ICANN announced the publication of the report, “Statistical Analysis of DNS Abuse in gTLDs” [PDF, 2.23 MB].
The study aims to compare rates of these activities between new and legacy gTLDs, as well as employs inferential statistical analysis to measure the effects of DNSSEC, domain parking, and registration restrictions on abuse rates using historical data covering the first three full years of the New gTLD Program (2014 – 2016).
- The amount of “compromised” (i.e. “hacked”) domains appear higher in legacy gTLDs
- The amount of “maliciously registered” (i.e. domains registered for malicious purposes) appear higher in new gTLDs
- Registration restrictions appear to have an impact on reduced abuse rates
- Abuse counts—or absolute number of abused domains—show relatively constant and higher levels of abuse in legacy gTLDs and an upward trend of abuse in new gTLDs
- With some exceptions and spikes, rates of phishing and malware domains in new gTLDs, which are based on an “abused domains per 10,000” ratio, tend to be lower than in legacy gTLDs. Phishing and malware trends in new and legacy gTLDs appear to be converging to similar levels by the end of 2016
- Privacy and proxy service-associated domains do not appear to correlate with abnormally high levels of abuse
It seems natural that the hacked domains appear higher in legacy gTLDs because these are the more valuable domains and the domains with the most traffic. And of course New gTLDs have a higher amount of domains registered for malicious purposes as they are very cheap to register, use and then dump. Cheap registration prices have this effect and may end up with ISPs, IT professionals and regular internet users banning entire extensions.
The study was requested by the Competition, Consumer Trust and Consumer Choice Review Team (CCTRT). In defining the parameters of the study, the CCTRT sought to measure rates of common forms of abusive activities in the domain name system, such as spam, phishing, and malware distribution.
ICANN commissioned the study and it was conducted by researchers from SIDN and the Delft University of Technology. The report is available for public comment through 19 September 2017.