May 12 – 13, 2019
Shangri-La Bangkok
Asia/Bangkok timezone

The Modality of Mortality in Domain Names

May 12, 2019, 11:00 AM
Ballroom 1 (Shangri-La Bangkok)

Ballroom 1

Shangri-La Bangkok

89 ซอย Wat Suan Plu - Dumex, Khwaeng Bang Rak, Khet Bang Rak, Krung Thep Maha Nakhon 10500, Thailand
Standard Presentation Public Workshop


Paul Vixie (Farsight Security)


Domain names established for routine use are typically registered for one or more years, and faithfully renewed thereafter. Knowing nothing else, we'd expect that a domain existing today will still be there tomorrow. This is an expectation of 'domain continuity'. Other domains get treated as effectively being 'disposable'. Those domains get registered, quickly abused for cybercrime-related purposes (such as spamming, phishing, malware distribution, etc.), and are then abandoned after becoming unusable due to being blacklisted or 'held' by registrar action.

In this study, we've obtained an ongoing feed of 'Newly Observed Domains' from Farsight Security's SIE, and then periodically probed those names from global measurement points to determine: What fraction of new domain names 'die a premature death' due to being blocklisted or suspended? What causes the 'death' of those domains? Do they mostly get blocklisted? Or do they 'die' due to action by registrars or others? What does the survival curve for those names look like over time? Are there differences between the traditional gTLDs, ccTLDs and ICANN's new gTLDs?

Vixie will address these topics and make recommendations as to how to reduce domain name abuse.


delegation point lifetimes: brutish, nasty, and short.

Talk Duration 30 Minutes

Primary author

Paul Vixie (Farsight Security)

Presentation materials