Top Level Domain (TLD) registries which allow registrars to sell high
volumes of domains to professional spammers and malware operators in
essence aid and abet the plague of abuse on the Internet.
Some registrars and resellers knowingly sell high volumes of domains
to these actors for profit, and many registries do not do enough to stop
or limit this endless supply of domains.
A TLD may be "bad" in two ways. On one side, the ratio of bad
to good domains may be higher than average, indicating that the
registry could do a better job of enforcing policies and shunning abusers.
However, some TLDs with a high fraction of bad domains may be quite
small, and their total number of bad domains could be relatively
limited with respect to other, bigger TLDs.
Their total "badness" to the Internet is limited by their small total size.
The other side is that some large TLDs may have a large number of bad
domains as a result of the sheer size of their domain corpus. Even if
their corrective measures are effective, they still constitute a problem
on the global scale, and they could assign further resources to improve
their anti-abuse processes and bring down the overall number of bad domains.
In defining a "badness" index, we decided to weight in both these factors.
With a certain amount of arbitrariness—and at the same time a desire to
avoid excessive complications—we defined badness as:
Db is the number of bad domains detected
Dt is the number of active domains observed
You can think of this number as the bad domains fraction weighted with the
TLD's size, or as the order of magnitude of the problem weighted with the
effectiveness of anti-abuse policies.
Presented this way, this data more closely matches the perceptions Spamhaus
staff has in dealing with this issue in a daily production basis. We
hope that this definition helps to spotlight registries that in one way or
another can be considered problematic, in a fair way.
These data represent domains seen by Spamhaus systems, and not a TLD's total
domain corpus. Domains in this data are in active use, showing up in mail
feeds and related DNS traffic. Other domains may be parked or used for
traffic outside of our systems' focus, and those domains are not included
in this summary.
The registries listed on this page provide spammers and other miscreants
with a service they need in order to survive. Many, even most, TLDs
succeed, by and large, in keeping abusers off their systems and work to
maintain a positive reputation. That success shows that these ten worst
could, if they tried, "keep clean" by turning spammers and other abusers away.
Source: Spamhaus (DBL) database. Data is compiled automatically from the DBL database using the percentage of DBL listed domains for each TLD.
The 10 Most Abused Top Level Domains
As of 28 February 2017the TLDs with the worst reputations for spam operations are:
Badness Index: 10.07
Domains seen: 58,479
Bad domains: 54,025 (92.4%)
Badness Index: 8.70
Domains seen: 20,506
Bad domains: 18,180 (88.7%)
Badness Index: 8.38
Domains seen: 32,769
Bad domains: 26,908 (82.1%)
Badness Index: 8.34
Domains seen: 61,668
Bad domains: 47,739 (77.4%)
Badness Index: 7.78
Domains seen: 650,558
Bad domains: 393,016 (60.4%)