The Spamhaus Project


Spamhaus Presents: The World's Worst Top Level Domains

by The Spamhaus TeamFebruary 25, 20163 minutes reading time

The Spamhaus Project has added a new list to its Top-10 Worst pages, this time for Top Level Domains (TLDs). This domain data is designed to complement the recent additions to our IP address data announced in a previous news blog.

One must note that this list does not provide the worst TLDs in absolute quantity, other TLDs may have far more abusive domains, but they also have vastly more non-abusive domains. Instead, the list shows the ratio of all domains seen by the systems at Spamhaus versus the domains our systems profile as spamming or being used for botnet or malware abuse. In the last 18-years, Spamhaus has built its data gathering systems to have a view of most of the world's domain traffic. We feel the numbers shown on this list are representative of the actual full totals.

Spam and other types of abuse continue to plague the internet because bad actors find it very cheap and very easy to obtain thousands of domain names from the Top Level Domain registries and their resellers, the registrars. A few registrars knowingly sell high volumes of domains to professional spammers for profit, or do not do enough to stop or limit spammers' access to this endless supply of domains. These registrars end up basing their entire business model on network abuse.

Unsurprisingly, most of the TLDs listed on this page are the "new gTLDs" recently introduced by ICANN; this is largely the result of a combination of factors:

  • no body of legacy good reputation from old customers with legitimate domains long since registered
  • anti-abuse mechanisms freshly deployed and still not up to the task
  • promotional sales offering domains for very cheap prices, or even free, attracting bulk registrations of throw-away resources

In fact, we have observed it is usually quite easy to see which registrar/TLD combination is being promoted and sold cheapest that day by just looking at the bulk registrations created by known bad actors. Abuse of this type also ends up damaging the reputation of any legitimate users who have purchased domains on some of the affected TLDs, as the trust in resources hosted on these new TLDs ends up decreasing over time.

Nearly all TLD registries (including the Country-Code TLDs - "ccTLDs") claim to be against abuse of the resources they provide. However, some seem to only consider the revenue made by selling as many domains as possible as factors in their corporate policy decisions. The abuse of these domains matters not to their calculations. Some TLD registries also claim it is not up to them, but to their resellers (the registrars) to deal with any misuse, but if these registrars also do nothing nor are forced to do anything, the problems remain.

A good number of the TLDs succeed in keeping spammers off their domains and work to maintain a positive reputation; this shows that, if they wished to, any TLD registry can 'keep clean'.

For the purpose of seeing "who is doing well" in this regard, we plan to provide a view of the abuse trends we observe over time, integrating the snapshot provided by the statistics currently published with an historical view that should be able to show which TLDs are getting better at managing their resource space. We will also soon be publishing a Top-10 Worst registrar list, so keep an eye out for those.

Our hope is that this data can help the "Good" Powers That Be (starting with ICANN and its stakeholders) to better focus their attention on network abuse issues, aiming for a better tomorrow for our Internet.

Further reading (2018):


Help and recommended content

See below for helpful articles and recommended content