Latest news of the domain name industry

Recent Posts

Laughable security report labels Google Registry “shady”

Kevin Murphy, September 1, 2015, 13:25:15 (UTC), Domain Registries

A report by security company Blue Coat Systems today denounced new gTLDs as “shady” and recommended organizations think about blocking the “shadiest” ones entirely.
The study classified “tens of millions” of domains requested by users of its censorware service according to whether they had content that posed a security risk.
It found that nine new gTLDs and one ccTLD scored over 95% — that is, 95% of the domains in those TLDs requested by its customers were potentially unsafe.
But its numbers, I believe, are bollocks.
My main reason for this belief? Blue Coat has ranked .zip as “100% shady”.
This means that, according to the company, every single .zip domain its customers have visited is either spam, malware, a scam, a botnet, suspicious, phishing or potentially unwanted software.
The problem is that the entire .zip zone file currently consists of precisely one (1) domain.
That domain is, and it belongs to Google Registry. This is a pre-launch TLD.
As far as I can tell, Google Registry is not involved in distributing malware, spam, phishing, etc.
Nevertheless, Blue Coat said network administrators should “consider blocking traffic” to .zip and other “shady” TLDs.
The top 10 list of the worst TLDs includes .country, .kim, .cricket, .science, .work, .party, .gq (Equatorial Guinea) and .link.
That’s a mixture of Afilias, Minds + Machines, Famous Four and Uniregistry. The common factor is the low cost of registration.
The full Blue Coat report, which can be downloaded here, does not give any of the real underlying numbers for its assertions.
For example, it ranks .review, one of Famous Four Media’s portfolio, as “100% shady” but does not reveal how many domains that relates to.
If its customers have only visited 10 .review domains, and all of those were dodgy, that would equate to a 100% score, even though .review has over 45,000 domains in its zone.
At the other end of the table, .london’s score of 1.85% could have been positively affected by Blue Coat customers visiting a broader selection of .london domains.
The company claims that the report is based on “tens of millions” of domains, but I’d hazard a guess that most of those are in .com and other more established TLDs.
That’s not to say that there’s no truth in Blue Coat’s broader assertion that a lot of new gTLDs are full of garbage — do a Google search for .review sites and see if you can find anything worth looking at — but I don’t think its numbers are worth the pixels they’re written with.

Tagged: , ,

Comments (5)

  1. Rubens Kuhl says:

    One would have thought that the leader in traffic interception would know how to tell a domain from the in-server part of the URL.

  2. Acro says:

    The report is a new type of anti-gTLD propaganda, where beautifully crafted infographics assert to present accurate and objective data.
    As you pointed out, that’s hardly the case.
    A web site covering the story added references to a special exclusion of .XYZ from that list.
    Sounds to me that the gTLD civil war is raging on.

  3. tjotoole says:

    I liked the part about how .mil — a closed TLD run by the U.S. government — had .24 percent shady sites.
    That’s the news: US military under cyber-attack! (but just a little)

  4. James Gannon says:

    Blue Coat has a terrible reputation including censorship of security researchers:
    and supporting the building of national firewalls in China and Pakistan
    So it doesn’t surprise me that they continue to be as ignorant as this. When you have Yahoos (Now Facebooks) CISO asking for a public boycott of your products you know your doing something wrong.

Add Your Comment