|
Until now, the criminals behind malware and phishing have had only 22 generic top-level domain names (TLDs) to abuse—names like .com, .net or .org. But with hundreds of new TLDs entering the marketplace, e.g. .buzz, .email, and .shop, there are many more targets than ever.
Your reputation is at stake.
What can attackers do with domain names? As internet users, we’ve all experienced scams. Messages that look like they come from our bank and ask for our bank information. Or email promotions with our favorite store in the “From” line” only to take us to a website infected with malware. In every instance, we begin to lose trust in the exploited domain name extension.
And the risk to new TLD operators? Even greater. As newcomers to the domain name space, new TLDs must take the lead in protecting their TLD, brand and customers. No one can afford to be blacklisted and lose credibility in the marketplace.
Monitoring is a mandate.
In fact, The Internet Corporation of Assigned Names and Numbers (ICANN) requires that all TLDs have a solution in place to mitigate these threats (Specification 11):
“Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.”
Evaluating solutions? Look for these 3 features.
Building a dedicated threat mitigation team from scratch is costly and time consuming. For that reason, TLD operators may look to third parties for help. Here are three things to look for in evaluating solutions:
Don’t wait for a phishing scam to stain your TLD. Be proactive and meet your mandate. Protect your customers, your reputation and your bottom line.
Learn more on how Neustar’s Registry Threat Mitigation Services can help protect your TLD at neustar.biz/threat-mitigation.
A version of this post originally appeared on the Neustar Blog.
Sponsored byVerisign
Sponsored byRadix
Sponsored byCSC
Sponsored byDNIB.com
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byIPv4.Global
The basic problem is that I rarely receive a spam or scam e-mail that originates from the domain it purports to come from. And the operator of say the .com TLD can’t do anything about spam/scams originating from servers in the .ru or .biz domains. Mostly the e-mails originate from machines not directly associated with the actual spam/scam operators, and I don’t see where ISPs are going to completely shut down major corporate customers or large numbers of residential customers until those customers clean up the malware and botnet infestations that’re sourcing the e-mails.
As far as monitoring the domain, that’s going to be hard given that a TLD may be spread across thousands of ASNs and a single ASN may have servers from many TLDs in it if it belongs to someone like a data center provider.