Abuse in the domain name system is a serious topic. Examples of abuse include spam, phishing, and malware distribution. To examine the issues of abuse in generic top level domains, both legacy and new, ICANN commissioned a study to compare the rates of these activities, as well as employing inferential statistical analysis to measure the effects of Domain Name System Security Extensions (DNSSEC), domain parking and registration restrictions on abuse rates using historical data covering the first three full years of the New gTLD Program from 2014 to 2016.
The report, Statistical Analysis of DNS Abuse in gTLDs, made a number of key findings which were:
The problem of abuse is not occurring in all of the new gTLDs. When looking at the problems among these new gTLDs, the report found that around a third available for public registration did not experience a single spam incident in the last quarter of 2016. But of those experiencing spam, Spamhaus blacklisted at least 10% of all registered domains in as many as 15 new gTLDs at the end of 2016.
The report found higher concentrations of compromised domains in legacy gTLDs, however miscreants frequently choose to maliciously register domain names using one of the new gTLDs. The registry operators of the most abused new gTLDs compete on price. The report found that the retail registration prices of these were occasionally below US$1 or even $0.50, which was lower than the registration fee for .com domains. The report was uncertain though if pricing is the only factor driving high concentrations of maliciously registered domains.
In their conclusion, the report suggests “that some new gTLDs have become a growing target for malicious actors. Competitive domain registration prices, unrestrictive registration practices, a variety of other registration options such as available payment methods, free services such as DNS or WHOIS privacy, and finally the increased availability of domain names decrease barriers to abuse and may make some new gTLDs targets for cybercriminals.”
