Latest news of the domain name industry

Recent Posts

Blue Coat explains .zip screw-up

Kevin Murphy, September 4, 2015, Domain Tech

Security vendor Blue Coat apparently doesn’t check whether domains are actually domains before it advises customers to block them.

The company yesterday published a blog post that sought to explain why it denounced Google’s unlaunched .zip gTLD as “100% shady” even though the only .zip domain in existence leads to google.com.

Unrepentant, Blue Coat continued to insist that businesses should consider blocking .zip domains, while acknowledging there aren’t any.

It said that its censorware treats anything entered into a browser’s address bar as a URL, so it has been treating file names that end in .zip — the common format for compressed archive files — as if they are .zip domain names. The blog states:

when one of those URLs shows up out on the public Internet, as a real Web request, we in turn treat it as a URL. Funny-looking URLs that don’t resolve tend to get treated as Suspicious — after all, we don’t see any counter-balancing legitimate traffic there.

Further, if a legal domain name gets enough shady-looking traffic — with no counter-evidence of legitimate Web traffic — it’s possible for one of our AI systems to conclude that the behavior isn’t changing, and that it deserves a Suspicious rating in the database. So it gets one.

In other words, Blue Coat has been categorizing Zip file names that somehow find their way into a browser address bar as .zip domain names.

That may sound like a software bug that Blue Coat needs to fix, but it’s still telling people to block Google’s gTLD anyway, writing:

In conclusion, none of the .zip “domains” we see in our traffic logs are requests to registered sites. Nevertheless, we recommend that people block these requests, until valid .zip domains start showing up.

That’s a slight change of position from its original “Businesses should consider blocking traffic that leads to the riskiest TLDs”, but it still strikes me as irresponsible.

The company has still not disclosed the real numbers behind any of the percentages in its report, so we still have no idea whether it was fair to label, for example, Famous Four’s .review as “100% shady”.

Laughable security report labels Google Registry “shady”

Kevin Murphy, September 1, 2015, Domain Registries

A report by security company Blue Coat Systems today denounced new gTLDs as “shady” and recommended organizations think about blocking the “shadiest” ones entirely.

The study classified “tens of millions” of domains requested by users of its censorware service according to whether they had content that posed a security risk.

It found that nine new gTLDs and one ccTLD scored over 95% — that is, 95% of the domains in those TLDs requested by its customers were potentially unsafe.

But its numbers, I believe, are bollocks.

My main reason for this belief? Blue Coat has ranked .zip as “100% shady”.

This means that, according to the company, every single .zip domain its customers have visited is either spam, malware, a scam, a botnet, suspicious, phishing or potentially unwanted software.

The problem is that the entire .zip zone file currently consists of precisely one (1) domain.

That domain is nic.zip, and it belongs to Google Registry. This is a pre-launch TLD.

As far as I can tell, Google Registry is not involved in distributing malware, spam, phishing, etc.

Nevertheless, Blue Coat said network administrators should “consider blocking traffic” to .zip and other “shady” TLDs.

The top 10 list of the worst TLDs includes .country, .kim, .cricket, .science, .work, .party, .gq (Equatorial Guinea) and .link.

That’s a mixture of Afilias, Minds + Machines, Famous Four and Uniregistry. The common factor is the low cost of registration.

The full Blue Coat report, which can be downloaded here, does not give any of the real underlying numbers for its assertions.

For example, it ranks .review, one of Famous Four Media’s portfolio, as “100% shady” but does not reveal how many domains that relates to.

If its customers have only visited 10 .review domains, and all of those were dodgy, that would equate to a 100% score, even though .review has over 45,000 domains in its zone.

At the other end of the table, .london’s score of 1.85% could have been positively affected by Blue Coat customers visiting a broader selection of .london domains.

The company claims that the report is based on “tens of millions” of domains, but I’d hazard a guess that most of those are in .com and other more established TLDs.

That’s not to say that there’s no truth in Blue Coat’s broader assertion that a lot of new gTLDs are full of garbage — do a Google search for .review sites and see if you can find anything worth looking at — but I don’t think its numbers are worth the pixels they’re written with.