A report by security company Blue Coat Systems today denounced new gTLDs as “shady” and recommended organizations think about blocking the “shadiest” ones entirely.
The study classified “tens of millions” of domains requested by users of its censorware service according to whether they had content that posed a security risk.
It found that nine new gTLDs and one ccTLD scored over 95% — that is, 95% of the domains in those TLDs requested by its customers were potentially unsafe.
But its numbers, I believe, are bollocks.
My main reason for this belief? Blue Coat has ranked .zip as “100% shady”.
This means that, according to the company, every single .zip domain its customers have visited is either spam, malware, a scam, a botnet, suspicious, phishing or potentially unwanted software.
The problem is that the entire .zip zone file currently consists of precisely one (1) domain.
That domain is nic.zip, and it belongs to Google Registry. This is a pre-launch TLD.
As far as I can tell, Google Registry is not involved in distributing malware, spam, phishing, etc.
Nevertheless, Blue Coat said network administrators should “consider blocking traffic” to .zip and other “shady” TLDs.
The top 10 list of the worst TLDs includes .country, .kim, .cricket, .science, .work, .party, .gq (Equatorial Guinea) and .link.
That’s a mixture of Afilias, Minds + Machines, Famous Four and Uniregistry. The common factor is the low cost of registration.
The full Blue Coat report, which can be downloaded here, does not give any of the real underlying numbers for its assertions.
For example, it ranks .review, one of Famous Four Media’s portfolio, as “100% shady” but does not reveal how many domains that relates to.
If its customers have only visited 10 .review domains, and all of those were dodgy, that would equate to a 100% score, even though .review has over 45,000 domains in its zone.
At the other end of the table, .london’s score of 1.85% could have been positively affected by Blue Coat customers visiting a broader selection of .london domains.
The company claims that the report is based on “tens of millions” of domains, but I’d hazard a guess that most of those are in .com and other more established TLDs.
That’s not to say that there’s no truth in Blue Coat’s broader assertion that a lot of new gTLDs are full of garbage — do a Google search for .review sites and see if you can find anything worth looking at — but I don’t think its numbers are worth the pixels they’re written with.