The Gabonese government has taken back control of their .ga ccTLD from Freenom who have provided registry services for the past decade. ccTLDs managed by the Dutch backend registry provider Freenom are well known as havens for spammers and phishers, recently being sued by Facebook’s owner Meta for, as Krebs On Security reported, allegedly ignoring “abuse complaints about phishing websites while monetizing traffic to those abusive domains.”
But Gabon’s government has finally moved and decided enough is enough.
“Due to the failure of the company Freenom, which has managed the .ga TLD up until now, to provide the Internet community with a satisfactory service, the Gabonese authorities decided to terminate the current contract and bring the management of Gabon’s national TLD back in House,” a joint statement from Gabon’s National Agency for Digital Infrastructure and General Government (ANINF) and Afnic [pdf], who now handles backend registry services, said. “This decision is backed by the country’s need, as the third largest economy in Central Africa, for reliable digital tools to support the online presence of businesses, associations, institutions and private individuals.”
The migration of .ga domain names took place from 4 to 7 June, but has been planned for a year. It is estimated that there were over 7 million .ga domain names under Freenom’s free model, but it was likely several million of these were deleted during the migration as Freenom did not provide registrant data.
It’s a far cry from a decade ago when ANINF was celebrating the partnership with Freenom.
“Gabon is working hard to become one of the leading IT hubs in Africa,” said Cyriaque Kouma, DIG Project Manager at ANINF at the time in a joint Freenom news release. “By giving our .GA domain names away for free we can encourage businesses and individuals in Gabon to develop their web presence and web applications and in turn diversify our economy and promote e-commerce. This strategy is an important part of our country’s vision to develop the Digital Gabon.”
Freenom’s business model revolves around providing free domain names for a number of ccTLDs. The first ccTLD it provided the model for was Tokelau’s .tk, itself one of the top-level domains with the most abuse, which had around 25 million registrations at the time Verisign stopped including Freenom’s ccTLD in their Domain Name Industry Brief in 2021. Verisign stopped including all Freenom’s ccTLDs, .cf (Central African Republic), .gq (Equatorial Guinea) and .ml (Mali) included, “due to an unexplained change in available estimates for the .tk zone size and lack of verification from the registry operator for these TLDs.”
In the most recent publicly available Spamhaus Botnet Threat Update for the fourth quarter of 2021, all five of the ccTLDs Freenom provided registry services for ranked in the top 16 for the most abused TLDs with .ga the worst of the five.
In another report in 2021 by the Interisle consultancy [pdf], they found the number of phishing domain names in Freenom’s five ccTLDs “represented 58% of all ccTLD phishing domains reported and 20% of phishing domains reported in all TLDs.”
But the model for Freenom’s free domains appears to be collapsing. Currently the website is unchanged since .ga’s migration and the “check availability” function does not appear to work for any of their ccTLDs. Domain Incite has reported “Freenom has not allowed anyone to register domains in any of its managed TLDs … since at least January 1 this year.”