Home / Blogs

Is Your New TLD Protected Against Phishing and Malware?

Until now, the criminals behind malware and phishing have had only 22 generic top-level domain names (TLDs) to abuse — names like .com, .net or .org. But with hundreds of new TLDs entering the marketplace, e.g. .buzz, .email, and .shop, there are many more targets than ever.

Your reputation is at stake.

What can attackers do with domain names? As internet users, we've all experienced scams. Messages that look like they come from our bank and ask for our bank information. Or email promotions with our favorite store in the "From" line" only to take us to a website infected with malware. In every instance, we begin to lose trust in the exploited domain name extension.

And the risk to new TLD operators? Even greater. As newcomers to the domain name space, new TLDs must take the lead in protecting their TLD, brand and customers. No one can afford to be blacklisted and lose credibility in the marketplace.

Monitoring is a mandate.

In fact, The Internet Corporation of Assigned Names and Numbers (ICANN) requires that all TLDs have a solution in place to mitigate these threats (Specification 11):

"Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request."

Evaluating solutions? Look for these 3 features.

Building a dedicated threat mitigation team from scratch is costly and time consuming. For that reason, TLD operators may look to third parties for help. Here are three things to look for in evaluating solutions:

  1. Threat Detection
    Make sure the solution you choose starts with comprehensive detection of today's diverse threats. Top-shelf detection relies on multiple sources: external and internal data feeds, reported incidents and private security organizations.
  2. Investigation
    Here, the human factor is paramount. Look for a dedicated team of experienced threat investigators, who can report malicious activity quickly and accurately. Resources include advanced malware analysis, secure testing labs and a proven evidence-gathering process.
  3. Mitigation
    Your solution provider should not only detect and investigate threats but respond to them, too. This means sending notifications requesting action, and if necessary, taking action against offending domains.

Don't wait for a phishing scam to stain your TLD. Be proactive and meet your mandate. Protect your customers, your reputation and your bottom line.

Learn more on how Neustar's Registry Threat Mitigation Services can help protect your TLD at neustar.biz/threat-mitigation.

A version of this post originally appeared on the Neustar Blog.

By Jeff Neuman, Founder & CEO, JJN Solutions – He has been instrumental in providing policy assistance and advice in the fields of internet governance, intellectual property protection and domain name policy since the mid-1990s. Jeff has served in key business, policy and legal roles in the domain name industry more than 20 years. The views expressed herein reflect my own beliefs and may not be consistent with the views of Com Laude and/or Valideus. Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet


Problems don't originate from the TLD By Todd Knarr  –  Jun 19, 2014 6:32 pm PDT

The basic problem is that I rarely receive a spam or scam e-mail that originates from the domain it purports to come from. And the operator of say the .com TLD can't do anything about spam/scams originating from servers in the .ru or .biz domains. Mostly the e-mails originate from machines not directly associated with the actual spam/scam operators, and I don't see where ISPs are going to completely shut down major corporate customers or large numbers of residential customers until those customers clean up the malware and botnet infestations that're sourcing the e-mails.

As far as monitoring the domain, that's going to be hard given that a TLD may be spread across thousands of ASNs and a single ASN may have servers from many TLDs in it if it belongs to someone like a data center provider.

Add Your Comments

 To post your comments, please login or create an account.



Threat Intelligence

Sponsored byWhoisXML API

Domain Management

Sponsored byMarkMonitor

IPv4 Markets

Sponsored byIPXO


Sponsored byVerisign

Domain Names

Sponsored byVerisign

Brand Protection

Sponsored byAppdetex