back to article The web's cruising at 13 million new and nefarious domain names a month

Akamai reckons that, in the first half of 2022 alone, it flagged nearly 79 million newly observed domains (NODs) as malicious. According to the internet infrastructure giant, that amounts to 13 million malicious domain detections per month, equal to 20 percent of all successfully resolving NODs. For Akamai's purposes, a NOD …

  1. Alan J. Wylie

    Day Old Bread

    Ah, memories of the now defunct "Day Old Bread" Realtime blocklist: a DNS lookup returned the status of domains registered in the past 5 days

    Archive.org mirror

    1. doublelayer Silver badge

      Re: Day Old Bread

      It's probably not related to what you meant, but I would suggest treating any domain as probably malicious until it's existed in DNS for a week (that data is publicly available in whois). I see so many phishing or malware setups use fresh domain names that they intend to run for a few days and cancel with their registrar. There are registrars that allow for refunds if domains are canceled in a short period, so they get their endpoints for free. I usually argue against blanket-bans of stuff, but this one is an exception as almost all legitimate sites are set up with enough forethought that they'll have a domain a week before it goes live for the public.

  2. wheeliebin

    As a former Palo Alto Networks firewall admin, we set any requests to domains less than 30 days old to be gated by a block/continue warning page, so users would be forced to hesitate before proceeding to the destination site. It worked a treat!

  3. Yes Me Silver badge
    WTF?

    Their fault

    I blame Bill Clinton for this. Or perhaps Al Gore. Or, really, Ira Magaziner. They were so sure that commercialising the DNS registration function was the right thing to do, back in 1998.

    I though at that time that .com registrations should have been priced at about $2000. But the free marketeers won, and we got... 13 million new bogus domains a month.

    Mankind is doomed.

    1. LDS Silver badge

      Re: Their fault

      You would have blocked most people from getting a domain.

      Still, vetting any domain request should be mandatory - and slightly higher price won't be an issue. And registrars failing too many vetting procedures should lose their registrar status.

      But 79 millions domains means more than a billions revenues for registrars...

      1. veti Silver badge

        Re: Their fault

        Only if they actually get paid.

        How many registrars actually demand the money up front and non refundable, before granting the domain? Keep in mind that it only has to be live for a few days, at most.

        1. LDS Silver badge

          Re: Their fault

          They get paid - or they would start to block these actions if they didn't have their return. Spammers and other crooks have no problem to pay other crooks - they make money.

  4. stiine Silver badge
    Mushroom

    Here's a hint...

    If the domain looks like a GUID, 99.99% of the time, you should block access to it.

  5. clyde666

    blame the registrars

    New domains are bought/registered through Registrars.

    There must a pattern in that study that points to probably no more than a small handful of registrars that are processing these new domains.

    That's where enforcement should be concentrating. Cut the bad guys off at source.

    If we're talking millions of new domains per month which are used and thrown away very quickly, there has to be some level of either collaboration or at least turning a blind eye.

  6. Mobster

    Do any of these NOD list generators make their lists available openly?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like