As mentioned on a working group call covering DNS and Content abuse measurements, these are the December 2020 survey results for 150K sample surveys for .COM/NET/ORG/BIZ/INFO. The categories are the HosterStats.com categories for web usage measurement and some of the methodology is discussed in the Domnomics book. There is a also spreadsheet of the survey (statistical 150K surveys for the larger (>1M) new gTLDs and complete gTLD surveys for the smaller gTLDs) results for the new gTLDs. The main problem with the discussions on DNS Abuse is that there is no solid definition, yet, of what consititutes DNS Abuse. The registries and registrars have a clear understanding of dealing with DNS Abuse and some Content Abuse as it applies to their customers. There also seems to be a push to include some forms of intellectual property (infringement) abuse as DNS Abuse. While the IP community has a valid point about this form of abuse, it has an inherent problem. Is the domain name the problem or the content on the website under the domain name the problem? The domain name problem is often addressed by taking a UDRP action and that takes time. The legal path with content is less clear. The problem, in terms of phishing, is probably worse in the new gTLDs were low registration fees make this kind of activity more economically feasible. There was a survey (SIDN related) cited in the CCT report that mentioned that a lot of problematic content shifted from the legacy gTLDs to the new gTLDs. .COM Zone Coverage 100.00% No Site 16,754 11.17% No Response 13,002 8.67% Active/unclassified 15,587 10.39% Brand protection 261 0.17% Clone site 216 0.14% In-page Redirect 895 0.60% External TLD Redirect 1,299 0.87% Not Found/Forbidden 7,745 5.16% Holding Page 13,801 9.20% Internal Redirect 5,504 3.67% No Content 923 0.62% Affiliate Lander 2,480 1.65% Matched External TLD Redirect 768 0.51% Duplicate Content (2) 142 0.09% Duplicate Content (>2) 285 0.19% PPC Parked 25,860 17.24% Questionable Content 4 0.00% Redirect 6,238 4.16% Sales 11,786 7.86% HTTPS Redirect 19,933 13.29% Unavailable 883 0.59% Video Affiliate Lander 375 0.25% Adult Affiliate Lander 307 0.20% Compromised 36 0.02% Social Media 103 0.07% In-zone Redirect 4,813 3.21% 150,000 .NET Zone Coverage 100.00% No Site 25,010 16.67% No Response 14,189 9.46% Active/unclassified 14,085 9.39% Brand protection 1,877 1.25% Clone site 217 0.14% In-page Redirect 997 0.66% External TLD Redirect 5,904 3.94% Not Found/Forbidden 6,570 4.38% Holding Page 16,789 11.19% Internal Redirect 4,286 2.86% No Content 1,447 0.96% Affiliate Lander 1,105 0.74% Matched External TLD Redirect 3,655 2.44% Duplicate Content (2) 146 0.10% Duplicate Content (>2) 208 0.14% PPC Parked 29,441 19.63% Questionable Content 3 0.00% Redirect 3,807 2.54% Sales 5,107 3.40% HTTPS Redirect 12,849 8.57% Unavailable 895 0.60% Video Affiliate Lander 62 0.04% Adult Affiliate Lander 223 0.15% Compromised 175 0.12% Social Media 1 0.00% In-zone Redirect 952 0.63% 150,000 .ORG Zone Coverage 100.00% No Site 18,403 12.27% No Response 14,376 9.58% Active/unclassified 13,439 8.96% Brand protection 1,384 0.92% Clone site 196 0.13% In-page Redirect 969 0.65% External TLD Redirect 5,011 3.34% Not Found/Forbidden 6,371 4.25% Holding Page 16,039 10.69% Internal Redirect 5,718 3.81% No Content 587 0.39% Affiliate Lander 381 0.25% Matched External TLD Redirect 2,741 1.83% Duplicate Content (2) 92 0.06% Duplicate Content (>2) 64 0.04% PPC Parked 30,936 20.62% Questionable Content 3 0.00% Redirect 6,436 4.29% Sales 4,817 3.21% HTTPS Redirect 18,109 12.07% Unavailable 687 0.46% Video Affiliate Lander 16 0.01% Adult Affiliate Lander 15 0.01% Compromised 323 0.22% Social Media 0 0.00% In-zone Redirect 2,887 1.92% 150,000 .BIZ Zone Coverage 100.00% No Site 26,505 17.67% No Response 15,239 10.16% Active/unclassified 10,395 6.93% Brand protection 2,056 1.37% Clone site 195 0.13% In-page Redirect 702 0.47% External TLD Redirect 8,904 5.94% Not Found/Forbidden 6,455 4.30% Holding Page 20,088 13.39% Internal Redirect 3,536 2.36% No Content 782 0.52% Affiliate Lander 242 0.16% Matched External TLD Redirect 5,666 3.78% Duplicate Content (2) 208 0.14% Duplicate Content (>2) 96 0.06% PPC Parked 30,473 20.32% Questionable Content 8 0.01% Redirect 3,500 2.33% Sales 3,345 2.23% HTTPS Redirect 10,013 6.68% Unavailable 697 0.46% Video Affiliate Lander 1 0.00% Adult Affiliate Lander 11 0.01% Compromised 29 0.02% Social Media 6 0.00% In-zone Redirect 848 0.57% 150,000 .INFO Zone Coverage 100.00% No Site 21,543 14.36% No Response 16,552 11.03% Active/unclassified 8,734 5.82% Brand protection 1,529 1.02% Clone site 192 0.13% In-page Redirect 510 0.34% External TLD Redirect 9,342 6.23% Not Found/Forbidden 6,513 4.34% Holding Page 15,195 10.13% Internal Redirect 3,772 2.51% No Content 949 0.63% Affiliate Lander 392 0.26% Matched External TLD Redirect 5,007 3.34% Duplicate Content (2) 130 0.09% Duplicate Content (>2) 60 0.04% PPC Parked 41,059 27.37% Questionable Content 2 0.00% Redirect 3,742 2.49% Sales 3,245 2.16% HTTPS Redirect 9,552 6.37% Unavailable 610 0.41% Video Affiliate Lander 9 0.01% Adult Affiliate Lander 80 0.05% Compromised 635 0.42% Social Media 4 0.00% In-zone Redirect 642 0.43% 150,000 There has been a shift towards HTTPS in the last ten years. A website may have an IP address in the DNS but that does not necessarily mean that a webserver is running on the IP. The registries and registars definition of DNS Abuse is quite conservative. Taken in terms of what can be solved by registries and registrars, it is logical. The problem is that due to the declining market share of the gTLDs, the "kill chain" for dealing with a problem domain name or website is not as well defined as it was once. There is a new element: the reseller. Approximately 25% of the gTLD market (based on the monthly HosterStats gTLD transactions reports) consists of resellers with the ICANN accredited registrars accounting for the rest of the market. These resellers register their domain names in the usual way through the ICANN registrars but it is not financially viable for them to become accredited ICANN registrars. They are often accredited ccTLD registrars in their own country level markets. Blurring the line between DNS Abuse and Content Abuse would make dealing with the problem domain name/website a bit more complicated because DNS Abuse seems relatively clearly defined but there are multiple definitions of Content Abuse. There is also the issue of Reporting versus Detection. Most phishing sites are reported rather than detected. That means that what is reported is often the tip of the iceberg. With Content Abuse, ICANN does not have the expertise or resources to deal with the issue and that's even before there is any clear definition of "Content Abuse". (Is it Intellectual Property infringment, phishing, pharming or compromise?) In terms of Content Abuse, the numbers of defaced websites has dropped over the last ten years or so and many compromised sites are more likely to have link injection compromises. This is due mainly to old and unmaintained plugins for CMSes like Wordpress and Joomla. Web Usage is no longer a simple active website versus no website. It is quite a complex thing to measure and it changes. In defining DNS Abuse, there should be an awareness that the format of DNS Abuse will also change. Regards...jmcc -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com ********************************************************** -- This email has been checked for viruses by AVG. https://www.avg.com