Home / Blogs

New gTLDs: Floodgates for Spammers?

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.
Terry Zink

Ever since I heard of the new generic Top-Level Domains (gTLDs), I wondered whether they would be prone to abuse. For example, Microsoft might want to register www.microsoft.microsoft, or Sony might want to register www.sony. But isn't this opening up the floodgates for spammers to register their own domains and squat on them? Why couldn't a spammer register www.cit.ibank? They could then send phishing messages and fool people into clicking very legitimate looking domains.

But I don't think this will be a problem. One reason I say this is because the process of getting your own personal gTLD is going to be a pain and it won't come cheap. For one thing, it will cost over $150,000 (forget the exact number, is it $185k?) to get your own domain names. Spammers need to be able to register their domains as quickly as possible for the lowest cost. They open them up, send a spam run, get blocked, and move on. They register them, send a spam run, get blocked, and move on. They need to do this in volume because they have to churn through domains (register and discard) so quickly in order to stay ahead of spam filters. Doing this means that domain acquisition must be cheap.

If each domain costs them $150,000 or more, this would very quickly disintegrate their earnings potential. They cannot afford to spend so much money rotating through personalized domains. 100 domains is $15 million. Spammers make a good deal of money, but spending that much money on domains is tantamount to financial suicide (perhaps they should go work for AIG or Citigroup). A spammer who started doing this, even for one domain, would experience buyer's remorse very quickly. They wouldn't need companies like Microsoft to sue them out of business, they'd do it to themselves in short order.

The second reason I doubt spammers would abuse this is because approval of customized domains is a manual process, at least at first. Not only would domain acquisition be expensive, it would also be time consuming. Spammers need to churn through domains quickly, they cannot afford to wait through long vetting processes like a confirmation hearing before they finally get a yea/nay decision.

We already have a model in place for how manual vetting cuts down on abuse. When the Chinese government stopped permitting people to sign up for .cn domains automatically and submit written applications and have them reviewed by the government, the abuse of .cn plummeted. Privacy advocates cried foul but there's no denying that ever since the Chinese started de-automating the approval process, we see much less spam and malware links with a .cn link. Thus, if ICANN does manual review of these personalized domains, this also interferes with the spammer business model.

I think that these types of domains will be neat but I wonder who will actually use them. Will Coke, Pepsi, and Microsoft start using them as their main sites? Will www.microsoft replace microsoft.com? One thing to remember is that the .com or .org TLDs are culturally synonymous with the Internet. The .info, .biz, and .us never really took off. They're around but let's face it: if you have a .net domain, it's because you couldn't get the .com registered. People know that, and if you have a .net or .biz you're kind of lame (admit it). The .com is waterfront property, and the others are the cheap knockoffs. Yeah, they function, but they are not where it's at.

I can see large companies registering the domains but not using them, either. They will send material to their users, but then their users will get confused. The support desks will be flooded with requests like this:

"Where's facebook.com?"

"Oh, it's now my.facebook!"

"Huh?"

"Type my.facebook into your browser?"

"Oh, my.facebook.com?"

"No, my.facebook. That's it."

"Where do I put the .com?"

"No, you don't need .com anymore, just my.facebook!"

"I know, but where does the .com come in?"

People are already trained to understand that the language of the Internet is .com, it's a meme that has permeated society. Yeah, a personalized domain might look cool, but the people who can afford it will probably have to revert back to the user experience, and users will continue to use and recognize the .com. If you want to make money, don't confuse your users!

I could be wrong about that. But I doubt it.

By Terry Zink, Program Manager. More blog posts from Terry Zink can also be read here.

Related topics: ICANN, Cybersecurity, Spam, Top-Level Domains

 
   

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services
Verisign

Cybersecurity

Sponsored by Verisign
Afilias

DNS Security

Sponsored by Afilias

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

.PRESS Supports Press Freedom Day for 3rd Consecutive Year

Leading Internet Associations Strengthen Cooperation

5 Afilias Top Level Domains Now Licensed for Sale in China

Radix Announces Largest New gTLD Sale with Casino.Online

2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Startup League Reports from WebSummit, Lisbon

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

.SPACE Becomes the Choice of the First Ever Space Nation Asgardia

Government Guidance for Email Authentication Has Arrived in USA and UK

Afilias Chairman Jonathan Robinson Wins ICANN's 2016 Leadership Award at ICANN 57

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Why .com is the Venture Capital Community's Power Player

Defending Against Layer 7 DDoS Attacks