Google recently chose to use abc.xyz as its registered domain name for its new holding company, ‘Alphabet’. Apparently it did so due to the limited choice of traditional domain names, with abc.net and abc.com already off limits, with one registered by the eponymous American broadcaster, the other by a domain registrar looking to make a tidy return on an early registration.
For over a decade, we survived with just a dozen gTLDs (global top level domain names) e.g. .com / .net / .org. Then in mid-2012, ICANN proposed an initial list of 1930 new gTLDs that it planned to create. A number were dropped along the way, but to date over 700 new and occasionally wacky gTLDs have been born, including .pizza, .porn and .sucks to name but a choice few.
ICANN’s rationale behind the new tack was that it needed to offer companies increased flexibility and control over their online presence to align with their corporate image. Whilst there seems to be endless content and no boundaries to the Internet, it is fair to say that companies have started to face problems with the availability of both IPv4 address space and catchy ‘dot coms’.
However, whilst the use of the abc.xyz domain drew positive reviews from the marketing fraternity, and had some IT news hacks predicting the end of traditional domain suffices, it also provoked consternation from IT security professionals. Since the birth of these new gTLDs, a pattern has emerged of abusive domain name registration and email phishing / spam attacks from gTLDs such as .xyz, and .link, this is due in part to their lower registration cost and readily disposable nature compared to traditional domains.
According to the APWG report for H2 2014, in the six months to December 2014, a fifth of all new gTLD domains were used for phishing. However, of those, two-thirds were in the .xyz domain space, where significantly, 82% of all domains registered were used for malicious traffic. This trend has continued in 2015 with service providers reporting increasing levels of spam and phishing attacks* sourced from .xyz domains.
In the battle to protect clients on our platform, the security team at Options reviewed our mail relay platform statistics and decided it was a straightforward choice to blacklist inbound email from .xyz domains.
Google’s decision to operate in this space may trigger the need to whitelist specific domains, but will we reverse our decision? Unlikely.
John Bryant, Options CTO
*For those interested, we recently covered phishing and the increasingly problematic spear phishing in greater detail here.
Image credit: Tim Moreillon under CC license.