[dns-operations] Bluecoat report on newer TLDs heavily used for botnet C&C, phishing, and spamming.

David Conrad drc at virtualized.org
Thu Sep 3 20:47:07 UTC 2015


Roland,

On Sep 3, 2015, at 11:27 AM, Roland Dobbins <rdobbins at arbor.net> wrote:
> .pdf download (kind of sensationalistic layout, but still useful info):
> 
> <https://www.bluecoat.com/documents/download/895c5d97-b024-409f-b678-d8faa38646ab>

To be honest, I'm unsure of the usefulness due to the lack of information about methodology (e.g, what does "Percentages are based on categorizations of web sites actually visited by our 75 million users" mean? What standards are being applied for those categorizations and by whom? What exactly does "suspicious" mean? etc.), factual errors (e.g., "Each of these TLDs has hundreds, or thousands, or tens of thousands of rated websites" -- .ZIP has exactly 1 registration, NIC.ZIP), as well as what appears to be the newbie mistakes (.ZIP URI vs. TLD mentioned by Ruben). It reads to me more like a non-technical, glossy (and apparently quite successful) marketing exercise with little real substance.

That is not to say there isn't a problem with abuse infecting the new gTLDs, however the latest data I've seen from Architelos' NameSentry report indicates that the normalized number of domains identified as being used for abuse in the new gTLDs remains below domains used for abuse in legacy TLDs (although the new gTLDs appear to be catching up). I just have questions about the value of the Bluecoat report.

Regards,
-drc

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150903/93c03597/attachment.sig>


More information about the dns-operations mailing list