The Internet Corporation for Assigned Names and Numbers (ICANN) has announced it will delay shutting down EstDomains, an Internet registrar accused of having ties with spammers.

ICANN sent a letter to EstDomains saying it would pull the company’s accreditation on November 12 and transfer the 281,000 domains under its management to another registrar.

ICANN has the authority to revoke a registrar’s accreditation if an executive of the company has been convicted of a felony or misdemeanor related to financial activities.

EstDomain’s president, Vladimir Tsastsin, was convicted of credit card fraud, money laundering and document forgery in an Estonian court on February 6, according to ICANN.

EstDomains is arguing that Tsastsin resigned as president in June and that his conviction is on appeal with Estonia’s Supreme Court.

CEO Konstantin Poltev wrote in a letter to ICANN stating that EstDomains was not required to notify the organization about its executive changes. EstDomains is trying to keep its accreditation and included a document that showed Tsastin’s resignation in June.

ICANN said it is taking more time to assess the merits of the claims and has stayed the termination process.

“ICANN will take all reasonable measures to protect the interests of registrants during the stay period and the subsequent termination process that may follow,” ICANN officials said.

The Internet Corporation for Assigned Names and Numbers (ICANN), the non-profit who oversees the management of domains names and IP addresses, has dropped the accreditation for EstDomains, essentially ending their ability to process new domain orders for any Top-Level Domain.

ICANN is the authority when it comes to domain names and IP addresses. Nothing happens on the Internet without their having some role in it. If a company allows registrations of new domain names, or transfers, then they must be accredited by ICANN to do so. If an ISP issues new IP addresses, ICANN will have a role to play in this as well.

EstDomains, with almost 300,000 domains, is the 49th largest domain registrar online. The bulk of their business is domain registrations, but the company also offers managed DNS, SSL Certificates, and E-Mail services. They have a reseller program as well, for customers to buy and sell bulk domain addresses.

Washington Post reporter Brian Krebs started an investigation that linked EstDomains to several websites, numbered in the thousands, that host malicious software, Spam, and in general named them as a haven for criminals online. The investigations into EstDomains started in September.

Around that time, Krebs discovered evidence that the President of EstDomains, 27-year-old Vladimir Tsastsin, was found “…guilty of entering illegal data into card payment systems of Internet stores for the purpose of material gain, creating forged documents, using forged documents, and money laundering.”

“I wondered why would a company like EstDomains keep a chief executive on who was sent to prison for cyber fraud…I asked that very question of Hillar Aarelaid, team director of the Estonian Computer Emergency Response Team (CERT Estonia). Aarelaid maintains that Tsastsin long ago ceded control of EstDomains to organized cyber criminals in Russia,” Krebs wrote in one of his articles on the subject.

“To understand EstDomains, one needs to understand the role of organized crime and the investments coming from that, their relations to hosting providers in Western nations and the criminals who ply their trade through these services,” Aarelaid said.

Indeed, according to both the investigations by Krebs and other security company’s, EstDomains has been a long bedfellow of the RBN (Russian Business Network), the premier collective of organized criminals online.

EstDomains called Krebs and his reports “Yellow Journalism” and one spokesperson for the company, Konstantin Poltev, told the Security Fix reporter, “I sincerely hope that you will [choose] Google for your further investigation and gather the information without using the sources you have indicated as reliable. I assume that the independent investigation shall definitely show you that the person, who granted us the ‘cybercrime registrar’ title, has made a mistake.”

However, the constant pressure from security experts and journalists like Krebs and the team from The Register caused EstDomains’ ISP Interchange (Atrivo) to be shut down; leading to, among other things, a severe drop in some types of Spam, and the reported death of the Storm network.

The investigations, the bad press, and the pressure from several sources have all led to the announcement Tuesday that ICANN de-accredited EstDomains.

“Dear Mr. Tsastsin,” the letter starts, “Be advised that the Internet Corporation for Assigned Names and Numbers (ICANN) Registrar Accreditation Agreement (RAA) for EstDomains, Inc. (Customer No. 919, IANA No. 832) is terminated. Consistent with subsection 5.3.3 of the RAA, this termination is based on your status as President of EstDomains and your credit card fraud, money laundering and document forgery conviction. This termination shall be effective within fifteen calendar days from the date of this letter, on 12 November 2008.”

The letter adds that ICANN is seeking, “Expressions of Interest from Registrars to Receive Bulk Transfer of Names from De-Accredited Registrar EstDomains.”

“I never thought I’d see the day! ICANN found it’s dentures down the back of the sofa and [has] taken a bite out of the [criminal’s] domain registration empire. ESTDomains will no longer be a registrar as of Nov 12th,” wrote McAfee’s Chris Barton in an Avert Labs blog post. “So I’ve got a question… Who’s got the balls to take on ESTDomains problems customers?”

“This is almost 2 years too late and took far too much media attention to shake their tree. The worst of the criminals left EST for other registrars after the “defecation meets the rotary oscillator” in August, but never the less, that (so I’m told) this is quick for ICANN…”

Another security pundit, Gadi Evron, said, “I believe this is a very positive step from ICANN, showing it is indeed an active part in shaping the Internet, as well as responsible to its constituents. While I am sure this can not be an easy move to make, it is warranted in this case and I believe it to be a brave one. While such decisions must not be made rashly, it is my deepest regret WHOIS information is the only way to reach such ends.”

This is good news for security companies who fight malicious domains, Spam and other crimes online. Yet, for a company that makes a bulk of its money from domain sales, the future is bleak at best. EstDomains made no comment on ICANN’s actions and has defended its business model when faced with negative press.

The Internet Corporation for Assigned Names and Numbers (ICANN) has announced it will delay shutting down EstDomains, an Internet registrar accused of having ties with spammers.

ICANN sent a letter to EstDomains saying it would pull the company’s accreditation on November 12 and transfer the 281,000 domains under its management to another registrar.

ICANN has the authority to revoke a registrar’s accreditation if an executive of the company has been convicted of a felony or misdemeanor related to financial activities.

EstDomain’s president, Vladimir Tsastsin, was convicted of credit card fraud, money laundering and document forgery in an Estonian court on February 6, according to ICANN.

EstDomains is arguing that Tsastsin resigned as president in June and that his conviction is on appeal with Estonia’s Supreme Court.

CEO Konstantin Poltev wrote in a letter to ICANN stating that EstDomains was not required to notify the organization about its executive changes. EstDomains is trying to keep its accreditation and included a document that showed Tsastin’s resignation in June.

ICANN said it is taking more time to assess the merits of the claims and has stayed the termination process.

“ICANN will take all reasonable measures to protect the interests of registrants during the stay period and the subsequent termination process that may follow,” ICANN officials said.