[dns-operations] Percentage of new domains that are "bad"?

Paul Vixie paul at redbarn.org
Mon Feb 15 18:19:36 UTC 2016

Rick Wesson wrote:
> I suspect that you have imagined the statistic. I do keep up with daily
> new and deleted registrations. So many of them are crap, they are not
> bad, just useless.

that observation may be accurate for the daily differences seen in the 
zone files available through ICANN ZFA. it is demonstrably untrue for 
newly observed domains seen in passive DNS. note, registration and first 
use are different populations.

> ...
> If you had been able to describe the 85% then I might be able to tell
> you which paper, but without the context of describing the age range and
> clearly defining "bad" I must only believe that you made the statistic up.

see below.

> On Mon, Feb 15, 2016 at 7:19 AM, Allan Liska <allan at allan.org
> <mailto:allan at allan.org>> wrote:
>     I thought I read somewhere that 85% of newly registered domains are
>     "bad" (spam, phishing, delivering malware, etc).  I have been
>     searching all morning and can't find that statistic, the closest I
>     have been able to come is the BlueCoat study from last year
>     (http://www.thedomains.com/2015/09/01/bluecoat-study-top-10-shady-sites-in-new-gtlds-is-severely-flawed-as-unlaunched-zip-is-1/).
>     Is anyone familiar with the statistic and where it originated or did
>     I imagine the whole thing?

i've just put online the paper we submitted to RAID 2015 (Kyoto), which 
was accepted in poster form, so the Proceedings only have the poster form.


P Vixie

More information about the dns-operations mailing list