abuse rates due to their policies, prices, and distribution methods, and abuse tends to ebb and flow from TLD to TLD depending on the needs of criminals.


“As the registry for the extension, we consider the reputation of our name space to be critical to our long term success. NameSentry from Architelos has been our “go-to” tool for malicious behavior monitoring for more than a year now, and has enabled us to quickly identify, investigate, and enforce potential policy violations. There may be other tools on the market, but Team Architelos has decades of domain industry experience and expertise. I highly recommend NameSentry.”

Ken Hansen, CEO


“Architelos’ services are comprehensive and tailored to the needs of registry—and specifically new gTLD registry—operators. From abuse monitoring services to financial products and performance tracking metrics, Architelos’ products fit into every aspect of a TLD’s business strategy. Combined with solid software products and an excellent service team, Architelos is indispensable.”



Features Comparison

Basic versus Enterprise
Feature NameSentrySM Basic NameSentrySM Enterprise
User access via:
    Secure Portal
Fulfills ICANN 11.3b Requirements
24x7x365 abuse monitoring
ICANN compliance reports:
    Threats identified
    Actions taken(audit trail)
Abuse analysis
    Ad-hoc reporting tools
    Registrar abuse ranking
    Benchmark against other TLDs
    Status of incidents: active vs suspended
Fully configurable, automated workflow and mitigation tools:
    Automated notification to one contact
    Custom workflow(s)
    Unlimited escalating notifications
    Multiple 3rd party notifications (ie., law enforcement)
    Domain suspension
IP data collection & abuse correlation:
    IP block monitoring
    Individual IP monitoring
    Domain to IP correlation
    IP-triggered mitigation workflows
Full API support

Where can I see a demo of NameSentrySM?

Contact us for a live online demo with our staff.