Home / Blogs

Is Your New TLD Protected Against Phishing and Malware?

Until now, the criminals behind malware and phishing have had only 22 generic top-level domain names (TLDs) to abuse—names like .com, .net or .org. But with hundreds of new TLDs entering the marketplace, e.g. .buzz, .email, and .shop, there are many more targets than ever.

Your reputation is at stake.

What can attackers do with domain names? As internet users, we’ve all experienced scams. Messages that look like they come from our bank and ask for our bank information. Or email promotions with our favorite store in the “From” line” only to take us to a website infected with malware. In every instance, we begin to lose trust in the exploited domain name extension.

And the risk to new TLD operators? Even greater. As newcomers to the domain name space, new TLDs must take the lead in protecting their TLD, brand and customers. No one can afford to be blacklisted and lose credibility in the marketplace.

Monitoring is a mandate.

In fact, The Internet Corporation of Assigned Names and Numbers (ICANN) requires that all TLDs have a solution in place to mitigate these threats (Specification 11):

“Registry Operator will periodically conduct a technical analysis to assess whether domains in the TLD are being used to perpetrate security threats, such as pharming, phishing, malware, and botnets. Registry Operator will maintain statistical reports on the number of security threats identified and the actions taken as a result of the periodic security checks. Registry Operator will maintain these reports for the term of the Agreement unless a shorter period is required by law or approved by ICANN, and will provide them to ICANN upon request.”

Evaluating solutions? Look for these 3 features.

Building a dedicated threat mitigation team from scratch is costly and time consuming. For that reason, TLD operators may look to third parties for help. Here are three things to look for in evaluating solutions:

  1. Threat Detection Make sure the solution you choose starts with comprehensive detection of today’s diverse threats. Top-shelf detection relies on multiple sources: external and internal data feeds, reported incidents and private security organizations.
  2. Investigation Here, the human factor is paramount. Look for a dedicated team of experienced threat investigators, who can report malicious activity quickly and accurately. Resources include advanced malware analysis, secure testing labs and a proven evidence-gathering process.
  3. Mitigation Your solution provider should not only detect and investigate threats but respond to them, too. This means sending notifications requesting action, and if necessary, taking action against offending domains.

Don’t wait for a phishing scam to stain your TLD. Be proactive and meet your mandate. Protect your customers, your reputation and your bottom line.

Learn more on how Neustar’s Registry Threat Mitigation Services can help protect your TLD at neustar.biz/threat-mitigation.

A version of this post originally appeared on the Neustar Blog.

By Jeff Neuman, Founder & CEO, JJN Solutions

He has been instrumental in providing policy assistance and advice in the fields of internet governance, intellectual property protection and domain name policy since the mid-1990s. Jeff has served in key business, policy and legal roles in the domain name industry for more than 20 years. The views expressed herein reflect my own beliefs.

Visit Page

Filed Under


Problems don't originate from the TLD Todd Knarr  –  Jun 20, 2014 1:32 AM

The basic problem is that I rarely receive a spam or scam e-mail that originates from the domain it purports to come from. And the operator of say the .com TLD can’t do anything about spam/scams originating from servers in the .ru or .biz domains. Mostly the e-mails originate from machines not directly associated with the actual spam/scam operators, and I don’t see where ISPs are going to completely shut down major corporate customers or large numbers of residential customers until those customers clean up the malware and botnet infestations that’re sourcing the e-mails.

As far as monitoring the domain, that’s going to be hard given that a TLD may be spread across thousands of ASNs and a single ASN may have servers from many TLDs in it if it belongs to someone like a data center provider.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign


Sponsored byVerisign