"Statistical Analysis of DNS Abuse in gTLDs" Report Available for Public Comment
In addition to the U.N. six languages, this content is also available in
LOS ANGELES – 9 August 2017 – ICANN today announced the publication of the report, "Statistical Analysis of DNS Abuse in gTLDs" [PDF, 2.23 MB]. The study was requested by the Competition, Consumer Trust and Consumer Choice Review Team (CCTRT). In defining the parameters of the study, the CCTRT sought to measure rates of common forms of abusive activities in the domain name system, such as spam, phishing, and malware distribution. The study aims to compare rates of these activities between new and legacy gTLDs, as well as employs inferential statistical analysis to measure the effects of DNSSEC, domain parking, and registration restrictions on abuse rates using historical data covering the first three full years of the New gTLD Program (2014 – 2016).
ICANN commissioned the study on behalf of the CCTRT in order to inform the review team's work. It was conducted by researchers from SIDN and the Delft University of Technology.
The report is available for public comment through 19 September 2017. The CCTRT will review public comments on the study's findings and incorporate them into their final report as they deem appropriate.
- The amount of "compromised" (i.e. "hacked") domains appear higher in legacy gTLDs
- The amount of "maliciously registered" (i.e. domains registered for malicious purposes) appear higher in new gTLDs
- Registration restrictions appear to have an impact on reduced abuse rates
- Abuse counts—or absolute number of abused domains—show relatively constant and higher levels of abuse in legacy gTLDs and an upward trend of abuse in new gTLDs
- With some exceptions and spikes, rates of phishing and malware domains in new gTLDs, which are based on an "abused domains per 10,000" ratio, tend to be lower than in legacy gTLDs. Phishing and malware trends in new and legacy gTLDs appear to be converging to similar levels by the end of 2016
- Privacy and proxy service-associated domains do not appear to correlate with abnormally high levels of abuse