[dns-operations] Percentage of new domains that are "bad"?

Rick Wesson rick at support-intelligence.com
Mon Feb 15 19:47:22 UTC 2016


Can you define first use? does this mean the first time you saw the domain


On Mon, Feb 15, 2016 at 10:19 AM, Paul Vixie <paul at redbarn.org> wrote:

> Rick Wesson wrote:
>> I suspect that you have imagined the statistic. I do keep up with daily
>> new and deleted registrations. So many of them are crap, they are not
>> bad, just useless.
> that observation may be accurate for the daily differences seen in the
> zone files available through ICANN ZFA. it is demonstrably untrue for newly
> observed domains seen in passive DNS. note, registration and first use are
> different populations.
> ...
>> If you had been able to describe the 85% then I might be able to tell
>> you which paper, but without the context of describing the age range and
>> clearly defining "bad" I must only believe that you made the statistic up.
> see below.
> On Mon, Feb 15, 2016 at 7:19 AM, Allan Liska <allan at allan.org
>> <mailto:allan at allan.org>> wrote:
>>     I thought I read somewhere that 85% of newly registered domains are
>>     "bad" (spam, phishing, delivering malware, etc).  I have been
>>     searching all morning and can't find that statistic, the closest I
>>     have been able to come is the BlueCoat study from last year
>>     (
>> http://www.thedomains.com/2015/09/01/bluecoat-study-top-10-shady-sites-in-new-gtlds-is-severely-flawed-as-unlaunched-zip-is-1/
>> ).
>>     Is anyone familiar with the statistic and where it originated or did
>>     I imagine the whole thing?
> i've just put online the paper we submitted to RAID 2015 (Kyoto), which
> was accepted in poster form, so the Proceedings only have the poster form.
> https://www.farsightsecurity.com/Technical/raid2015.pdf
> --
> P Vixie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160215/49bb0f00/attachment.html>

More information about the dns-operations mailing list