Suped

What is the most abused TLD (Top-Level Domain) for spam?

8 Marketer opinions4 Expert opinions4 Technical articles4 Resources

Summary

Determining the 'most abused TLD for spam' isn't straightforward. While .com has a high volume of spam due to its widespread use, proportionally, smaller and newer TLDs such as .xyz, .loan, .top, .buzz, .date, and .online are frequently abused because of their low registration costs and less stringent oversight. Some country code TLDs (ccTLDs) like .tk and .ga also exhibit high abuse rates due to lax regulations. The .US TLD is also cited as being heavily abused, especially in B2C communications. TLDs offering WHOIS privacy are potentially attractive to spammers. Overall, the specific TLDs most heavily abused can fluctuate over time based on spammer tactics, and the reputation of a TLD is influenced by spam, phishing, malware and responsiveness to abuse reports.

Key findings

  • .com: High Volume: .com has the highest overall volume of spam domains due to its size and popularity.
  • Newer TLDs: High Proportion: Newer and cheaper TLDs (.xyz, .loan, .top, .buzz, .date, .online) are proportionally more abused due to low cost and easy registration.
  • ccTLDs: Lax Regulation: Country code TLDs (.tk, .ga) with less regulation are prone to spam and phishing.
  • .US: Significant Abuse: The .US TLD exhibits significant abuse, especially in B2C communications.
  • Privacy and Spam: TLDs offering WHOIS privacy features are potentially more attractive to spammers.
  • Dynamic Landscape: The 'most abused' TLD is constantly changing based on spammer tactics.

Key considerations

  • Volume vs. Proportion: Consider both the overall volume of spam and the proportion of abusive domains within a TLD.
  • TLD Reputation: A TLD's reputation depends on more than just spam, including phishing and malware distribution.
  • Source of Information: Be mindful of the source and perspective (e.g., security vendor, registry, user experience) when evaluating claims about TLD abuse.
  • Proactive Monitoring: Regularly monitor email traffic and reputation to detect and mitigate potential abuse from various TLDs.
  • Lack of Definitive Answer: There is no single definitive 'most abused TLD'; it's a complex and evolving issue.

What email marketers say
8Marketer opinions

Several TLDs are identified as being highly abused for spam. While there's no single definitive 'most abused' TLD, common themes emerge. Newer, cheaper TLDs like .xyz, .loan, .top, .buzz, .date, and .online are frequently exploited due to their low cost and easy availability for mass registration. Country code TLDs (.tk, .ga) with lax regulations are also common sources of spam. Additionally, TLDs offering WHOIS privacy may attract spammers seeking to mask their identities. .US is also a TLD which has some evidence of higher abuse.

Key opinions

  • Cost and Availability: Newer and cheaper TLDs are preferred by spammers.
  • Regulation: Country code TLDs with weak regulations are susceptible to abuse.
  • Privacy: TLDs offering WHOIS privacy attract spammers looking to hide their identity.
  • Emerging TLDs: It's important to monitor newer TLDs as they often become targets for spam.
  • .US abuse: .US TLD is indicated to have higher abuse in B2C communications.

Key considerations

  • Source Variability: Different sources may have varying experiences and data regarding TLD abuse.
  • Dynamic Nature: The 'most abused' TLD can change over time as spammers adapt their tactics.
  • Privacy vs. Abuse: While privacy features can be beneficial, they can also be exploited by spammers.
  • Correlation vs. Causation: High spam volume from a TLD doesn't necessarily mean all domains within that TLD are malicious.
  • Proportionality: While .com may have the most spam volume, other TLDs might have a higher percentage of abusive domains.
Marketer view

Email marketer from MXToolbox shares that it is important to watch out for newer TLDs, which are often targeted by spammers due to their availability and low cost.

November 2021 - MXToolbox
Marketer view

Email marketer from Stack Overflow shares that from their experience, they've seen a significant amount of spam and phishing attempts originating from country code TLDs (ccTLDs) that are less regulated, such as .tk or .ga.

September 2022 - Stack Overflow
Marketer view

Email marketer from Quora responds that, anecdotally, they've observed a higher proportion of spam originating from .date and .online domains.

April 2022 - Quora
Marketer view

Email marketer from TechTarget shares that while generic TLDs are popular, less common TLDs like .xyz, .loan, and .top are often heavily abused for spam and malicious activities due to lower registration costs and less stringent oversight.

March 2022 - TechTarget
Marketer view

Email marketer from Reddit explains that he's noticed a lot of spam originating from .xyz domains, and warns people to be cautious of emails coming from that TLD.

November 2024 - Reddit
Marketer view

Email marketer from Email Deliverability Forum responds that .buzz and other newer, cheaper TLDs often have high spam rates because spammers can easily register many domains for a low cost.

August 2024 - Email Deliverability Forum
Marketer view

Email marketer from Email Provider Blog explains that a factor to consider is TLDs with privacy features. This is because Spammers might use TLDs that offer WHOIS privacy to mask their identity.

July 2021 - Email Provider Blog
Marketer view

Marketer from Email Geeks initially mentions the worst most abused TLD and then reveals it to be .us domains, the country level TLD in the U.S.

October 2024 - Email Geeks

What the experts say
4Expert opinions

The most abused TLD for spam is a complex issue. Spamhaus data suggests that .com has the highest raw number of spam domains. However, .US is identified as a highly abused TLD, especially in the B2C sector, according to Spam Resource. Word to the Wise points out that a TLD's reputation is influenced by spam, phishing, malware, and the registry's responsiveness to abuse reports. One expert from Email Geeks also shares his opinion that cold emailers don't value your time very highly, and jokingly suggests booking fake appointments in their Calendly to waste their time; this isn't directly related to the question.

Key opinions

  • .com Dominance: .com TLD has the largest raw number of spam domains.
  • .US Abuse: .US is identified as highly abused, particularly in B2C communications.
  • Reputation Factors: TLD reputation depends on spam, phishing, malware, and registry responsiveness.

Key considerations

  • Data Discrepancy: Different sources present conflicting information on the 'most abused' TLD.
  • Abuse Type: Consider different types of abuse beyond just spam (e.g., phishing, malware).
  • Context Matters: Abuse levels may vary based on factors like industry (B2C) and registry policies.
  • Raw Numbers vs. Percentage: Consider both total spam volume and the percentage of abusive domains within a TLD.
Expert view

Expert from Spam Resource provides data indicating that .US is the most abused TLD, particularly in the B2C universe, based on his analysis and rankings.

November 2022 - Spam Resource
Expert view

Expert from Email Geeks shares his opinion that cold emailers don't value your time very highly. He jokingly suggests booking fake appointments in their Calendly to waste their time.

October 2023 - Email Geeks
Expert view

Expert from Word to the Wise details that the reputation of a TLD is affected by factors beyond just spam, including the number of phishing attempts and malware distribution originating from that TLD, and how responsive the TLD registry is to abuse reports.

November 2021 - Word to the Wise
Expert view

Expert from Email Geeks shares that Spamhaus data generally shows .com as the most abused TLD in terms of raw number of domains.

October 2021 - Email Geeks

What the documentation says
4Technical articles

Multiple sources monitor TLDs for abuse, but none definitively name a single 'most abused' TLD. Spamhaus indicates that while .com has the highest volume of spam due to its size, smaller TLDs may have a higher proportion of spam activity. ICANN actively monitors TLDs and acknowledges that some are more prone to abuse due to factors like pricing and registration policies. SURBL uses blocklists that include domains from TLDs known for high spam, but these lists change. Google Safe Browsing detects malicious content across all TLDs, with varying prevalence based on several factors. The common theme is that TLD abuse is dynamic and depends on various factors.

Key findings

  • .com Volume: .com has the highest volume of spam domains.
  • Proportional Abuse: Smaller TLDs can have a higher proportion of spam activity.
  • Dynamic Nature: TLD abuse is dynamic and changes over time.
  • Multifactorial Abuse: Abuse is affected by pricing, registration policies, and spammer trends.

Key considerations

  • No Definitive List: Major monitoring organizations do not publish a definitive list of most abused TLDs.
  • Evolving Threats: Spammer tactics and preferred TLDs change over time.
  • Relative vs. Absolute: Consider the distinction between total spam volume and the proportion of spam within a TLD.
  • Holistic View: Abuse depends on multiple factors, so focusing solely on the TLD provides a limited view.
Technical article

Documentation from Spamhaus explains that while .com has the highest number of spam domains due to its size, certain smaller TLDs have a much higher percentage of spam activity, making them proportionally more abused.

October 2024 - Spamhaus
Technical article

Documentation from ICANN shares that they actively monitor TLDs for abuse, and while they don't publish a definitive list, they acknowledge that some TLDs are more prone to spam and phishing due to factors like pricing and registration policies.

November 2024 - ICANN
Technical article

Documentation from SURBL explains that they maintain blocklists that often include domains from specific TLDs known for high spam activity, though the specific TLDs can vary over time depending on spammer trends.

May 2023 - SURBL
Technical article

Documentation from Google Safe Browsing shares that they detect malicious content, including spam, across all TLDs, but some TLDs may have a higher prevalence of flagged content due to various factors. They do not publish a specific list.

February 2024 - Google Safe Browsing

Related resources
4Resources

A Peek into Top-Level Domains and Cybercrime
A Peek into Top-Level Domains and Cybercrime

We analyze which top-level domains (TLDs) have the highest rate of malicious domains and why, and suggest strategies for blocking malicious domains.

Unit 42
ScoutDNS Most Abused Top Level Domains List - October 2020 ...
ScoutDNS Most Abused Top Level Domains List - October 2020 ...

About the Report This is a look at aggregate threats sorted by Top Level Domains from across our global user base for October 2020. While reports such as

ScoutDNS
Most risky TLD's - Discussions - NextDNS Help Center
Most risky TLD's - Discussions - NextDNS Help Center

Which TLD's should be blocked as far as Malware and Privacy? I have cn, ru & su so far. I want nothing to do with the Russian Government, the same goes for China.

NextDNS Help Center
A roundup of TLDs that were the prime target of cyber attackers in ...
A roundup of TLDs that were the prime target of cyber attackers in ...

As an unsuspecting internet user, if you come across an email from someone whose email address ends with a ‘.com’ or ‘.org,’ you might not think twice before

DuoCircle

Related questions