It came as no surprise when I saw the latest figures from Netcraft recently that the amount of phishing attacks had increased during July. The simple reason for the spike has nothing to do with us letting our guard drop, but caused by the general availability of the latest "free" domain name suffix, notably, the Malian .ml top level domain. Whilst I can see the reason why registries are offering their products free of charge, they also have to take some responsibility in ensuring that registrations are being made in good faith, and not simply by individuals who hide behind fake identities and are simply trying another route to reach our inboxes with their tales of vast fortunes sitting in overseas bank accounts. We saw a similar surge in bad faith registrations when .pw opened its registration door earlier in the year, replacing .tk as the most popular TLD for phishing attempts.
According to Netcraft’s report (), nearly 6% of all .ml domains have been flagged as hosting phishing websites. To put the effect of the free domains into context, in second place, .bt (Bhutan) has less than 1% of total websites blocked for phishing.
Whilst free domain names have been an issue for abuse before, others have put conditions in place to mitigate the risk. The .tk TLD used to be problematic but the implementation of an anti-abuse API allows registrars to quickly and easily shut down websites that have illegal content; meaning the bad actors have moved onto pastures new.
Potentially, the new gTLD program will soon get underway and then the number of domains registered by bad actors is set to soar. Fortunately, new registries and registrars will be forced to implement new registration criteria to solve the issue of websites being set up by nameless, faceless individuals with the intent to damage reputations, revenues and customers of real brand owners. Domain name companies will be required to verify the identity of the registrant of every single domain before the domain is activated. For regular registrants this won't be an issue, but for those who are hoping to take advantage of brand owners it will add an obstacle in their way. Whilst it won't stop these attacks being launched, it will make it harder for bad actors to register domain names that infringe on trademarks and that can only be good news for brand owners.
Written by Stuart Fuller, Director of Commercial Operations and Communications, NetNames