[dns-operations] Percentage of new domains that are "bad"?

Rick Wesson rick at support-intelligence.com
Mon Feb 15 19:47:22 UTC 2016


Paul,

Can you define first use? does this mean the first time you saw the domain
used?

-rick


On Mon, Feb 15, 2016 at 10:19 AM, Paul Vixie <paul at redbarn.org> wrote:

>
>
> Rick Wesson wrote:
>
>> I suspect that you have imagined the statistic. I do keep up with daily
>> new and deleted registrations. So many of them are crap, they are not
>> bad, just useless.
>>
>
> that observation may be accurate for the daily differences seen in the
> zone files available through ICANN ZFA. it is demonstrably untrue for newly
> observed domains seen in passive DNS. note, registration and first use are
> different populations.
>
> ...
>> If you had been able to describe the 85% then I might be able to tell
>> you which paper, but without the context of describing the age range and
>> clearly defining "bad" I must only believe that you made the statistic up.
>>
>
> see below.
>
> On Mon, Feb 15, 2016 at 7:19 AM, Allan Liska <allan at allan.org
>> <mailto:allan at allan.org>> wrote:
>>
>>     I thought I read somewhere that 85% of newly registered domains are
>>     "bad" (spam, phishing, delivering malware, etc).  I have been
>>     searching all morning and can't find that statistic, the closest I
>>     have been able to come is the BlueCoat study from last year
>>     (
>> http://www.thedomains.com/2015/09/01/bluecoat-study-top-10-shady-sites-in-new-gtlds-is-severely-flawed-as-unlaunched-zip-is-1/
>> ).
>>     Is anyone familiar with the statistic and where it originated or did
>>     I imagine the whole thing?
>>
>
> i've just put online the paper we submitted to RAID 2015 (Kyoto), which
> was accepted in poster form, so the Proceedings only have the poster form.
>
> https://www.farsightsecurity.com/Technical/raid2015.pdf
>
> --
> P Vixie
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160215/49bb0f00/attachment.html>


More information about the dns-operations mailing list