Malware activity monitor, SpamHaus, keeps track of the number of bad domains spewing out spam, for every TLD, ccTLD and gTLD.
In other words, it’s not the absolute number of “bad domains” but the ratio that determines how bad a TLD, gTLD or ccTLD is.
How does SpamHaus calculate that domain badness?
The abusive behavior of domain TLDs is measured as the ratio of abusive domains that exist in a given TLD, to its total number of active domains.
That ratio doesn’t reflect the total number of bad domains in a given TLD, but the percentage of its bad actors to the full number of domains encountered. This allows for proper scaling for smaller or larger TLDs.
For October 2018, SpamHaus crowned dot .GQ as the #1 most abused TLD; it’s followed by dot .Loan and dot .CF.
What the heck are .GQ and .CF you might ask. Here’s what we know about these national ccTLDs:
- .GQ for the nation of Equatorial Guinea.
- .CF for the nation of Central African Republic.
The full Top 10 list follows:
Source: Spamhaus.