Although it may sometimes seem that the purpose of a spammer is to try and fill your inbox with useless content, their main goal is to have a recipient perform some type of action. The "call to action" could be to click on a website URL, call or fax a number or simply send an e-mail to an address provided. In this way the spam campaign can result in sales or in the case of phishing, the collection of valuable data. Content Filtering solutions often have lists against blacklisted URL's, phone numbers and e-mail drop boxes since there's an overhead for the spammer in changing and managing the call to action - domain registration costs, adding phone lines and breaking CAPTCHA's to create new drop boxes. There's also the risk that the provider of these services could terminate the accounts making the campaign ineffective.
Let's take the case of a spam message with a website URL in the message body. The message is likely to be received by anti-spam labs via honey pots and end user missed spam submissions within a short amount of time so that future e-mails will be blocked. The natural solution for the spammer is to register a large number of domains and frequently change them once they become blacklisted but this costs money! The cost of registering a single .com domain can be ten times greater than the cost of registering a .info domain. So if you needed to register several hundred throw away domains which one would you opt for? Some large registrars even offer .info registration for sale under a $1 with discounts for bulk registration.
As I mentioned before, the spammer also needs to be concerned that their domain could be suspended by a domain registrar with a sensible anti-abuse policy and responsive to complaints. So there's a trade off in price versus service and a spammer is more likely to opt for registrars that are able to turn a blind eye since the spammer is paying them after all. I recently read a report by KnuJon claiming that 90% of the spam sites they track are clustered at 20 registrars! Here's their top ten list of Domain Registrars that are seem to be preferred by spammers. The rankings are explained in the report I've linked to.
1. Xinnet Bei Gong Da Software (China)
2. BEIJINGNN (China)
3. Todaynic (China)
4. Joker (Germany)
5. eNom, Inc. (USA)
6. MONIKER (USA)
7. Dynamic Dolphin (USA)
8. The Nameit Co/AITDOMAINS.COM (USA)
9. PDR (USA)
10. Intercosmos/DIRECTNIC (USA)
Since the publication of these rankings, ICANN has published a notice in relation to the Domain Registrars stating that the "Worst Spam Offenders" have been contacted and need to explain themselves.
"But if those registrars, including those publicly cited, do not investigate and correct alleged inaccuracies reported to ICANN, our escalation procedure can ultimately result in ICANN terminating their accreditation and preventing them from registering domain names,"