Maintainers of new generic top level domains have a hard time keeping abuse in check

For some new gTLDs the ratio of malicious domains is almost 80 percent, Spamhaus says

Generic top-level domains (gTLDs) that have sprung up in recent years have become a magnet for cybercriminals, to the point where some of them host more malicious domains than legitimate ones.

Spamhaus, an organization that monitors spam, botnet and malware activity on the Internet, has published a list of the world's top 10 "worst TLDs" on Saturday. What's interesting is that the list is not based on the overall number of abusive domains hosted under a TLD, but on the TLD's ratio of abusive domains compared to legitimate ones.

Over the years, lists of spam-friendly top level domains have typically had .com, .net and .org at the top. However, a TLD's trustworthiness ultimately relies on the ability of the organization that manages it -- known as the registry -- to police its name space and to enforce rules for its resellers, the registrars.

If, for example, 1 percent of all .com domains were used for malicious activity, one could say that the .com registry, Verisign, is doing a relatively good job at keeping the abuse rate down. The problem is that because the .com TLD is so large, its 1 percent might represent more malicious domains than in a much smaller TLD where the rate of abusive domains is actually 50 percent.

Therefore, comparing good-vs-bad ratios is a better way to determine which registries care more about their TLDs' reputation, something that ultimately affects their legitimate customers.

"Spam and other types of abuse continue to plague the Internet because bad actors find it very cheap and very easy to obtain thousands of domain names from the Top Level Domain registries and their resellers, the registrars," Spamhaus said in a blog post. "A few registrars knowingly sell high volumes of domains to professional spammers for profit, or do not do enough to stop or limit spammers' access to this endless supply of domains. These registrars end up basing their entire business model on network abuse."

Based on Spamhaus' data, some of the generic TLDs that have been created in recent years thanks to ICANN's relaxed policies are not doing enough to stop abuse. This could be either because they're inexperienced at tackling such issues or because they care more about revenue than a clean Internet.

At this time, Spamhaus' 10 Worst Top Level Domains list looks like this: .download with 76 percent bad domains; .review with 75.6 percent bad domains; .diet with 74.3 percent bad domains; .click with 72.4 percent; .work with 65 percent; .tokyo with 51 percent; .racing with 50.8 percent; .science with 49.9 percent; .party with 45.3 percent and .uno with 42.5 percent.

Some TLD owners claim that it's up to resellers to deal with cases of domain misuse and policy violations, but if they don't force those resellers to take action, nothing will change, Spamhaus said. "A good number of the TLDs succeed in keeping spammers off their domains and work to maintain a positive reputation; this shows that, if they wished to, any TLD registry can 'keep clean'."

Join the CSO newsletter!

Error: Please check your email address.

More about ICANN

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts