IT

Why TLD Risk Score (Spam Score) Matters #Domain

The reason why the risk score and spam score of Top-Level Domains (TLDs) become a problem stems from the tendency of malicious actors to prefer certain TLDs. Cybercriminals may select specific TLDs for malicious activities such as phishing, malware, and grayware. This selection may be determined by the TLD's risk score or spam score.

Shou Arisaka
2 min read
Nov 9, 2025

The reason why the risk score and spam score of Top-Level Domains (TLDs) become a problem stems from the tendency of malicious actors to prefer certain TLDs. Cybercriminals may select specific TLDs for malicious activities such as phishing, malware, and grayware. This selection may be determined by the TLD’s risk score or spam score.

※ Search for available .jp domains ▶ Muumuu DomainOnamae.com Xserver Domain

Importance of TLD Risk Score and Spam Score

  • TLD Risk Score: The TLD risk score indicates the proportion of malicious domains among domains registered under that TLD. For example, the .com TLD accounts for nearly half of all malicious domains, which doesn’t mean .com TLD itself is malicious, but rather shows its unique position of being able to cooperate in sweeping up malicious domain registrations.
  • Spam Score: The spam score indicates the likelihood that a domain is involved in spam emails or phishing scams. This becomes a factor that increases the possibility of a domain being involved in malicious activities.

Problematic TLDs and Their Reasons

  • .tk, .pw, .ws: These TLDs have a noticeably high number of malicious domains, equal to or exceeding the population of these regions. In particular, the .tk TLD has more phishing domains registered than the population of Tokelau. These ccTLDs may surpass the problems arising from malicious registrations.
  • .xyz, .icu: These TLDs have adopted a strategy of offering cheap domains, usually priced at a few dollars. Thanks to this pricing strategy, these two TLDs have become the most popular among users, both good and bad.

Countermeasures and Recommendations

  • Strengthening Registration Policies: It’s important for TLD operators to strengthen anti-abuse policies to combat cybercrime. This makes it possible to investigate and take action against malicious domain names. {/* - Blocking Domains: It’s recommended to block domains in certain categories. This includes “Dynamic DNS,” “Abused Drugs,” “Adult,” “Gambling,” etc. */}
  • Blocking Domains: It’s recommended to block domains in certain categories. This includes “Dynamic DNS,” “Gambling,” etc.

Summary

TLD risk scores and spam scores become a problem because malicious actors tend to prefer certain TLDs. To address this, it’s important for TLD operators to adopt strong registration policies to combat cybercrime and block domains in certain categoriesReference.

Share this article

Shou Arisaka Nov 9, 2025

🔗 Copy Links