The undersigned global businesses and their customers depend upon the continuing security, stability and resiliency of the Internet, and thus have significant interests in domain name industry issues and outcomes. We are amongst the leaders in working to protect the interests of customers and those of the broader Internet from domain name system (DNS) abuse, in various ways. As long standing participants in ICANN- and industry-related conversations and policymaking, we are contacting you with our concerns about serious harm occurring to Internet users, and a request for action that we believe would serve the interests of the broader community.
- The 25 most exploited TLDs account for 95% of the abuse complaints submitted to DAAR.
- Five TLDs alone are responsible for more than half of abuse complaints.
- The number of abused phishing domains in legacy gTLDs is mainly driven by the .com gTLD and at the end of 2016 represents 82.5% (15,795 of 19,157) of all abused legacy gTLD domains considered in this study.
- …the five new gTLDs suffering from the highest concentrations of domain names used in phishing attacks listed on the APWG domain blacklist in the last quarter of 2016 collectively owned 58.7% of all blacklisted domains in all new gTLDs.
- …we observe as many as 182 and 111 abused .work and .xyz domains, respectively. The results indicate that the majority of .work domains were registered by the same person. 150 domains were registered on the same day using the same registrant information, the same registrar, and the domain names were composed of similar strings. Note that only 150 abused domains, blacklisted in the third quarter of 2015, influenced the security reputation of all new gTLDs.
- ...the overwhelming majority of malware domains, which were categorized as compromised, belong to one of four new gTLDs: .win, .loan, .top, and .link (77.1%, which represents 19,261 out of 24,987 domains).