The modality of mortality in domain names

Friday 5 October 11:00 - 11:30, Green room

Paul Vixie (Farsight Security)

Domain names established for routine use are typically registered for one or more years, and faithfully renewed thereafter. Knowing nothing else, we'd expect that a domain existing today will still be there tomorrow. This is an expectation of 'domain continuity'.

Other domains get treated as effectively being 'disposable'. Those domains get registered, quickly abused for cybercrime-related purposes (such as spamming, phishing, malware distribution, etc.), and are then abandoned after becoming unusable due to being blocklisted or 'held' by registrar action.

In this study, we've obtained an ongoing feed of 'Newly Observed Domains' from Farsight Security's SIE, and then periodically probed those names from global measurement points to determine:

  • What fraction of new domain names 'die a premature death' due to being blocklisted or suspended?
  • What causes the 'death' of those domains? Do they mostly get blocklisted? Or do they 'die' due to action by registrars or others?
  • What does the survival curve for those names look like over time?
  • Are there differences between the traditional gTLDs, ccTLDs and ICANN's new gTLDs?

Farsight Security CEO Dr. Paul Vixie will address these topics and make recommendations as to how to reduce domain name abuse.




Paul Vixie

Dr Paul Vixie is an Internet pioneer. Currently, he is the Chairman, CEO and cofounder of award-winning Farsight Security, Inc. He was inducted into the Internet Hall of Fame in 2014 for work related to DNS. Dr Vixie is a prolific author of open-source Internet software including BIND, and of many Internet standards documents concerning DNS and DNSSEC. In addition, he founded the first anti-spam company (MAPS, 1996), the first non-profit Internet infrastructure software company (ISC, 1994), and the first neutral and commercial Internet exchange (PAIX, 1991). He earned his Ph.D. from Keio University for work related to DNS and DNSSEC in 2010.



Related links

   Read paper    Watch video

Other VB2018 papers

DNS tunnelling: that's not your grandma's exfil

Brad Antoniewicz (Cisco Umbrella)

VB2018 opening address

Martijn Grooten (Virus Bulletin)

Luminous data – observing malicious domains at scale

Norm Ritchie (Secure Domain Foundation)

Back to VB2018 Programme page

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.