Domain and IP security sentinel, SpamHaus, keeps track of the abusive behavior of gTLDs and TLDs in general.
To quantify its results, SpamHaus utilizes a quasi-scientific methodology, that weighs the percentage of abusive domains that exist in a given TLD.
In August, it was clear that .XYZ is nowhere to be seen among the 10 most abused Top Level Domains; at the time, the most abused TLD turns out to be dot .TOP.
For the month of September, the list shows that the most abused TLD is dot .Download.
This particular gTLD is operated by Famous Four Media.
The 10 most abused Top Level Domains in September 2016 can be seen below:
It seems that dot .Click and dot .Link are being used by abusive registrants; perhaps Uniregistry needs to step in and use the same effective anti-spam measures that .XYZ utilizes.
For more information about the list and the methodology, visit SpamHaus.org.