Monitor phishing within your top-level domains
While some registries still perceive phishing as a content issue for hosting companies and registrars, detailed knowledge of phishing activity within their Top Level Domain(s) is very beneficial for registries. It is a key data source for identifying problematic, negligent, or fraud-friendly registrars, and an essential tool for maintaining the reputation of a TLD.
It is common for hosting companies and domain registrars to unknowingly allow their infrastructure to be used for phishing. Even seemingly respectable companies may develop a reputation as a haven for fraud though some systematic deficiency in their working practices, such as a low level of resourcing for abuse related workflow (particularly outside core working hours and during weekends), or inexperienced or less capable staff being unable to recognise and act on fraudulent content.
Conversely, some criminal registrars and hosting companies specialise in hosting fraudulent content, and even go so far as to advertise their services as “bullet-proof”. Bullet-proof hosting companies are typically based in jurisdictions where laws may be hard to apply, and being in an informed position to decline further business from these registrars may greatly aid operational efficiency.
Professionally validated feed, relied upon throughout the Industry
Netcraft’s continuously updated, professionally validated malicious site feeds are used throughout the internet Infrastructure industry. In addition to internet registries, all of the main web browsers, along with major anti-virus companies, firewall vendors, SSL Certificate authorities, large hosting companies and domain registrars use Netcraft’s feeds to protect their user communities. Since Netcraft first launched its anti-phishing system in 2005, over 77 million unique phishing sites have been detected and blocked [April 2020] .
Reporting and Analysis
Reports can be refreshed hourly, and also trended over time periods of many months, with analysis by registrar, hosting company, name server, country or phishing target.
When Netcraft validates a phishing report in your TLD, you can receive an alert and can also arrange for alerts to be passed through to registrars. Acting on these individual alerts will demonstrate that your top-level domains are not welcoming to fraud. Fraudsters adjust to these signals within a short period of time, and are themselves quite efficient at moving their operations away from parts of the DNS where they are clearly unwelcome.
Case Study - Nominet .uk
Nominet is the registry responsible for managing the .uk domain, which is one of the largest ccTLDs with over 10 million domains registered as of March 2012. Netcraft has provided Nominet with information on phishing using .uk domains since 2009, with alerts made available to individual registrars via an opt-in service.