You've experienced it yourself no doubt, spam email. Anyone with a modern day internet connection has had to deal with a relentless amount of email spam. This is a daily issue.
With the recent introduction of new top level domains (TLDs) the past few years, inboxes have been cluttered with even more of it. A large amount of the spam I get these days is from new TLDs.
While I've taken steps to mitigate and filter as much new TLD email spam as I can, I've wondered what do companies do to prevent spam from new TLDs? The answer… BLOCK all or ENTIRE new domain name extensions.
Being in contact with several IT (information technology) managers, System Administrators, and Network Administrators this is starting to become more common. Why? Simply because the sheer amount of spam from new domains is overwhelming.
SpamHaus, a non-profit organization that works to prevent spam, publishes a list of the “Top 10 Most Abused Top Level Domains.” All domain extensions on the list are new TLDs. This list can shift each week what TLDs are on there but new domains are ALWAYS on the SpamHaus's most abused list. There has never been .COM, .NET, .ORG, or ccTLDs on the SpamHaus list only new TLDs.
Here is an interview with an IT manager for a medium sized construction company. We talk about the issues that new domains were causing and how he decided to handle it.
Editor's Note – I have used a pseudonym for this interview.
Blocked New Domains – Interview with IT Manager
Adam – Can you tell readers what your company does? What is your position and role at your company?
Tony – We're a construction company. I'm the IT (Information Technology) Manager. Everything in my company IT related, I'm responsible for.
Adam – Regarding spam emails as the IT Manager/System Administrator you've decided to block all new generic top level domains (gTLD). What was the reasoning behind that decision?
Tony – The reasoning behind the decision was we had gotten non stop email spams with virus', spyware, and ransomware from these domains, without a single legitimate email coming from those TLD's.
Adam – So you were receiving tons of spam from new domain extensions?
Tony – Yep 🙂
Adam – Lol, obviously. Has blacklisting all of new gTLDs positively or negatively affected business?
Tony – Positively. To date, we've had no false positives.
Adam – You said your bosses and owners supported the decision to blacklist all new domain extensions, why was that?
Tony – When I went to them with this problem, I also had this solution, explained my reasoning, and asked them their input. I then sent an all staff email to everyone and asked if anyone had interactions with anyone with those TLD's. No one did, so I blocked them.
Adam – Have any customers tried to email you or the company using an email address on a new gTLD?
Tony – No. All customers have older TLD's like .com, .net, .info, etc. Those customers are also put on a whitelist that bypasses certain spam filters, but not all. They are still put through spam filters that look for harmful attachments, links, etc.
Adam – Makes sense. You blocked ALL 1000 + new TLDs?
Tony – Yes, and it was as time consuming as you can imagine. 🙂
Adam – Yes, I'm sure it was. 🙂 Did you use wildcard DNS to stop all the incoming email on new domains?
Tony – Not yet. Looked into it, but need to know potential unintended consequences, but looking into it.
Adam – Would you recommend other company IT Managers and System Administrators also block new gTLDs? Any tips for implenting filters on new domain extensions?
Tony – If it's appropriate for their environment, absolutely. What I would suggest though before embarking on it, is really take the time to figure out if it's right for you. For some people, this is a no brainer, for others, it can cause issues. I'm a big fan of keeping my attack area as little as possible to avoid potentially devastating infections and attacks.
Adam – A silly question, because I know now IT Manager or System Admin would do this, but would you ever consider blocking generic domain extensions ie .COM, .NET, and .ORG? 🙂
Tony – I don't think I'd consider blocking a generic one, as we've got too many people we deal with with those TLD's. Although, I have an attorney friend who only deals with the court system, so he has a pure whitelist on his mail server. If you're not on the list, you don't get to come in. His system bounces emails back to the sender with his cell number to call in case of false positives. He absolutely swears by it, because he never gets spam, and only gets a very rare email from someone if they've been infected with a spam virus or some such nonsense.
Adam – Yes, I have heard of lawyers and other companies doing that. Not a bad idea.
What are your personal thoughts about new gTLDs? Would you buy any for a personal, business, or development project?
Tony – Personally, I wouldn't buy any new TLD. It seems a bit “gimmicky” to me, but I imagine there's others out there that it would be helpful for. Just not my thing.
Adam – Your company is a local construction company so you don't do business internationally. However, would you ever make the decision to block major country code top level domains (ccTLDs)? ccTLDs like .DE, .CA, .UK, .AU, etc on your email servers?
Tony – I would consider it if we started getting harmful spam from those TLD's. I already block Russia (.RU) and China's (.CN) TLD's because of previous spam.
Adam – The claim from new domain supporters and companies is that it will just take time for people and the public to adjust. What do you think about that? All you've seen new TLDs used for at this point is spam. Is that a good way to introduce these to the public?
Tony – I imagine that at some point, they will become mainstream. At the moment though, it's not as widespread as I thought it originally would have been.
Adam – Will these new domain extensions ever be successful? Or are new TLDs doomed to fail?
Tony – I think most businesses, aside from specialty ones, will stick with the old standbys. Now if there's a trendy camera shop, think they'd use .camera, but I don't see companies like Microsoft doing the same in any meaningful way. They may buy the domain, but I don't think they'll use it in major ways.
Personally, I think they will only achieve a certain level of popularity, then die off. But who knows? I've been wrong before. 🙂
END OF INTERVIEW
This isn't the only IT Manager and Systems Administrator I've talked with that has BLOCKED ALL new domains. I've heard and talked with countless others that have taken similar steps. The amount of spam isn't worth for the the one website out of millions that will send legitimate emails.
It's interesting to note that Tony's company has NEVER gotten a customer to call them when they receive a bounce back message. In bounced messages they number to call if they rejected the email by accident. Considering Tony's company handles million dollar building contracts, it was definitely worth the time to filter out ALL new TLDs.
If all you get is spam, why would these new domain registries, registrars, and marketing idiots expect the generic public to start using garbage new TLDs? As far as I can tell they are not doing anything to stop it either. Just look at the SpamHaus list example above.
Your goal should be to have good neighbours not, bad ones ie spammers, scammers, malware, ransomware, etc. Avoid buying these garbage new domain extensions. You don't want your to be associated with these types of issues.
Recently I broke the story that NameCheap dropped support for the .XYZ domains. With over 1 million registered .XYZ domains with NameCheap, it was a surprising move. The speculation is that NameCheap was dealing with too many spam complaints from .XYZ domains, so they pulled the plug.
Theoretically though let's say you did choose a new domain name, against the advice of your IT Manager. Since communication is an important part of any business, and email is still an important communication medium. Would it please you to know companies and customers will not receive your emails? Are you going to go through the hassle of contacting them via other meas? If you can't communicate with your customers or business partners using your domain name, what are you going to do? Send them a postcard? I doubt it. 🙂
Have any thoughts about new domains and email spam? Have you gotten spam from new top level domains? Are you an IT Manager and System Administrator that has had to block all new gTLDs? Want to explain your reasons and your company reasons behind that decision?
If you are new business or start-up thinking of launching on a new domain, does this change your mind? Are you going to go with a .COM, .NET, .ORG, or ccTLD after reading the above interview?
How does it make you feel that you wouldn't be able to send or receive communicate with email using your domain name?
Let me know your thoughts with a comment below. 🙂