What the I2Coalition Article Misses About DNS Abuse
5 hours ago
- #Cybersecurity
- #Domain Registrations
- #DNS Abuse
- 10% of all gTLD domains registered in 2025 were identified as malicious, with an estimated 16.8 million gTLD domains likely maliciously registered in the previous year.
- Security feeds and blocklists, based on observed abuse, are reliable indicators of malicious activity and tend to understate the problem, not overstate it.
- The study focuses on malicious registrations (domains registered by bad actors), which can be safely suspended by registrars and registry operators, unlike compromised domains.
- Research shows that 85% to 90% of domains listed for phishing are maliciously registered, highlighting a significant area where industry action is feasible.
- ICANN's narrow definition of 'DNS abuse' excludes scams and fraud, such as those by FUNNULL, which caused massive financial harm and used human trafficking, yet continues to register domains.
- Current emphasis on mitigation (e.g., time to takedown) is reactive and insufficient; prevention through risk screening and reducing malicious bulk registrations is crucial to address industrial-scale abuse.
- Some registrars and registries successfully limit abuse, demonstrating that current abuse levels are not inevitable and depend on industry choices and practices.
- The domain market's incentives, where registries and registrars profit from malicious registrations without refunds, can encourage repeat sales to bad actors, underscoring the need for policy strengthening.