SIDN Labs and TU Delft deliver final report for ICANN study

When many of you were enjoying your summer holidays, we at SIDN Labs and our partner Delft University of Technology enjoyed finishing the final report of the project “Statistical Analysis of DNS Abuse in gTLDs” (SADAG). SADAG is the first empirical study to assess the impact of the New gTLD Program on abuse in both legacy and new gTLDs.

Interesting results from the report

An interesting finding of our study is a clear upward trend in the absolute number of phishing and malware domains in new gTLDs while these numbers remain relatively constant in legacy gTLDs. Also, we discovered that new gTLDs have affected the number of domains used for spam in legacy gTLDs: abused domains in new gTLDs do not increase the number of total malicious registrations. Instead we observe a shift from legacy gTLDs to new gTLDs. Our findings suggest that some new gTLDs have increasingly become a target for malicious actors. For example, Spamhouse blacklisted at least 10% of all registered domains in as many as 15 new gTLDs at the last quarter of 2016. See the report for more details.

Assessment of effects of the new gTLD program

We conducted the SADAG study for the Competition, Consumer Choice, and Consumer Trust Review Team. The CCT Review Team was established to review how the New gTLD Program impacts competition, consumer choice and consumer trust. ICANN awarded the research contract to SIDN Labs and TU Delft last year and the project officially started in late 2016. ICANN introduced the New Generic Top-Level Domain Program, which has enabled over 1.200 new gTLDs to enter the domain name system since the first delegations occurred in late 2013. The Review Team will use our results to propose recommendations for prevention and mitigation of domain name abuse.

SADAG used security metrics developed during REMEDI3S-TLD project

We built on the expertise we developed over the previous years during the REMEDI3S-TLD project, which was a joint effort of SIDN Labs and TU Delft as well. During this project we developed the security metrics that we also applied in SADAG.

Results and methodology SADAG study incorporated in new study of SIDN Labs

We are incorporating the methodology and results of the SADAG study and REMEDI3S-TLD project into a new SIDN Labs project called DNS-EMAP (DNS Ecosystem MAPper). The goal of this project is to map the DNS ecosystem within a TLD into a longitudinal and searchable data structure, for instance to identify players with high concentrations of abuse and analyze the relationships of these players with other players. We will for instance use the SADAG methodology and metrics to model the players within a TLD (such as DNS resolvers, Domain names, Registrars, and Web servers) and assign security attributes to them.

ICANN published report SADAG for public comment

ICANN published our report and an announcement for public comment, which is a 40-day period during which the ICANN community has the opportunity to comment on the data, methodology, and results of the report.

Download the report.






Maarten Wullink

Research engineer

+31 26 352 55 00

  • Wednesday 24 July 2019

    Weblog sold for $ 30 million


    Business lessons from the world's most expensive domain name

    Read more
  • Thursday 21 June 2018


    Watch out for unscrupulous firms trying to sell you domain names at inflated prices


    Our advice: don't be rushed into agreeing a sale

    Read more
  • Friday 20 April 2018


    Your brand as a domain name extension? New opportunity planned!


    Application window opens in 2021

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.