Hasty Briefsbeta

Bilingual

What the I2Coalition Article Misses About DNS Abuse

5 hours ago
  • #Cybersecurity
  • #Domain Registrations
  • #DNS Abuse
  • 10% of all gTLD domains registered in 2025 were identified as malicious, with an estimated 16.8 million gTLD domains likely maliciously registered in the previous year.
  • Security feeds and blocklists, based on observed abuse, are reliable indicators of malicious activity and tend to understate the problem, not overstate it.
  • The study focuses on malicious registrations (domains registered by bad actors), which can be safely suspended by registrars and registry operators, unlike compromised domains.
  • Research shows that 85% to 90% of domains listed for phishing are maliciously registered, highlighting a significant area where industry action is feasible.
  • ICANN's narrow definition of 'DNS abuse' excludes scams and fraud, such as those by FUNNULL, which caused massive financial harm and used human trafficking, yet continues to register domains.
  • Current emphasis on mitigation (e.g., time to takedown) is reactive and insufficient; prevention through risk screening and reducing malicious bulk registrations is crucial to address industrial-scale abuse.
  • Some registrars and registries successfully limit abuse, demonstrating that current abuse levels are not inevitable and depend on industry choices and practices.
  • The domain market's incentives, where registries and registrars profit from malicious registrations without refunds, can encourage repeat sales to bad actors, underscoring the need for policy strengthening.