Air-Gap

Scammy Top level Domains, what to do about them

Home »  Security »  Scammy Top level Domains, what to do about them

Scammy Top level Domains, what to do about them

On January 14, 2019, Posted by , In Security, By ,,, , With No Comments

Top level domains use to be straightforward, almost all sites were ‘.com’, ‘org’, ‘.net’, ‘edu’, ‘gov’ followed by a 2 letter country code like AU or NZ. This gave the reader a fair idea of the type of organisation running the website and the country of its target audience.

In 2011 ICANN (the organisation responsible for managing domain naming on a global scale) slowly phased in additional ‘generic top level domains’ (gTLDs) such as ‘.biz’ and started to allow organisations to create their own if they have a spare US$185,000.

Predictability and for the most part these new domain extensions have been heavily abused for spam, malware and phishing due to their dirt cheap cost and lack of regulatory oversight from who they were issued by. Symantec have been tracking this issue in their ongoing blog ‘Top Shady Top-Level Domains‘. Alarmingly they have found some TLD’s such as ‘.country’ have reported abuse rates of 99.96% of all sites using that extension! Similarly Spamhaus (who track spam) report that TLD’s like ‘.loan’ are at a 91.1% risk of sending spam.

One of the biggest risks of the new domain extensions is it greatly increasing the risk of phishing due to the infinitely more combinations an attacker can make, for example ‘air-.gap’ or ‘westpac.melbourne’ which are valid domains but not linked to their respective owners. Traditionally high-profile brands would buy common combinations to reduce the risk of attackers using similar URL’s to trick their users, at the time of posting there are well over 1200 gTLDs making this tactic impossible.

While ICANN insists part of the expensive evaluation fee is is for a panel of independent experts to  to review each name and registrar, it’s hard to come to any other conclusion that the new gTLD’s are nothing but a quick cash grab at our expense. Evidence of this are TLD’s such as a ‘.sucks’ being set up and sold by the private registrar purely to extort high profile companies and individuals out of thousands of dollars a year to protect their trademarks. A responsible managing body like ICANN should have shut this down as soon as it became apparent that the operators intentions were sinister.

What can we do about it?

From an organisational point of view, consider starting to aggressively block the worst of the new generic top level domains. Realistically the vast majority of them serve no legitimate purpose with exception to a few setup for novelty purposes.

Here is a short list of the worse offending TLD’s which can be safely blocked on your spam and web filters.
List: gtld_short.txt

-If you are considering buying a new domain, don’t fall into the trap of buying one of the new generic domain names. While they can sound cool for 10 minutes, the vast majority users may starting questioning the sites trustworthiness. It may be a little old fashioned but a ‘.com.au’ domain carries allot of credibility.

These two actions combined will hopefully pressure ICANN and it’s directly related bodies to draw up smarter more accountable policies less prone to systematic abuse.

What are your thoughts on the new Domain Names? Leave a comment below

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *