Home / Blogs

DotSpam? Certain New gTLDs Rapidly Outpacing Legacy TLDs in Terms of Abuse

Garth Bruen

Would you like to hear about how to treat your psoriasis? Where to get a cheap oil change? How to flatten your belly? Achieve a stronger sexual life? Cheap toner? Annuities? Herpes? Bed bugs? Free energy? Varicose-Veins? Herpes? Saggy skin? Arthritis? Overactive bladder? Drug addiction? Herpes?


Well, that's too bad, because that you are going to hear about it whether you like it or not. Many of the messages about these and other subjects are being carried to you via new gTLDs. KnujOn has just completed and published a public report concerning abuse and abuse handling. In terms of gTLD abuse, there is a clear trend: certain new gTLDs are rapidly outpacing the legacy TLDs in terms of abuse. All the parties detailed in the report were contacted before publishing and several have responded proactively. While some of our data supports the recent findings of Spamhaus, the release is completely coincidental.

Beyond the DNS abuse statistics, this report analyzes ICANN's website in terms of functionality from a consumer's perspective. What we find is that there is no clear information and no obvious plan to address Internet user issues, regardless of how much ICANN talks about the importance of the Internet user and consumer. Looking past the website we analyze what actual steps ICANN is taking to address consumer issues. Unfortunately, since I wrote about this issue in 2015 virtually nothing has changed. This is despite the fact that the 2009 Affirmation of Commitments required ICANN to consider consumer protection and malicious abuse issues BEFORE the new gTLDs were implemented. Actually involving consumers makes the difference between a multistakeholder model and an Internet we are all merely subjected to.

We don't want to give away the details here of which new gTLDs have a specific pattern of abuse, but anyone is welcome to download and review our science-based report concerning the trade in spammed domains. We have faith that this is the most accurate report to-date. If the responsible party properly addresses the issues we can all win. After that we will have time to play cricket and film it with a webcam.

By Garth Bruen, Internet Fraud Analyst and Policy Developer. More blog posts from Garth Bruen can also be read here.

Related topics: Domain Names, ICANN, Policy & Regulation, Registry Services, Spam, Top-Level Domains


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


There are only 12 legacy TLDs, so Mason Cole  –  Mar 10, 2016 11:05 AM PDT

There are only 12 legacy TLDs, so obviously if you do a top 25 list, the majority will not be legacy.  It is mathematically impossible for a top 25 not to be more new TLDs than legacy TLDs.  It is just a name volume issue.  Bruen’s premise is somewhat flawed.  Five legacy TLDs rank in the top 16 most untrustworthy domains.  Bruen could easily have concluded that 40 percent of legacy TLDs are among the 16 worst domains while fewer than 3 percent of new TLDS make up the top 16 most untrustworthy domains. 

Further, Bruen’s research found that 10 — or half of all the new TLDs on his list were sponsored by one company: Famous Four Media.  So, are we talking about a new TLD issue or a Famous Four Media issue?  Likely the latter.There is no room in the domain industry for a registry that apparently turns its head to fraud and abuse.  Famous Four Media is definitely an outlier among new TLD operators. 

In fact, this week dozens of new TLD operators, content providers, consumer advocates, law enforcement and other members of the domain ecosystems met at ICANN 55 to further the Domain Name Association’s Healthy Domains Initiative.  The HDI focuses on domain name industry best practices principles and programs.  It currently is focused on categorizing and organizing the current landscape of online abuse to determine where priorities should be focused.

Fraud and abuse is a challenge for all TLDS — whether you are a legacy or not.  Let’s have research that focuses on solutions and doesn’t use skewed logic in an attempt to make headlines.

"Certain" and "higher rate" Garth Bruen  –  Mar 30, 2016 7:46 AM PDT


I think you’re missed my point, but I haven’t missed your’s and it quite interesting.

First, you should note the the “certain” which indicates not all. The point is that these new gTLDs in particular have HIGHER rates than the legacies. If you look at the details in the full report, you’ll see I make the point that the legacies are only on this list due to volume. If projections continue at pace, legacies may no longer be the source of problems but rather a collection of rogue new gTLDs.

Also this is about concentrations of abuse and their possible sources. For example, in the problematic collection you cite their is ONE registrar, Alpnames, responsible for most of the abusive registrations (over 90% in some cases). We, of course, contacted them ahead of publishing and part of their response suggested that ALL spam reporting statistics were somehow manipulated and therefore wrong. Hmmm. However, in your response you seem to be aware of the issues at Famous Four Names which confirms some relationship with the most prominently reported new gTLDs and their most prominently reported registrar.

In another example we look at the problematic gTLD .XYZ (cite other info) 82.34% of the reported domains were at one registrar, NAMECHEAP. Again, we contacted NAMECHEAP about the problem who responded non-committally because “the information provided is not enough for us to start an internal investigation”. For sure, there will be more specific information like this attempted XYZ-based hijack registered to eNom and using Namecheap's WhoisGuard.

In terms of your last point about the safe domains initiative, I’m all for it. However, there is an inherent problem. It’s great that the rgry community has put this initiative forward, but ICANN was supposed to create protections for the greater Internet community according to the AoC but have not really done anything. In fact, there is no plan within ICANN protect consumers and the program is a train-wreck. I’ll be detailing what I mean in a separate blog.

This report is odd. It ranks TLDs Kevin Murphy  –  Mar 17, 2016 5:34 AM PDT

This report is odd.

It ranks TLDs based on a "score" where a score below 50 is said to indicate abuse.

But there doesn't seem to be any discussion of how the score was calculated, what the scale is, or what it means.

I tried to find prominent links to "Methodology" on the Knujon site, but failed.

Therefore I give the report a rating of 7.69 on the Murphy Scale.

Responses are Odd Garth Bruen  –  Mar 30, 2016 7:58 AM PDT


From page 27: "The factors for scoring are varied but include the number of abused domains in contrast to the registrar’s portfolio, the number of reported instances, and many other data points. 12 registrars with scores below 100 are listed here with details of the administrators with the most reported abused domains."

Contracted parties may assume this report was written specifically for them, but it wasn't. However, this explains the attention to the back section of a report which is actually focused on ICANN's failures to reach out to consumers or attempt to protect them in any way.

So I give you a C+ for your criticism.

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Mobile Internet

Sponsored by Afilias Mobile & Web Services

IP Addressing

Sponsored by Avenue4 LLC

DNS Security

Sponsored by Afilias


Sponsored by Verisign

Promoted Posts

Buying or Selling IPv4 Addresses?

Watch this video to discover how ACCELR/8, a transformative trading platform developed by industry veterans Marc Lindsey and Janine Goodman, enables organizations to buy or sell IPv4 blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Radix's .TECH, .STORE, .ONLINE and .FUN Get Approval from the Chinese Government

Join Neustar's Town Hall Meeting and Help Shape the Future Of .US

Domain Registrations Reach 331.9 Million, 6.7 Million Growth Year over Year

.brands Spotlight: Banking and Finance Industries

Google Buys Business.Site Domain for 'Google My Business'

Radix Announces Global Web Design Contest, F3.space

Global Domain Name Registrations Reach 330.6 Million, 1.3 Million Growth in First Quarter of 2017

.TECH Gets Its Big Hollywood Break

Why the Record Number of Reverse Domain Name Hijacking UDRP Filings in 2016?

UDRP: Better Late than Never - ICA Applauds WIPO for Removing Misguided 'Retroactive Bad Faith'

The Rise and Fall of the UDRP Theory of 'Retroactive Bad Faith'

.PRESS Supports Press Freedom Day for 3rd Consecutive Year

Leading Internet Associations Strengthen Cooperation

5 Afilias Top Level Domains Now Licensed for Sale in China

Radix Announces Largest New gTLD Sale with Casino.Online

2016 Year in Review: The Trending Keywords in .COM and .NET Domain Registrations

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

A Look at How the New .SPACE TLD Has Performed Over the Past 2 Years

Michele Neylon Appointed Chair Elect of i2Coalition