Security researcher Brian Krebs has revealed some interesting details in terms of some of the riskiest domains on the Internet. Apparently, websites ending with some of the latest TLDs (top-level domains) such as .men, .work and .click are considered highly risky and spammy.
Of course, this doesn’t mean that there aren’t enough of .com and .net TLDs but compared to their size these newer TLDs are far dicier to visit than most online destinations, the researcher shared.
Why Are Some TLDs Bad?
According to Spamhaus.org:
A TLD may be “bad” in two ways. On one side, the ratio of bad to good domains may be higher than average, indicating that the registry could do a better job of enforcing policies and shunning abusers. However, some TLDs with a high fraction of bad domains may be quite small, and their total number of bad domains could be relatively limited with respect to other, bigger TLDs. Their total “badness” to the Internet is limited by their small total size.
On the other side of this understanding are some large TLDs that may have a large number of bad domains as a result of the size of their domain corpus. Even if their corrective measures are effective, they still constitute a problem on the global scale, Spamhaus said, and they could assign further resources to improve their anti-abuse processes and bring down the overall number of bad domains.
Furthermore, there are more than 1,500 TLDs today but most of them were introduced in the past couple of years. Why did the number grow in recent years? Apparently, the ICANN non-profit organization that is running the domain name space enabled the new TLDs in response to requests from advertisers and domain speculators. This was done in spite of the warnings by cybersecurity experts who alerted that an incursion of new and cheaper TLDs would be useful mainly for spam and scam operators. And indeed it has been useful.
The newer TLDs have become quite popular among scammers simply because domains in many of these TLDs can be purchased for pennies each.
Is there an effective way to block sites from loading when they are served from specific TLDs?
As explained by Brian Krebs himself, it is far from practical to assume you can block all traffic from particular countries. In other words, blacklisting .ru is not going to block all traffic from Russia. It is also highly likely that the .com TLD space and US-based ISPs are bigger sources of the issue, the researcher noted.
In conclusion, most users may not be tricked into clicking on a .party or .men domain served in a spam email. However, these bad domains are in many cases loaded only after the user has clicked on a booby-trapped link that may have not looked suspicious after all, such as .com or .org.