“New domains (new gTLD’s) are being registered as phishing sites and for drive-by downloads of malware.”
“Nefarious uses have been very widespread. It’s incumbent upon ICANN to clean up the house for the domains that it currently has before it floods the market with new domains.”
She goes on to say “ICANN hasn’t done enough and should stop issuing new top-level domain names until it thoroughly reviews its security policies.”
“The parade of horrors that we had envisioned are now starting to come to fruition,” she said. “Instead of allowing ICANN to continue to allow these registrations through, it is time for us to be reflective, especially given the security concerns we are having currently.”
For its part ICANN says “to date, ICANN has not seen any indication or evidence that new gTLDs have played a role in any data breaches anywhere, but we would be happy to review any evidence indicating so,” said John Crain, ICANN’s Chief Security, Stability and Resiliency Officer.”
“ICANN has always prioritized the security, stability and resiliency of the Domain Name System,” he said. “The new gTLD program was accompanied by a wide range of new and innovative safeguards, such a comprehensive plan to mitigate the effects of any potential name collisions.”
According to ntldstats.com, only 4,309 or 0.12 “percent of all domains of the over 3.5 new gTLD are listed as engaged in “Fraud”.
However of that number, over 50% of all of these domains are in one extension, .Link and over 20% of that number are in .Red.
We discussed earlier today one real problem with new gTLD’s is Cybersquatting based on the number of UDRP/URS’s filed on the new G’s compared to UDRP’s filed on all other extensions.