[dns-operations] Percentage of new domains that are "bad"?

Rick Wesson rick at support-intelligence.com
Mon Feb 15 17:43:41 UTC 2016

I suspect that you have imagined the statistic. I do keep up with daily new
and deleted registrations. So many of them are crap, they are not bad, just

Also what is new? You will need to define the timeframe. If your time frame
is < 5 days then I'd say most of the newly registered domains are to test
traffic. If you say new domains are under one year, I'd say some of them
are malicious but it is because of a server compromise.

There are less and less domains registered for malicious intent, the most
popular being botnet DGA C2 infrastructure.

If you had been able to describe the 85% then I might be able to tell you
which paper, but without the context of describing the age range and
clearly defining "bad" I must only believe that you made the statistic up.


On Mon, Feb 15, 2016 at 7:19 AM, Allan Liska <allan at allan.org> wrote:

> I thought I read somewhere that 85% of newly registered domains are "bad"
> (spam, phishing, delivering malware, etc).  I have been searching all
> morning and can't find that statistic, the closest I have been able to come
> is the BlueCoat study from last year (
> http://www.thedomains.com/2015/09/01/bluecoat-study-top-10-shady-sites-in-new-gtlds-is-severely-flawed-as-unlaunched-zip-is-1/).
> Is anyone familiar with the statistic and where it originated or did I
> imagine the whole thing?
> Thanks!
> allan
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160215/cffc1d77/attachment.html>

More information about the dns-operations mailing list