On 03/05/2021 17:37, Evan Leibovitch wrote:
On Fri, 30 Apr 2021 at 02:59, John McCormac via CPWG <cpwg@icann.org <mailto:cpwg@icann.org>> wrote: Hi John,
The problem, in terms of phishing, is probably worse in the new gTLDs were low registration fees make this kind of activity more economically feasible. There was a survey (SIDN related) cited in the CCT report that mentioned that a lot of problematic content shifted from the legacy gTLDs to the new gTLDs.
It appears to me that this issue can probably be traced back to a fairly small number of new gTLDs whose business models stress high volume and domain prices low enough to be disposable. It strikes me that many of the new gTLDs are not cheaper than the legacy ones and are making at least a superficial stab at identity and taxonomy.
Is there benefit in your research in isolating the disposable-domain TLDs from the others? Or do all of them -- even the ones who are promoting themselves based on identity -- have this problem?
It was an economic shift, Evan, The problem domain names seem to rely on either stolen payment details or other methods of payment. The heavily discounted registration fees made some forms abuse economically more viable. The spreadsheet for the December new gTLDs Web Usage survey is available. I only posted the CNOBI results to the list. In terms of phishing, it might be easier to run a simple keyword search on the zone files for domain names not using the "official" nameservers for a brand and group them by gTLD. Some of the more obvious phishing domain names have a brand name and the word "account" or similar as part of the domain to make it seem like the recipient has to validate their account. From just a brief glance, it seems to be the discounted gTLDs that have more obvious examples of the problem. At the moment, I'm running a full gTLD (legacy and new) website/IP address survey and some of these phishing domain names are apparent. The higher priced new gTLDs tend to be relatively clean as the higher regfee acts as a deterrent to the more opportunistic phisher. One thing is clear. Heavy discounting on a gTLD with some development results in a collapse in the rate of development in that gTLD and locks the registry into a dependence on discounting as a business model. Some of the gTLDs that had used discounting have shifted towards increased renewal fees to maintain volume. The .ICU gTLD was one of the major discounters and it went from about 6 million registrations in early 2020 to around 600K at present. As a business model, as long as the basic fees and costs are covered, the registry can make money. The renewal rate on most of these discounted registrations is typically below 10%. The first renewal rate for some of the legacy gTLDs is over 50% and ccTLDs often break 70%. The SIDN report covered all gTLDs but noted the shift from the legacy gTLDs. Discounted gTLDs have very different registration and usage patterns to the mature gTLDs. The registration spikes tend to last for a few months before falling back to a steadier pattern and there is often a geographical nature to the spikes. It would be possible to run the stats on this but it would take some time. There is a monthly Quick Delta report that compares the zone files with the zone files from a year ago to check what domain names are still present. Some gTLDs have between 60% and 80% zone replacement (domain names from previous year not in current zone). Regards...jmcc -- ********************************************************** John McCormac * e-mail: jmcc@hosterstats.com MC2 * web: http://www.hosterstats.com/ 22 Viewmount * Domain Registrations Statistics Waterford * Domnomics - the business of domain names Ireland * https://amzn.to/2OPtEIO IE * Skype: hosterstats.com ********************************************************** -- This email has been checked for viruses by AVG. https://www.avg.com