The Gabonese government has taken back control of their .ga ccTLD from Freenom who have provided registry services for the past decade. ccTLDs managed by the Dutch backend registry provider Freenom are well known as havens for spammers and phishers, recently being sued by Facebook’s owner Meta for, as Krebs On Security reported, allegedly ignoring “abuse complaints about phishing websites while monetizing traffic to those abusive domains.”
After total domain name registrations decreased by 2.7 million, or 0.7%, to 364.6 million in the third quarter of 2021, they were back on the up in the fourth quarter. The fourth quarter of 2021 closed with 341.7 million domains across all TLDs, an increase of 3.3 million domain name registrations, or 1.0%, compared to the third quarter of 2021 according to Verisign’s latest Domain Name Industry Brief. Domain name registrations have increased by 1.6 million, or 0.5%, year over year.
Three in 5 .men domain names are classified as “bad” according to the latest Spamhaus analysis of the world’s most abused TLDs, but only slightly worse than .loan, who have a “Badness Index” of 6.43 and 6.35 respectively.
The Spamhaus analysis found that 43,758 of the 72,370, or 60.2%, .men domain names analysed were classified as “bad” and with a “Badness Index” of 6.43, slightly worse than the 39,642 out of 65,782 (60.0%) .loan domain names and a Badness Index of 6.35. Following was .gq (Equatorial Guinea) with 55.3% of analysed domains classified as bad and a Badness Index of 6.32, then .cf (Central African Republic) with 54.6% and a Badness Index of 6.24, .ga (Gabon) with 53.0% bad and a Badness Index of 6.06, .ml (Mali) with 51.5% bad and a Badness Index of 5.89, .top (46.4% bad and a Badness Index of 5.58), .work (53.4% bad and a Badness Index of 5.58), .click (64.9% bad and a Badness Index of 5.49) and the world’s third largest top level domain and second largest country code top level domain .tk rounding out the top 10 with 42.1% bad and a Badness Index of 4.83.
Registries that allow registrars to sell high volumes of domains to professional spammers and malware operators in essence aid and abet the plague of abuse on the Internet, say Spamhaus. Some registrars and resellers knowingly sell high volumes of domains to these actors for profit, and many registries do not do enough to stop or limit this endless supply of domains.
So what is a bad TLD? Spamhaus explains that a TLD may be “bad” in two ways. On one side, the ratio of bad to good domains may be higher than average, indicating that the registry could do a better job of enforcing policies and shunning abusers. However, some TLDs with a high fraction of bad domains may be quite small, and their total number of bad domains could be relatively limited with respect to other, bigger TLDs. Their total “badness” to the Internet is limited by their small total size.
The other side is that some large TLDs may have a large number of bad domains as a result of the sheer size of their domain corpus. Even if their corrective measures are effective, they still constitute a problem on the global scale, and they could assign further resources to improve their anti-abuse processes and bring down the overall number of bad domains.
In defining a “badness” index, Spamhaus decided to weight in both these factors. With a certain amount of arbitrariness—and at the same time a desire to avoid excessive complications—so they defined badness as:
- Db is the number of bad domains detected
- Dt is the number of active domains observed
Spamhaus says one can think of this number as the bad domains fraction weighted with the TLD's size, or as the order of magnitude of the problem weighted with the effectiveness of anti-abuse policies. Presented this way, this data more closely matches the perceptions Spamhaus staff has in dealing with this issue in a daily production basis. We hope that this definition helps to spotlight registries that in one way or another can be considered problematic, in a fair way.
These data represent domains seen by Spamhaus systems, and not a TLD's total domain corpus. Domains in this data are in active use, showing up in mail feeds and related DNS traffic. Other domains may be parked or used for traffic outside of our systems' focus, and those domains are not included in this summary.
The registries listed provide spammers and other miscreants with a service they need in order to survive. Many, even most, TLDs succeed, by and large, in keeping abusers off their systems and work to maintain a positive reputation. That success shows that these ten worst could, if they tried, “keep clean” by turning spammers and other abusers away.
Following in the footsteps of .tk (Tokelau), .ml (Mali), .ga (Gabon) and .cf (Central African Republic), Freenom has taken on the role of registry for .gq (Equatorial Guinea) and the ccTLD is now its fifth ccTLD where domains are given away free.
The move to give away domains in ccTLDs from smaller countries has had some success, particularly with .tk, which is now the worldâs second largest TLD behind .com and largest ccTLD with over 26.5 million registrations.
But the move to give away domains is not without problems. In the latest Anti-Phishing Working Group report, Global Phishing Survey 1H2014: Trends and Domain Name Use, it was noted that phishing occurred in 227 TLDs, but 90 percent of the malicious domain registrations (20,565) were in just five TLDs: .com, .tk, .pw, .cf. and .net.
And on a score of the number of phishing domains per 10,000 registered domains, .cf comes out way on top with a score of 320.8 followed by .ml with 118.9. The .ga TLD comes in fourth with 42.9.
In this latest venture Freenom has partnered with GETESA, the largest telecommunication operator in Equatorial Guinea and a joint venture with Orange, to relaunch .gq in various stages. Before .gq domains are available for free to the general public on 1 December, trademark holders and trademark agencies have their first pick in the .gq Sunrise Period that started on 1 October.
From 1 December onwards free GQ domains will be offered to all internet users in Equatorial Guinea and internationally. There will be no restrictions to registrations of free domains and anyone can claim their own .gq domain. Free .gq domains will work exactly like any other extension and can be renewed an unlimited number of times at no charge.
“The need for free domains continues to grow exponentially,” says Joost Zuurbier, CEO at Freenom. “Especially in countries like Brazil, Russia, Vietnam and China, we see the demand for new domains is growing and growing. We are happy to announce that we have opened up more domain space to fulfil these needs.”
Freenom has already partnered with four nations and has become the largest country code domain registry operator worldwide with more than 28 million active domains under management.
Following the success of .TK, Freenom has opened its model to other nations eager to develop their top level domain and looking for an alternative to the unprofitable pay-per-year model. By leapfrogging the traditional approach and offering free domains, they are able to create an immediate impact on their digital landscape and empower their internet users to build an online identity at no cost.
“Free domains make a lot of sense in countries where the banking penetration is in the single digit range,” continues Joost Zuurbier. “The demand for free domains is enormous because people in those nations may not have a credit card to buy domains, but they do have a profound need to communicate and build their presence online. Free domains are an important catalyst that directly enable local content creation and internet entrepreneurship.”
To support its African partners, Freenom opened an office in Dakar in 2013 and will continue to grow its operations in Senegal. Most African countries have been traditionally very weak in the domain name space, but its increasing technology-savvy population and modernizing digital landscape make it the perfect place for the free domain model. Just as free SIM cards and prepaid phones have revolutionized communications, free domains can dramatically change how African internet users are represented online.
In Equatorial Guinea, GETESA sees free .GQ domains as an opportunity to empower young internet users and help them embrace their digital flag. Through GQ free domains they will be able to create websites and learn about technology.
Freenom’s experience and technology will directly benefit the local internet community of Equatorial Guinea, who will be able to enjoy a modern platform and unlimited domains at no cost. Together with GETESA and in line with ICANN’s bottom-up multi-stakeholder model, the partnership will ensure that the .GQ extension is accessible to all internet users.
Incidences of phishing continued to explode in China in the second half of 2013, where Chinese phishers are victimising the country’s growing online population the Anti-Phishing Working Group’s Global Phishing Survey for Second Half of 2013 found.The report found Chinese phishers were responsible for 85 percent of the domain names that were registered for phishing. But it wasn’t all bad news on the phishing front with the average uptimes of phishing attacks declining and close to historic lows, pointing to some success by anti-phishing responders.Additionally, the companies (brands) targeted by phishing targets were diverse, with many new targets, indicating that e-criminals are looking for new opportunities in new places. The report also found mass hackings of vulnerable shared hosting providers led to 18 percent of all phishing attacks.While the number of phishing URLs reported in the second half of 2013 numbered in the millions, the number of unique phishing attacks and domain names used to host them was much smaller. In the six month period there were at least 115,565 unique phishing attacks worldwide, nearly a 60 percent increase over the 72,758 seen the first half of 2013, but less than the 123,486 attacks we observed in the second half of 2012.Most of the growth in attacks came, according to the APWG report, from phishing that used maliciously registered domains and subdomains. An attack is defined as a phishing site that targets a specific brand or entity. A single domain name can host several discrete phishing attacks against different banks, for example.The phishing attacks occurred on 82,163 unique domain names. Again, this is up from the 53,685 domains used in the first half of 2013. The growth was much larger than the increase in the number of domain names in the world that grew from 261 million in April 2013 to 271.5 million in November 2013.Of the 82,163 phishing domains, the report identified 22,831 domain names that the APWG believes were registered maliciously by phishers, the highest number in the seven years the APWG has been counting, 19,348 (85%) were registered to phish Chinese targets. This is significantly higher than the 12,175 found in the first half of 2013, and the 5,835 found in the second half of 2012.And of these 22,831 registered maliciously, they were registered in 39 different TLDs at registrars in China, the US, and Europe and hosted in China, the US, and elsewhere. The registrations clustered around ten TLDs including the .TK, .CF, .GA, and .ML registries that are all run by Freenom, a Netherlands-based company that offers free domain name registrations. The company makes money through monetising the traffic to the expired domains.As the report notes, Freenom has operated .TK under the free model for several years, and added .CF, .GA, and .ML to its programme during the second half of 2013. Freenom gives accredited interveners access to directly suspend domains in the .TK registry . (These partners include Facebook, Internet Identity, and the Anti-Phishing Alliance of China.) However, the mitigation of the malicious registrations lagged in Freenom’s new spaces — .CF, .GA. and .ML all had uptimes that were above the global average and median.Brands were, as usual, a target, with 681 unique target institutions during the six month period, down slightly from the 720 found in the second half of 2012. Of the 681 targets that were phished in the second half of 2013, almost half of them — 324 to be precise — were not phished in the first half of 2013. This, the report notes, is an unusual amount of “churn” or turnover and shows phishers trying out new targets. They appear to be looking for companies that are newly popular, have vulnerable user bases, and/or are not ready to defend themselves against phishing.Overall, the TLD with the most phishing attacks for the six months was .com with 46.4 percent (and 42.4% of global domain registrations) followed by .net (5.5%) and .tk (Tokelau – 4.5%). The .tk TLD is one of the free domains the report noted. Following was .br (Brazil – 3.2%), IP-based attacks (2.1%), .pn (Pitcairn Island – 1.9%), .me (Montenegro – 1.8%), .info (1.6%) and .ru (Russia – 1.5%). The remaining 27.3 percent came from 201 TLDs.But the TLDs with the most phishing domains per domains registered was .np (Nepal) with 27.1 phishing domains per 10,000 registrations and 32,500 registrations. In the top ten, those TLDs with more than 100,000 registrations were .pw (Palau) with a phishing per 10,000 domains score of 26.4 who came in second, .cl (Chile – 18.2) was fourth, .gr (Greece – 10.2) was sixth, .id (Indonesia – 10.2) and .br (Brazil – 9.1).For registrars, the top nine with domains used for phishing on a registrations per 10,000 domains are located in China. This is due, the report notes, to the fact that Chinese phishers tend to register domain names for their phishing, and use Chinese registrars regularly. Domains registered at the Chinese registrars were often used to phish Chinese targets such as Alibaba, Taobao.com, and CCTV, but were also used to occasionally phish outside targets such as Facebook and PayPal.For more information, check out the 30 page APWG report available for download from:
docs.apwg.org/reports/APWG_GlobalPhishingSurvey_2H2013.pdf.There is also a Phishing Activity Trends Report for the 4th Quarter 2013 titled Unifying the Global Response To Cybercrime available from:
Freenom, registry operator for .tk (Tokelau), .ga (Gabon), .cf (Central African Republic) and .ml (Mali), most of whose domains are provided for free with some having reputations of being some of the spammiest TLDs, has announced it has been successful in raising $3 million to expand its AnyCast cloud network and to develop commercial initiatives combining ccTLDs with local communities.
“Our current partners are very committed to the free domain name idea and industry,” said Joost Zuurbier, CEO & Founder of Freenom. “We are pleased to work with KIMA and the other members of this investment group to accelerate our growth and to expand our technology and presence online.”
Combined the ccTLDs have over 20 million registrations, with .tk leading the way to be the worldâs largest ccTLD. Free domain names are, according to Freenom, not required to run advertisements on their websites, and can be renewed at no cost.
China and Brazil are amongst the largest user groups of free domains. But also in the local partner countries, like Gabon and Mali, free domains have become very popular.
“The free domain name model radically changes the w ay a top level domain registry operates. We help partner countries to transform paid domain systems and processes into a new platform where domains are free and can be registered by everyone, locally and abroad.” Zuurbier continues. “We try to build truly win – win relationships with our partner countries. As a result we’ve seen a huge increase of local website building and technology usage locally, while providing the countries an additional income stream and promotional exposure. KIMA’s investment allows us to rapidly expand this platform, to reach out to additional countries and to invest in new partner relationships.”
Revenue is generated by monetising the expired domain names. Domains that are no longer used by the registrant or are expired are taken back by Freenom and the residual traffic is sold to advertisement networks. Next to this primary source of income, additional revenue will be generated by offering digital white labelled services, such as hosting packages, SSL certificates and others, to free domain name users. These new services will be available from January 2014 onwards.
[news release] Gabon liberalises its national domain and adopts an innovative business model by giving its .GA domain names away for free. Today the My GA Registry opened up registration for .GA domains . My GA â the Gabon domain name â is operated by the Agence Nationale des Infrastructures NumÃ©riques et des FrÃ©quences (ANINF) who pledges to make this national resource as open and easy to use as any generic Top Level Domain, while carrying the Gabonese identity on the internet.
Free domain names will be offered to all internet users in Gabon and in other countries from today onwards. There will be no restrictions to registrations of free domains and anyone can claim their own .GA domain. Free .GA domains work exactly like any other extension and can be renewed each registration period at no charge.
In accordance with international best practices, Gabon also completed a Sunrise and Landrush period, allowing trademark owners to register their corresponding domain names and protect their intellectual property in the .GA namespace.
âGabon is working hard to become one of the leading IT hubs in Africaâ, says Cyriaque Kouma, DIG Project Manager at ANINF. âBy giving our .GA domain names away for free we can encourage businesses and individuals in Gabon to develop their web presence and web applications and in turn diversify our economy and promote e-commerce. This strategy is an important part of our countryâs vision to develop the Digital Gabon.â
The .GA Registry uses a global AnyCast Cloud, with local nodes in Libreville and in several other countries, to ensure excellent performance and continuous uptime of all domains worldwide. This AnyCast Cloud ties directly into the systems of Freenom, a company known for its expertise and knowledge in the sector, and who works alongside ANINF in this ambitious project.
âThanks to the AnyCast technology our GA Top Level Domain is now one of the most stable in the worldâ, Cyrique Kouma continues. âIn the past there were several outages of the entire .GA domain, which hurt the reputation of the registry . But that is behind us now, and our users can rest assured that their domains will always work no matter what.”
The reintroduction of My GA in 2013 coincides with the âYear of the Internetâ in Gabon. Local businesses and individuals will soon be able to take advantage of the increased connectivity from the new ACE oceanic cable, which will help spur the growth of the Gabonese IT sector.
Domain names are available on a “first-come, first-served” basis. Resellers are welcome to sign up and provide further domain name distribution. Further details on the launch, FAQs and the reseller registration procedure are available on www.my.ga.
About My GA
My GA is an initiative of the Agence Nationale des Infrastructures NumÃ©riques et des FrÃ©quences (ANINF) in Libreville, Gabon.
In line with the government’s strategy and local internet community’s wishes, ANINF ‘s mission is to develop and promote the usage of domain names and make the .GA accessible to all.
ANINF uses the infrastructure and expertise of Freenom to run the GA domain in a stable and automated way.
With its experienced team, multi-redundant backbones and DNS root-servers located in every corner of the world, My GA can handle millions of registrations and is fully secure.
Freenom is a registry operator for Top Level Domains and the pioneer of the free domain model. Its mission is to offer an alternative business model to TLDs in order to make them competitive on the global domain market.
Freenom was previously known under the Freedom Registry name. Its first joint venture, the .TK Top Level Domain of the nation of Tokelau, was started in 2001 and is today the largest country code in the world with over 18 million active domains. Thanks to this innovative model, .TK has more domains registered than Russia and China combined.
Freenom is now reaching out to countries interested in giving their national TLD a new start.
The relaunch of the .ga (Gabon) ccTLD is well underway following its redelegation earlier in 2013.
According to the .GA Registry website, the Sunrise period has just finished, running from 12 June to 11 July. The Landrush phase is currently underway, running from 12 July to 31 August while .GA domains will be available to all from 1 September free of charge to all.
For more information see nic.ga.
It keeps a lot to keep Kim Dotcom down. Accused of facilitating online piracy through his venture Megaupload and fighting extradition to the United States, the German now residing in New Zealand has had a minor hiccup with his latest file sharing venture.Dotcom announced last week his latest venture would be using the domain name me.ga, utilising the Gabon ccTLD. However the African nation’s government has suspended the domain name, which Dotcom claims is due to pressure from the US government, and he will now use the domain name mega.co.nz, “powered by legality and protected by the law,” he tweeted.In hyping the new website, Dotcom said be “bigger, better, faster, stronger and safer” and “will change the world” when it is fully operational, which he plans for it to be on the anniversary of his arrest in January.Dotcom also believes the new service will comply with relevant laws, although he is avoiding any registrars or webhosts based in the US.The new service is being touted as encrypting and decrypting “data transparently in your browser , on the fly. You hold the keys to what you store in the cloud, not us.”Mega is looking for hosting partners, API partners and investors, the latter to enable Mega to be provided “free of charge for as long as possible.”