Home / Blogs

DotSpam? Certain New gTLDs Rapidly Outpacing Legacy TLDs in Terms of Abuse

Would you like to hear about how to treat your psoriasis? Where to get a cheap oil change? How to flatten your belly? Achieve a stronger sexual life? Cheap toner? Annuities? Herpes? Bed bugs? Free energy? Varicose-Veins? Herpes? Saggy skin? Arthritis? Overactive bladder? Drug addiction? Herpes?


Well, that’s too bad, because that you are going to hear about it whether you like it or not. Many of the messages about these and other subjects are being carried to you via new gTLDs. KnujOn has just completed and published a public report concerning abuse and abuse handling. In terms of gTLD abuse, there is a clear trend: certain new gTLDs are rapidly outpacing the legacy TLDs in terms of abuse. All the parties detailed in the report were contacted before publishing and several have responded proactively. While some of our data supports the recent findings of Spamhaus, the release is completely coincidental.

Beyond the DNS abuse statistics, this report analyzes ICANN’s website in terms of functionality from a consumer’s perspective. What we find is that there is no clear information and no obvious plan to address Internet user issues, regardless of how much ICANN talks about the importance of the Internet user and consumer. Looking past the website we analyze what actual steps ICANN is taking to address consumer issues. Unfortunately, since I wrote about this issue in 2015 virtually nothing has changed. This is despite the fact that the 2009 Affirmation of Commitments required ICANN to consider consumer protection and malicious abuse issues BEFORE the new gTLDs were implemented. Actually involving consumers makes the difference between a multistakeholder model and an Internet we are all merely subjected to.

We don’t want to give away the details here of which new gTLDs have a specific pattern of abuse, but anyone is welcome to download and review our science-based report concerning the trade in spammed domains. We have faith that this is the most accurate report to-date. If the responsible party properly addresses the issues we can all win. After that we will have time to play cricket and film it with a webcam.

By Garth Bruen, Internet Fraud Analyst and Policy Developer

Filed Under


There are only 12 legacy TLDs, so Mason Cole  –  Mar 10, 2016 6:05 PM

There are only 12 legacy TLDs, so obviously if you do a top 25 list, the majority will not be legacy.  It is mathematically impossible for a top 25 not to be more new TLDs than legacy TLDs.  It is just a name volume issue.  Bruen’s premise is somewhat flawed.  Five legacy TLDs rank in the top 16 most untrustworthy domains.  Bruen could easily have concluded that 40 percent of legacy TLDs are among the 16 worst domains while fewer than 3 percent of new TLDS make up the top 16 most untrustworthy domains. 

Further, Bruen’s research found that 10 — or half of all the new TLDs on his list were sponsored by one company: Famous Four Media.  So, are we talking about a new TLD issue or a Famous Four Media issue?  Likely the latter.There is no room in the domain industry for a registry that apparently turns its head to fraud and abuse.  Famous Four Media is definitely an outlier among new TLD operators. 

In fact, this week dozens of new TLD operators, content providers, consumer advocates, law enforcement and other members of the domain ecosystems met at ICANN 55 to further the Domain Name Association’s Healthy Domains Initiative.  The HDI focuses on domain name industry best practices principles and programs.  It currently is focused on categorizing and organizing the current landscape of online abuse to determine where priorities should be focused.

Fraud and abuse is a challenge for all TLDS — whether you are a legacy or not.  Let’s have research that focuses on solutions and doesn’t use skewed logic in an attempt to make headlines.

"Certain" and "higher rate" Garth Bruen  –  Mar 30, 2016 2:46 PM

Mason, I think you’re missed my point, but I haven’t missed your’s and it quite interesting. First, you should note the the “certain” which indicates not all. The point is that these new gTLDs in particular have HIGHER rates than the legacies. If you look at the details in the full report, you’ll see I make the point that the legacies are only on this list due to volume. If projections continue at pace, legacies may no longer be the source of problems but rather a collection of rogue new gTLDs. Also this is about concentrations of abuse and their possible sources. For example, in the problematic collection you cite their is ONE registrar, Alpnames, responsible for most of the abusive registrations (over 90% in some cases). We, of course, contacted them ahead of publishing and part of their response suggested that ALL spam reporting statistics were somehow manipulated and therefore wrong. Hmmm. However, in your response you seem to be aware of the issues at Famous Four Names which confirms some relationship with the most prominently reported new gTLDs and their most prominently reported registrar. In another example we look at the problematic gTLD .XYZ (cite other info) 82.34% of the reported domains were at one registrar, NAMECHEAP. Again, we contacted NAMECHEAP about the problem who responded non-committally because “the information provided is not enough for us to start an internal investigation”. For sure, there will be more specific information like this attempted XYZ-based hijack registered to eNom and using Namecheap's WhoisGuard. In terms of your last point about the safe domains initiative, I’m all for it. However, there is an inherent problem. It’s great that the rgry community has put this initiative forward, but ICANN was supposed to create protections for the greater Internet community according to the AoC but have not really done anything. In fact, there is no plan within ICANN protect consumers and the program is a train-wreck. I’ll be detailing what I mean in a separate blog.

This report is odd. It ranks TLDs Kevin Murphy  –  Mar 17, 2016 12:34 PM

This report is odd.

It ranks TLDs based on a “score” where a score below 50 is said to indicate abuse.

But there doesn’t seem to be any discussion of how the score was calculated, what the scale is, or what it means.

I tried to find prominent links to “Methodology” on the Knujon site, but failed.

Therefore I give the report a rating of 7.69 on the Murphy Scale.

Responses are Odd Garth Bruen  –  Mar 30, 2016 2:58 PM

Kevin, From page 27: "The factors for scoring are varied but include the number of abused domains in contrast to the registrar’s portfolio, the number of reported instances, and many other data points. 12 registrars with scores below 100 are listed here with details of the administrators with the most reported abused domains." Contracted parties may assume this report was written specifically for them, but it wasn't. However, this explains the attention to the back section of a report which is actually focused on ICANN's failures to reach out to consumers or attempt to protect them in any way. So I give you a C+ for your criticism.

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Domain Names

Sponsored byVerisign


Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

New TLDs

Sponsored byRadix


Sponsored byDNIB.com