<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/xhtml; charset=utf-8">
</head>
<body>
<div style="font-family:sans-serif"><div style="white-space:normal">
<p dir="auto">A couple of years ago, Spamhaus published a list of top 10 most abused tlds [1]</p>
<p dir="auto">We (uniregistry) immediately contacted them to find about more about the methodology used, and we discovered that the way they were quantifying the TLDs was by looking at the correlation of <em>spam</em> vs <em>good</em> in the total number of emails seen.</p>
<p dir="auto">A lot of new registrations are done either defensively (to protect a name/brand), by domainers trying to flip them at a premium price, by abusers who want to use them in majority for one-time email campaigns, and also by legitimate users registering good names for their own personal use, and for their companies. The ratio of spam vs good is difficult to measure simply because there isn’t a lot of adoption of email using new TLDs, they are either in the process of transitioning their email addresses, or simply using them for marketing campaigns and continue to use COM/NET/ORG for their corporate email addresses.</p>
<p dir="auto">It amazes me how the blog article makes assertions that it later softens by explaining that the numbers are based on the total number of malicious (or thought malicious) seen in <em>their database</em> vs the <em>total</em> in their DB. It does <em>not</em> take into account the total size of the population, thus the numbers pose no significant surprise, because if its an <em>abuse database</em>, so what do you expect to find?</p>
<p dir="auto">One thing that would have to be done in order to make a neutral assessment on <em>abused tlds</em>, would have to be to produce a <em>baseline</em> of what a good tld is. This should give us a scientific approach to analyzing the problem and not just something based on human perception.</p>
<p dir="auto">I also don’t believe abuse is related to who the backend operator is and whether their employees attend dns-oarc or not. The <strong>main</strong> factor associated with abuse has to do with registrars not screening their customers properly. Those registrars who spend the extra dime on checking the customer’s reputation tend to have a far less abuse numbers than those who do not.</p>
<p dir="auto">The deep discounts that the registries provide was a <em>business</em> strategy aimed to obtain TLD awareness, but the ecosystem is not just the registries, it is a combination of factors that if not balanced properly it causes disruption.</p>
<p dir="auto">We have stopped giving deep discounts to registrars based on this strategy, and have effectively raised the prices on <strong>all</strong> of the TLDs managed by us, and the effects are starting to show positive results in terms of a new registration being used for abuse, but we continue to monitor and work with our registrar customers to improve the security screenings needed to ensure abuse numbers are kept low.</p>
<p dir="auto">There is a third factor, that whether we like it or not, <em>exists</em>, and it is related to the marketing campaigns that exists have towards new TLDs, so every report that comes out there needs to be read very carefully to separate the facts from speculation.</p>
<p dir="auto">Best regards,</p>
<p dir="auto">[1] <a href="https://www.spamhaus.org/statistics/tlds/" style="color:#3983C4">https://www.spamhaus.org/statistics/tlds/</a></p>
<p dir="auto">On 7 Dec 2017, at 14:39, Paul Vixie wrote:</p>
</div>
<div style="white-space:normal"><blockquote style="border-left:2px solid #777; color:#777; margin:0 0 5px; padding-left:5px"><p dir="auto">...that spammers just didn't have enough choices.<br>
<br>
<a href="https://www.symantec.com/connect/blogs/men-black-and-gray" style="color:#777">https://www.symantec.com/connect/blogs/men-black-and-gray</a><br>
<br>
i have occasionally criticized ICANN, which is a 501(c)(3) public charity, for acting too often in the interests of their commercial constituency, and not asking often enough, "what are the public's interests here?"<br>
<br>
now symantec has actually quantified that.<br>
<br>
you know who you are, probably.<br>
<br>
-- <br>
P Vixie<br>
<br>
_______________________________________________<br>
dns-operations mailing list<br>
dns-operations@lists.dns-oarc.net<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" style="color:#777">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a><br>
dns-operations mailing list<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations" style="color:#777">https://lists.dns-oarc.net/mailman/listinfo/dns-operations</a></p>
</blockquote></div>
<div style="white-space:normal">
</div>
</div>
</body>
</html>