[CPWG] DNS Abuse and Content Abuse Issues
John McCormac
jmcc at hosterstats.com
Tue May 4 01:17:28 UTC 2021
On 03/05/2021 17:37, Evan Leibovitch wrote:
>
> On Fri, 30 Apr 2021 at 02:59, John McCormac via CPWG <cpwg at icann.org
> <mailto:cpwg at icann.org>> wrote:
> Hi John,
>
> The problem, in terms of phishing, is probably worse in the new gTLDs
> were low registration fees make this kind of activity more economically
> feasible. There was a survey (SIDN related) cited in the CCT report
> that
> mentioned that a lot of problematic content shifted from the legacy
> gTLDs to the new gTLDs.
>
>
> It appears to me that this issue can probably be traced back to a fairly
> small number of new gTLDs whose business models stress high volume and
> domain prices low enough to be disposable. It strikes me that many of
> the new gTLDs are not cheaper than the legacy ones and are making at
> least a superficial stab at identity and taxonomy.
>
> Is there benefit in your research in isolating the disposable-domain
> TLDs from the others? Or do all of them -- even the ones who are
> promoting themselves based on identity -- have this problem?
>
It was an economic shift, Evan,
The problem domain names seem to rely on either stolen payment details
or other methods of payment. The heavily discounted registration fees
made some forms abuse economically more viable.
The spreadsheet for the December new gTLDs Web Usage survey is
available. I only posted the CNOBI results to the list. In terms of
phishing, it might be easier to run a simple keyword search on the zone
files for domain names not using the "official" nameservers for a brand
and group them by gTLD. Some of the more obvious phishing domain names
have a brand name and the word "account" or similar as part of the
domain to make it seem like the recipient has to validate their account.
From just a brief glance, it seems to be the discounted gTLDs that have
more obvious examples of the problem. At the moment, I'm running a full
gTLD (legacy and new) website/IP address survey and some of these
phishing domain names are apparent.
The higher priced new gTLDs tend to be relatively clean as the higher
regfee acts as a deterrent to the more opportunistic phisher. One thing
is clear. Heavy discounting on a gTLD with some development results in a
collapse in the rate of development in that gTLD and locks the registry
into a dependence on discounting as a business model. Some of the gTLDs
that had used discounting have shifted towards increased renewal fees to
maintain volume. The .ICU gTLD was one of the major discounters and it
went from about 6 million registrations in early 2020 to around 600K at
present. As a business model, as long as the basic fees and costs are
covered, the registry can make money. The renewal rate on most of these
discounted registrations is typically below 10%. The first renewal rate
for some of the legacy gTLDs is over 50% and ccTLDs often break 70%.
The SIDN report covered all gTLDs but noted the shift from the legacy
gTLDs. Discounted gTLDs have very different registration and usage
patterns to the mature gTLDs. The registration spikes tend to last for a
few months before falling back to a steadier pattern and there is often
a geographical nature to the spikes. It would be possible to run the
stats on this but it would take some time. There is a monthly Quick
Delta report that compares the zone files with the zone files from a
year ago to check what domain names are still present. Some gTLDs have
between 60% and 80% zone replacement (domain names from previous year
not in current zone).
Regards...jmcc
--
**********************************************************
John McCormac * e-mail: jmcc at hosterstats.com
MC2 * web: http://www.hosterstats.com/
22 Viewmount * Domain Registrations Statistics
Waterford * Domnomics - the business of domain names
Ireland * https://amzn.to/2OPtEIO
IE * Skype: hosterstats.com
**********************************************************
--
This email has been checked for viruses by AVG.
https://www.avg.com
More information about the CPWG
mailing list