Home / Blogs

New gTLD Abuse Trends Beginning to Emerge

With just over 2.4 million New gTLDs registered, abuse trends are beginning to emerge.

Earlier this month we conducted a review of the top 100 most highly-trafficked Web property names across the top 5 most popular new gTLD registries. It is apparent that the abuse we had expected has occurred—just not where we had anticipated.

For example, .Wang leads the pack in terms of abusive registrations with 47% of the top 100 Web property names registered to third-parties. For the other top TLDs which include .XYZ, .Berlin, .Club and .Guru—abusive registrations hover around the 30% mark.

It is worth notating that at the time of this study, only 4% of the most highly-trafficked Web property names were legitimately registered by brand owners in .Wang, compared to .XYZ, .Berlin, .Club and .Guru where brand owners registered or blocked 16% -26% of the 100 most highly-trafficked Web property names.

Undoubtedly, these figure will continue to evolve, especially as Collision list names become available for registration—and of course, we’ll continue to monitor.

By Elisa Cooper, Head of Marketing, GoDaddy Corporate Domains

Filed Under


Do you have these numbers aggregated by registrar? Suresh Ramasubramanian  –  Sep 30, 2014 4:22 AM

Where are these registrations coming from? They are likely to follow some fairly familiar patterns found in the abusive registration of domains from other gTLDs and ccTLDs - and possibly by the very same players.

This posting, unfortunately, is aggressively erroneous. Mason Cole  –  Sep 30, 2014 3:58 PM

This posting, unfortunately, is aggressively erroneous.  It implies that 30% of .guru names are “abusive”—which cannot be further from the truth.  The “study” only looked at 100 names (which have not been disclosed) and never looked at the usage of any of them.

The loose definition of “abusive” leads a reader to believe that a registrant other than a trademark holder can have only bad intent for the name’s use.  For example, a registrant could justifiably register a name, such as ebay.guru or xbox.guru for authorized sellers or users to use, without it being infringing or abusive.  Keep in mind that brandholders that aren’t the registrant generally choose not to be as they had first crack at registering or blocking their names. 

The definition of abuse in the domain industry context typically has to do with stability and security concerns—e.g., phishing, malware distribution, spamming, etc.  Careless use of the term, such as in this case, is misleading at best.  Abuse, according to ICANN’s own research, occurs in far lesser percentages in new gTLDs than it does in .COM and other legacy gTLDs. 

In the case of true trademark abuse, Donuts, and other registries as well, offer extensive sets of tools to address trademark infringement, all of which are not only available to intellectual property holders but have been widely embraced and put to use by rights holders.  MarkMonitor’s posting should clarify, unambiguously, that the methodology applied here gives an overbroad impression that new gTLDs are fertile ground for abuse, and that significant tools are in place to address not only trademark infringement, but true security and stability abuse.  This industry is growing tired of doomsday scenarios about new gTLDs and deserves facts to be put forward responsibly.  MarkMonitor, which has incentive to frighten brandholders and sell more defensive registrations, should know better than to than to make this misleading post.

More Information Elisa Cooper  –  Sep 30, 2014 4:33 PM

To clarify, any top 100 web property names registered to third-parties in any of the top 5 TLDs were categorized as “Abusive”. Furthermore, this analysis is meant to describe the patterns of registration behavior, and is not in any way meant to call into question the practices of the registries. All of these top 5 registries adhered to the mandatory RPMs, and in the case of .Guru – the registry even went beyond the basic RPM requirements by offering blocking.

I suspected as much Suresh Ramasubramanian  –  Sep 30, 2014 4:43 PM

Elisa, it looks like you will have to explicitly (re)define the term "abusive registration" when you use it in a context rather different than what most people assume at first - spam, phishing and malware for instance. I do wish you wouldn't drag your disputes with domainers into the picture. It gets confusing when you use ambiguous wording to do so. There ARE quite a few registrars that register substantial volumes of abuive domains, and registries that are more heavily infested than others, and the actually abusive domains that keep cropping up are more than enough work to mitigate, without attempting to drag brand enforcement into the picture.

@Elisa: Where were you expecting to see Alex Tajirian  –  Sep 30, 2014 5:43 PM

@Elisa: Where were you expecting to see abuse? Are you defining abuse as domains not “legitimately registered by brand owners”? What is an illegitimate registration by a brand owner?  How do you define abuse? If a name is registered to a “third-part[y]”, does it necessarily imply abuse?  And, more importantly, what is the solution? Nevertheless, I don’t like the use of property to refer to domain names, as the debate continues.

@Suresh: Good points!

Details? Philip S. Corwin  –  Oct 1, 2014 4:59 AM

Is MarkMonitor planning to release this study for public review? Without the data it is difficult to judge the claims.

Phishing and new TLDs Mason Cole  –  Oct 1, 2014 3:05 PM

Meanwhile, the Anti-Phishing Working Group published a comprehensive study, including comprehensive data, which says in part:  “As of this writing, the new gTLD program has not resulted in a bonanza of phishing.”


Similar data from MarkMonitor would be welcomed for a more reasoned discussion.

Your Comments Elisa Cooper  –  Oct 1, 2014 4:27 PM

1. @Alex - I had not expected .XYZ, .WANG or .GURU to have gained such popularity.
2. @Suresh - We surmised that domains registered consisting solely of a globally recognized brand registered by an unrelated third-party is likely abusive.
3. @Phil - The research we conducted was very straight-forward. However, I do not wish to expose or embarrass any brand owners, and for that reason, I am not releasing the raw data.
4. @Mason - I never claimed that these registrations were being used for Phishing scams. However this report http://www.worldtrademarkreview.com/Blog/detail.aspx?g=679f2763-dc11-4016-88ef-9391c0e6d50b has similar findings to those I found, and in fact found that in some instances, more than 50% of brands were registered to third-parties.

I think I'll take issue with your Todd Knarr  –  Oct 2, 2014 5:49 AM

I think I'll take issue with your definition of abuse in #2. Is it abuse for Ronald McDonald (his legal name) to register mcdonalds.com as the domain for his restaurant? Bear in mind that he was using that name 5 years before the better-known McDonald's chain applied for a trademark on the name. Is it abuse for MacDonald's Family Restaurant in Grand Cayman (no relationship to the previous McDonald's Family Restaurant) to register the obvious domain for their restaurant? After all they do hold a valid trademark. And then there's the recent spat over the iPhone trademark in Brazil, where IGB had applied for the trademark on iPhone 6 years before Apple did. Would it have been abuse for a trademark holder of iPhone to register iphone.com if they weren't Apple? Note that in the first 2 cases the courts ruled against the large brand, and in the third the courts allowed Apple to use the name iPhone but didn't give it exclusive rights to the name. This is one of the problems that comes up, because trademark law itself recognizes that there may be many entities with rights to a particular name depending on geographic location and field of business or other usage (see famously the Apple Computer vs. Apple Records dispute). Your definition of "abusive" seems so broad as to include legitimate trademark holders and others with legal rights to a name using that name to identify their own Web site, and that strikes me and many others as wrong.

@Elisa: Not sure if “not expected .XYZ, Alex Tajirian  –  Oct 1, 2014 4:48 PM

@Elisa: Not sure if “not expected .XYZ, .WANG or .GURU to have gained such popularity” is referring to the number of registrations or abuse? Moreover, I cannot speak for @Philip, but I am not sure that he was asking to release the “raw data”; I certainly wasn’t.  I have a feeling that you dug yourself into big hole

Without data there is no way to judge the level or significance of claimed 'abuse' Philip S. Corwin  –  Oct 1, 2014 5:36 PM

Let me address this to MarkMonitor rather than to you Elisa, so that there is nothing personal in this comment.
I don’t think anyone familiar with new gTLDs disputes that there is some “abuse” going on. But the real questions include what is the overall level of abuse, what types of behavior are included within the term “abuse”, and to what extent has this “abuse’ caused demonstrable harm to brand owners or consumers?
The only way to judge that is to share the data, not just publish unsubstantiated claims.

Let me give an example—back in February the Reed Smith law firm released a report on TM infringement at .bike, at http://www.reedsmith.com/Report-on-the-Initial-gTLD-Launch-Taking-a-Ride-with-BIKE-02-11-2014/ It showed that of twenty well known bicycle manufacturers only four had registered their own name at .bike; they listed the 20 brands and the registration status of each. Now that is useful information. And maybe those manufacturers who didn’t register their company name at .bike should be a bit embarrassed.

But let’s say that someone other than Google registered google.bike. Now that may be ‘abuse”, as well as being idiotic because the domain can be readily shut down by a URS or transferred via a UDRP if a C&D;letter doesn’t do the trick. But is it meaningful abuse? What are the odds of anyone typing in google.bike? While Google has bikes at its HQ, it does not manufacture bikes whether human or autonomous.

Just a charge of registration abuse is insufficient to judge whether the abuse is meaningful in any way. What if the website is dark? What if there is some questionable content but no meaningful traffic? None of that excuses the original abuse but it does put it in a useful context.

As for not publishing the data out of concern that brand owners might be embarrassed, I don’t find that convincing. Now if Google doesn’t register Google.search that would be embarrassing. But why should Google register at .bike, or be embarrassed that they haven’t?

So I would urge MM to provide the data so that others can judge the extent and severity of the claimed abuse. This is especially important in the policy area—ICANN will be reviewing the RPMs for new gTLDs starting in 2015, and is also starting to discuss the second round and what if any changes should be made in the Applicant Guidebook for it. Those engaged in that debate will be expecting that those who advocate RPM or program changes (and I am not assuming that MM will seek any, just noting the possibility) based on claims of “abuse” will provide documented substantiation of those claims. Allegations absent evidence are not going to get very far.

Agree here with Phil Mason Cole  –  Oct 1, 2014 6:10 PM

This of course is not personal. Unfortunately, without the data, it's simply not clear what level of "abuse" is actually present. As previously stated, registration by another party does not necessarily constitute infringement (a better term vs. "abuse" in this undefined context). It's understandable not wanting to embarrass someone who may have missed a name, but it's equally troublesome to have to try disproving a negative without seeing the relevant names and conducting a thorough analysis. Phil is correct that some in the ICANN environment are quick to judge that negative for their own reasons, and even without the data; for other reasons of at least equal merit, we need fact-based discussions with detailed data, and associated fact-based policy development.

Without clear data this post seems to Michele Neylon  –  Oct 2, 2014 12:29 PM

Without clear data this post seems to be a case of fluffy scare-mongering PR.

The APWG’s latest report is much more plausible and worth looking at.

Were legacy gTLDs or ccTLDs studied? Mason Cole  –  Oct 2, 2014 3:23 PM

e.g., for .COM, .NET, .DE, .CO, .TV?

free speech works well Ray Fassett  –  Oct 2, 2014 4:35 PM

It appears the basic premise of the research report is to equate the “top 100 most highly-trafficked Web property names” as “globally recognized brands”.  That’s one big leap.  Is the 101st most highly-trafficked Web property name a globally recognized brand? 

Of course, using a “famous” trademark list would be most ideal to label as a “globally recognized brand” to premise such a research study.  Except for the little detail the IP community itself can’t agree upon such a list.

But’s that’s ok.  Let’s talk about “famous” trademarks and “abuse” any way so that we can just ignore the whole “infringement” burden.  Under these ground rules sure enough the research indicates the mere registration of “apple” by anyone other than the operator of this “top 100 most highly-trafficked Web property name” is, in and of itself, a registration abuse.  Sidebar:  raise your hand if you think the registrant of apple.org is a domain name registration abuser.

There are going to be some that read the research conclusions and say “look what Markmonitor said”.  Then there will be others that say “yeah, look what Markmonitor said”.

This is all ok because we all believe in free speech.

@Ray: Does believing in free speech allow Alex Tajirian  –  Oct 2, 2014 8:08 PM

@Ray: Does believing in free speech allow me to yell Fire in a movie theater?

Alex, no. Believing in free speech means Ray Fassett  –  Oct 2, 2014 11:20 PM

Alex, no. Believing in free speech means you can't (unless of course there really is one).

Speaking of abuse in new gTLDs .. Suresh Ramasubramanian  –  Oct 9, 2014 7:03 AM

At least on my personal spamtrap (I only speak for myself on circleid) I’m seeing huge numbers of actually abusive (as in spam / phish etc) domains registered in the new .link TLD.

This doesn’t appear to be parked domains of any sort, just saying. 

Uniregistry and any registrars that register .link domains are requested to watch out for and damp down this actually abusive behavior.

SureshWhat are you actually asking registrars and Michele Neylon  –  Oct 9, 2014 3:55 PM

Suresh What are you actually asking registrars and registries to do? Police their registrations? Or simply act on abuse reports? Michele

To some extent, both Suresh Ramasubramanian  –  Oct 9, 2014 5:07 PM

You could ask other registrars for what they think. And gTLD / ccTLDs registries. Published best practices in this area are still evolving but well, they are there and are common knowledge among multiple registrars and registries,

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC

Threat Intelligence

Sponsored byWhoisXML API


Sponsored byDNIB.com

Domain Names

Sponsored byVerisign


Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global