After total domain name registrations decreased by 2.7 million, or 0.7%, to 364.6 million in the third quarter of 2021, they were back on the up in the fourth quarter. The fourth quarter of 2021 closed with 341.7 million domains across all TLDs, an increase of 3.3 million domain name registrations, or 1.0%, compared to the third quarter of 2021 according to Verisign’s latest Domain Name Industry Brief. Domain name registrations have increased by 1.6 million, or 0.5%, year over year.
Three in 5 .men domain names are classified as “bad” according to the latest Spamhaus analysis of the world’s most abused TLDs, but only slightly worse than .loan, who have a “Badness Index” of 6.43 and 6.35 respectively.
The Spamhaus analysis found that 43,758 of the 72,370, or 60.2%, .men domain names analysed were classified as “bad” and with a “Badness Index” of 6.43, slightly worse than the 39,642 out of 65,782 (60.0%) .loan domain names and a Badness Index of 6.35. Following was .gq (Equatorial Guinea) with 55.3% of analysed domains classified as bad and a Badness Index of 6.32, then .cf (Central African Republic) with 54.6% and a Badness Index of 6.24, .ga (Gabon) with 53.0% bad and a Badness Index of 6.06, .ml (Mali) with 51.5% bad and a Badness Index of 5.89, .top (46.4% bad and a Badness Index of 5.58), .work (53.4% bad and a Badness Index of 5.58), .click (64.9% bad and a Badness Index of 5.49) and the world’s third largest top level domain and second largest country code top level domain .tk rounding out the top 10 with 42.1% bad and a Badness Index of 4.83.
Registries that allow registrars to sell high volumes of domains to professional spammers and malware operators in essence aid and abet the plague of abuse on the Internet, say Spamhaus. Some registrars and resellers knowingly sell high volumes of domains to these actors for profit, and many registries do not do enough to stop or limit this endless supply of domains.
So what is a bad TLD? Spamhaus explains that a TLD may be “bad” in two ways. On one side, the ratio of bad to good domains may be higher than average, indicating that the registry could do a better job of enforcing policies and shunning abusers. However, some TLDs with a high fraction of bad domains may be quite small, and their total number of bad domains could be relatively limited with respect to other, bigger TLDs. Their total “badness” to the Internet is limited by their small total size.
The other side is that some large TLDs may have a large number of bad domains as a result of the sheer size of their domain corpus. Even if their corrective measures are effective, they still constitute a problem on the global scale, and they could assign further resources to improve their anti-abuse processes and bring down the overall number of bad domains.
In defining a “badness” index, Spamhaus decided to weight in both these factors. With a certain amount of arbitrariness—and at the same time a desire to avoid excessive complications—so they defined badness as:
- Db is the number of bad domains detected
- Dt is the number of active domains observed
Spamhaus says one can think of this number as the bad domains fraction weighted with the TLD's size, or as the order of magnitude of the problem weighted with the effectiveness of anti-abuse policies. Presented this way, this data more closely matches the perceptions Spamhaus staff has in dealing with this issue in a daily production basis. We hope that this definition helps to spotlight registries that in one way or another can be considered problematic, in a fair way.
These data represent domains seen by Spamhaus systems, and not a TLD's total domain corpus. Domains in this data are in active use, showing up in mail feeds and related DNS traffic. Other domains may be parked or used for traffic outside of our systems' focus, and those domains are not included in this summary.
The registries listed provide spammers and other miscreants with a service they need in order to survive. Many, even most, TLDs succeed, by and large, in keeping abusers off their systems and work to maintain a positive reputation. That success shows that these ten worst could, if they tried, “keep clean” by turning spammers and other abusers away.
A study from Blue Coat Systems claims that more than 95 percent of websites in ten TLDs, including nine new gTLDs, are rated as suspicious, with that percentage increasing to 100 percent for the top two highest ranking TLDs, .zip and .review.
Blue Coat Systems claims to be a market leader in enterprise security. In their study they analysed hundreds of millions of Web requests from more than 15,000 businesses and 75 million users to create âThe Webâs Shadiest Neighborhoods,â a new report that combines research with tips and tricks for Web users and enterprise security and IT departments looking to avoid viruses and other malicious activity. And they hope drums up some business. For their research, Blue Coat counted a domain as âshadyâ if it was rated in its database with a category such as spam, scams or suspicious, for the most common malicious activities and malware, botnets and phishing for the less common malicious activities.
Apart from .zip and .review, the study looked at .country (which had 99.97% of shady sites), .kim (99.74%), .cricket (99.57%), .science (99.35%), .work (98.20%), .party (98.07%), .gq (Equatorial Guinea – 97.68%) and .link (96.98%).
Itâs a rather strange selection of gTLDs with only four in the top 20 of the new gTLDs when it comes to registration numbers – .science (3rd), .party (7th), .link (8th) and .work (13th).
And it includes backend registry services provided by Neustar ,Uniregistry, Minds + Machines, Google and Afilias. All big players. It all sounds a bit dubious.
Blue Coat say that the percentages are based on categorisations of web sites actually visited by their 75 million users. A TLD having 100 percent shady sites correlates to sites categorised by Blue Coat.
The report also reveals examples of nefarious activity taking place on shady websites of some of the top ranked Shady TLDs, including the fourth most seemingly dangerous neighbourhood, .kim. Blue Coat researchers recently discovered websites serving up pages which mimic popular video and image sites and prompt unprotected visitors to unwittingly download malware.
âDue to the explosion of TLDs in recent years, we have seen a staggering number of almost entirely shady Web neighbourhoods crop up at an alarming rate,â said Dr. Hugh Thompson, CTO for Blue Coat Systems. âThe increase in Shady TLDs as revealed by Blue Coatâs analysis is in turn providing increased opportunity for the bad guys to partake in malicious activity. In order to build a better security posture, knowledge about which sites are the most suspicious, and how to avoid them, is essential for consumers and businesses alike.â
Following in the footsteps of .tk (Tokelau), .ml (Mali), .ga (Gabon) and .cf (Central African Republic), Freenom has taken on the role of registry for .gq (Equatorial Guinea) and the ccTLD is now its fifth ccTLD where domains are given away free.
The move to give away domains in ccTLDs from smaller countries has had some success, particularly with .tk, which is now the worldâs second largest TLD behind .com and largest ccTLD with over 26.5 million registrations.
But the move to give away domains is not without problems. In the latest Anti-Phishing Working Group report, Global Phishing Survey 1H2014: Trends and Domain Name Use, it was noted that phishing occurred in 227 TLDs, but 90 percent of the malicious domain registrations (20,565) were in just five TLDs: .com, .tk, .pw, .cf. and .net.
And on a score of the number of phishing domains per 10,000 registered domains, .cf comes out way on top with a score of 320.8 followed by .ml with 118.9. The .ga TLD comes in fourth with 42.9.
In this latest venture Freenom has partnered with GETESA, the largest telecommunication operator in Equatorial Guinea and a joint venture with Orange, to relaunch .gq in various stages. Before .gq domains are available for free to the general public on 1 December, trademark holders and trademark agencies have their first pick in the .gq Sunrise Period that started on 1 October.
From 1 December onwards free GQ domains will be offered to all internet users in Equatorial Guinea and internationally. There will be no restrictions to registrations of free domains and anyone can claim their own .gq domain. Free .gq domains will work exactly like any other extension and can be renewed an unlimited number of times at no charge.
“The need for free domains continues to grow exponentially,” says Joost Zuurbier, CEO at Freenom. “Especially in countries like Brazil, Russia, Vietnam and China, we see the demand for new domains is growing and growing. We are happy to announce that we have opened up more domain space to fulfil these needs.”
Freenom has already partnered with four nations and has become the largest country code domain registry operator worldwide with more than 28 million active domains under management.
Following the success of .TK, Freenom has opened its model to other nations eager to develop their top level domain and looking for an alternative to the unprofitable pay-per-year model. By leapfrogging the traditional approach and offering free domains, they are able to create an immediate impact on their digital landscape and empower their internet users to build an online identity at no cost.
“Free domains make a lot of sense in countries where the banking penetration is in the single digit range,” continues Joost Zuurbier. “The demand for free domains is enormous because people in those nations may not have a credit card to buy domains, but they do have a profound need to communicate and build their presence online. Free domains are an important catalyst that directly enable local content creation and internet entrepreneurship.”
To support its African partners, Freenom opened an office in Dakar in 2013 and will continue to grow its operations in Senegal. Most African countries have been traditionally very weak in the domain name space, but its increasing technology-savvy population and modernizing digital landscape make it the perfect place for the free domain model. Just as free SIM cards and prepaid phones have revolutionized communications, free domains can dramatically change how African internet users are represented online.
In Equatorial Guinea, GETESA sees free .GQ domains as an opportunity to empower young internet users and help them embrace their digital flag. Through GQ free domains they will be able to create websites and learn about technology.
Freenom’s experience and technology will directly benefit the local internet community of Equatorial Guinea, who will be able to enjoy a modern platform and unlimited domains at no cost. Together with GETESA and in line with ICANN’s bottom-up multi-stakeholder model, the partnership will ensure that the .GQ extension is accessible to all internet users.