Recent Posts
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
- Domain universe grows despite .com drag
SpamHaus now publishing better TLD abuse data
SpamHaus has updated its “10 Most Abused Top Level Domains” list to provide a much more useful insight into abuse levels.
Rather than simply showing unexplained percentages of “badness” in each TLD, the spam-fighting organization’s daily report now exposes the hard numbers, in domain terms, underneath.
For example, on today’s list Famous Four Media’s .download is the most-abused TLD with 82% bad domains.
That percentage is based on SpamHaus categorizing 11,431 domains as abusive of the 13,945 .download domains that crossed its systems.
But the gTLD has 67,500 domains in its zone file, so the actual percentage of abusive domains could be as low as about 17%, much lower than SpamHaus’s 82%.
Whether you think the 82% metric is fair will depend on whether you think SpamHaus’s sample — about 20% of the full .download zone — is representative.
Some of the other TLDs on its list have even smaller sample sizes.
Minds + Machines’ .work is ranked #2 on the SpamHaus list with 73.3% badness, based on a SpamHaus-seen sample of 6,297 domains, something like 7% of the full .work zone.
Registries criticized SpamHaus for publishing misleading data when this list was first published in March, and I agreed with them.
Now that the group is publishing empirical data alongside its percentages, the conversation can now shift to something along the lines of:
“Is it okay that at least 17% of .download domains are abusive?”
To which the answer I believe is a clear: “Hell, no.”
The SpamHaus daily report can be found here.
You are misunderstanding the data.
Certainly .download may have 67,500 domains in its zone file, but only 13,750 active .download domains have been seen by Spamhaus’ systems in the last 2 weeks (the rolling period the charts are based on), which means 53,750 .download domains are simply not in use, i.e: not active… i.e: they are parked.
Spamhaus does not take parked domains into account.
I am not misunderstanding the data. You may be misunderstanding the article.
OK, just pointing out that your article appears to be saying Spamhaus should include .download’s 53,750 inactive (parked) domains in the formula otherwise the result is based on only “about 20% of the full .download zone”.
But the fact is, only “about 20%” of the full .download zone is active, meaning “80%” of the full zone file is inactive/parked unused domains. What Spamhaus is saying is: Of the active domains in the full zone file, 82% are abusive.
By the same reasoning: Car maker makes 1000 cars. Only 100 of those cars are on the road, the rest are all parked in a field waiting to be shipped. Of the 100 cars driving on the road, 82% burst into flames. The car maker then says “Well, it’s not 82% because we made 1000 and the other 900 haven’t burst into flames (‘coz none of them have been driven yet)”… that would be quite disingenuous ๐
We seem to differ as to what constitutes an “active” domain.
By my definition, an active domain is one that appears in the zone file. By yours, an active domain is a domain that SpamHaus has seen.
The domains that appear in the zone file are of course a subset of the overall domains that have been registered. I would consider a registered domain that is not in the zone file as inactive.
But the main thrust of the article is this: before Spamhaus started reporting its sample size, it was possible for people to say “Look, 80% of the domains .EXAMPLE have sold are abusive!” which was not necessarily true.
Now we have better data, we can have better arguments about the extent of abuse in TLDs new and old ๐
Obviously we differ completely on what constitutes and active domain. Spamhaus defines “active” as “actually being used on the internet, not dormant or parked”.
The abuse solution for Registries then is simple: add one Billion random dormant domains to your zone file and insist folks use the full zone file count in any stats concerning visible abuse. Then abuse stats will always be a mere tiny “0.001% abused”. Problem solved! ๐
Parked domains are active by definition. If you visit them in your browser they resolve to web sites. If you click on the ads you see there somebody will get paid. They’re fully functioning commerce web sites.
They may be low-value web sites but they’re not in any sense “inactive” as I understand the word.
If a registry were to add a billion dormant domains to their zones just in order to fool Spamhaus’s stats, it would cost them $250,000,000 in ICANN fees, btw.
Luc, could you clarify how SpamHaus see non-spam active domains ? I would imagine devices like SpamPots only getting spam all the time without any ham.
Key takeaway: inverse relationship between price and amount of domains used for spam.
True dat.
Luc – On the subject of parked domains, I’ve seen this scheme being used by abusive domains: while the “www” variant is indeed parked, another host name is created and serves malware. So far seen this with .xyz domains. The hostnames can vary from “pcrepair” to random strings. Perhaps Spamhaus needs to expand on its definition.
The “percentage of abusive” TLDs metric is deceptive, since it only looks at the tip of the iceberg. Overall volume is more reflective of what end-users actually see in their inboxes. The spam rates for higher volume TLDs are com (6.3%), net (7.3%), and info (11.3%). If you multiply those percentages by the sizes of those zone files – even subtracting parked pages or whatever else Spamhaus doesn’t count – you get numbers that make .download look like a tiny gnat in a swarm of abuse.
If you’re going to publish “percentage of abusive”, you ought to at least also publish “overall abuse” as a companion metric. Percentage of abuse alone really disguises the problem.
That’s possibly true for some users (not me — almost all the spam that makes it to my inbox is from new gTLD domains), but if Spamhaus is trying to make the point that some registries are not doing enough to combat abuse (which I think it is) there is probably some value in the “percentage of abuse” numbers.
Kevin, this might me actually evidence of what Bret’s saying.
You see, anti-spam filters evolve based on what they see. The fact that your anti-spam filters are leaking new gTLDs could be interpreted as evidence that filter vendors are seeing way more spam from legacy TLDs.
To put things in perspective, if you took out 100% of all spam using new gTLDs at the cost of 1% effectiveness on detection over legacy TLDs, you would get the same or more spam.