Until now, the criminals behind malware and phishing have had only 22 generic top-level domain names (TLDs) to abuse—names like .com, .net or .org. But with hundreds of new TLDs entering the marketplace, e.g. .buzz, .email, and .shop, there are many more targets than ever.

Your reputation is at stake.

What can attackers do with domain names? As internet users, we’ve all experienced scams. Messages that look like they come from our bank and ask for our bank information. Or email promotions with our favorite store in the “From” line” only to take us to a website infected with malware. In every instance, we begin to lose trust in the exploited domain name extension.

And the risk to new TLD operators? Even greater. As newcomers to the domain name space, new TLDs must take the lead in protecting their TLD, brand and customers. No one can afford to be blacklisted and lose credibility in the marketplace.

Monitoring is a mandate.

In fact, The Internet Corporation of Assigned Names and Numbers (ICANN) requires that all TLDs have a solution in place to mitigate these threats (Specification 11):

“Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.”

Evaluating solutions? Look for these 3 features.

Building a dedicated threat mitigation team from scratch is costly and time consuming. For that reason, TLD operators may look to third parties for help. Here are three things to look for in evaluating solutions:

1. Threat Detection Make sure the solution you choose starts with comprehensive detection of today’s diverse threats. Top-shelf detection relies on multiple sources: external and internal data feeds, reported incidents and private security organizations.
2. Investigation Here, the human factor is paramount. Look for a dedicated team of experienced threat investigators, who can report malicious activity quickly and accurately. Resources include advanced malware analysis, secure testing labs and a proven evidence-gathering process.
3. Mitigation Your solution provider should not only detect and investigate threats but respond to them, too. This means sending notifications requesting action, and if necessary, taking action against offending domains.

Don’t wait for a phishing scam to stain your TLD. Be proactive and meet your mandate. Protect your customers, your reputation and your bottom line.

Learn more on how Neustar’s Registry Threat Mitigation Services can help protect your TLD at neustar.biz/threat-mitigation.

A version of this post originally appeared on the Neustar Blog.