SIDN Labs and TU Delft deliver final report for ICANN study
When many of you were enjoying your summer holidays, we at SIDN Labs and our partner Delft University of Technology enjoyed finishing the final report of the project “Statistical Analysis of DNS Abuse in gTLDs” (SADAG). SADAG is the first empirical study to assess the impact of the New gTLD Program on abuse in both legacy and new gTLDs.
Interesting results from the report
An interesting finding of our study is a clear upward trend in the absolute number of phishing and malware domains in new gTLDs while these numbers remain relatively constant in legacy gTLDs. Also, we discovered that new gTLDs have affected the number of domains used for spam in legacy gTLDs: abused domains in new gTLDs do not increase the number of total malicious registrations. Instead we observe a shift from legacy gTLDs to new gTLDs. Our findings suggest that some new gTLDs have increasingly become a target for malicious actors. For example, Spamhouse blacklisted at least 10% of all registered domains in as many as 15 new gTLDs at the last quarter of 2016. See the report for more details.
Assessment of effects of the new gTLD program
We conducted the SADAG study for the Competition, Consumer Choice, and Consumer Trust Review Team. The CCT Review Team was established to review how the New gTLD Program impacts competition, consumer choice and consumer trust. ICANN awarded the research contract to SIDN Labs and TU Delft last year and the project officially started in late 2016. ICANN introduced the New Generic Top-Level Domain Program, which has enabled over 1.200 new gTLDs to enter the domain name system since the first delegations occurred in late 2013. The Review Team will use our results to propose recommendations for prevention and mitigation of domain name abuse.
SADAG used security metrics developed during REMEDI3S-TLD project
We built on the expertise we developed over the previous years during the REMEDI3S-TLD project, which was a joint effort of SIDN Labs and TU Delft as well. During this project we developed the security metrics that we also applied in SADAG.
Results and methodology SADAG study incorporated in new study of SIDN Labs
We are incorporating the methodology and results of the SADAG study and REMEDI3S-TLD project into a new SIDN Labs project called DNS-EMAP (DNS Ecosystem MAPper). The goal of this project is to map the DNS ecosystem within a TLD into a longitudinal and searchable data structure, for instance to identify players with high concentrations of abuse and analyze the relationships of these players with other players. We will for instance use the SADAG methodology and metrics to model the players within a TLD (such as DNS resolvers, Domain names, Registrars, and Web servers) and assign security attributes to them.
ICANN published report SADAG for public comment
ICANN published our report and an announcement for public comment, which is a 40-day period during which the ICANN community has the opportunity to comment on the data, methodology, and results of the report.
Download the report.