Architelos Second NameSentry Namespace Quality Report

The report benchmarks the comparative safety of the Internet and its largest Top Level Domains (TLDs) by measuring by the prevalence of security threats such as malware, phishing, botnets, and spam.

The findings indicate a 67% increase of domain names identified and listed as “abusive” by major blocklists from January to September 2013, and that at least 5.5% of newly registered domain names are being used to perpetrate security threats.

“The increase in abusive use of domains is a challenge for the security and domain industries, and for the general Internet-using population.”

Report Finds Increase of “Abusive Domains” and Potential Lessons for New gTLDs

The findings indicate 67% increase of domain names identified and listed as “abusive” by major security blocklists from January to September 2013.

These respected blocklists are used to protect Internet users by blocking malware, phishing, dangerous spam, and other threats.

The majority of the domains on these blocklists were registered for the purpose of perpetrating abuse, with a small minority consisting of domains that were compromised by bad actors. From January to September of 2013, an estimated 5.5% of newly registered domains were listed. “This underscores prevalent practice of bad actors to use domain names for perpetrating security threats and then quickly moving to new ones,” said John Matson, COO of Architelos. “The increase in abusive use of domains is a challenge for the security and domain industries, and for the general Internet-using population.”

The first NameSentry Report covered January to May 2013, was released in July and pioneered the concept of the Namespace Quality Index (NQI).

NQI measures the relative concentration of abusive domain names in any given namespace, thus providing a comparative measure of safety.

Specifically, the NQI measures the “number of reported abusive domain names/million Domains Under Management (DUM).” Taking a snapshot in May and then again in September, of the 15 TLDs with NQI ratings of “Excellent/Green” in the May, only 6% or four TLDs sustained their ranking by September, while the rest slipped to “Good/Yellow.”

This demonstrates the challenge TLDs face to achieve and maintain an “Excellent/Green” rating. The number of “Good/Yellow” rated TLDs increased from 36 in number in May to 45 total in September and represented 63% or the majority of the 72 TLD studied. The number of “Caution/Orange”-rated TLDs increased slightly in number from 14 in May to 15 total in September; and the number of at “Risk/Red” rated TLDs increased slightly from 7 in May to 8 in September comprising 11% of all measured TLDs.

Starting now and continuing through next year and beyond, more than 1,000 new gTLDs will be added to the Internet root. Architelos’ goal in publishing the NQI data and the resulting analytical findings, is to bring greater transparency to the domain name industry and the Internet in general, regarding the prevalence of security threats such as malware, phishing, botnets and spam which start with a domain name registration and depend on that domain name to perpetrate their harm. “We hope greater transparency will encourage debate and open dialogue to leverage collective wisdom on best practices to combat abuse,” said Alexa Raad, CEO of Architelos.

The NameSentry Namespace Quality Report is available for download at www.architelos.com/namesentry.