Adguardfilters: RFE/C: Use tools to wholesale block highly-suspect TLDs
_N.B.: Not using template, as it doesn't seem to relate to suggestions. If I missed something, I apologize! 馃檱_
@AdguardTeam https://krebsonsecurity.com/2018/06/bad-men-at-work-please-dont-click/ & comments lists some tools that, w/ _very_ high probability, identify TLDs that are almost exclusively used for malware/spam/&c.:
- [ ] https://www.spamhaus.org/statistics/tlds/
- [ ] https://www.symantec.com/blogs/feature-stories/top-20-shady-top-level-domains & linked
There also seems to be a high correlation of NameCheap-registered TLDs w/ malware/&c, but that may be something handled better via AGDNS.
What d'y'all think?
TPS
All 4 comments
We discuss it once internally. The problem is that "shady" does not mean malicious or phishing and blocking the TLD completely is a bit too much.
ameshkov
on 12 Jul 2018
That's _theoretically_ true, but definitely _practically_ worth for its own DNS-compatible Highly Suspicious filterlist, which would/could whitelist _(very rare)_ known-good domains. I mean, did y'all _see_ those stats鈦夛笍 It's terribly unlikely this would false-positive.
TPS
on 12 Jul 2018
I mean, did y'all see those stats鈦夛笍 It's terribly unlikely this would false-positive.
The stats do not show the traffic distribution. Even .com zone is full of phishing domains, but their traffic share is tiny.
ameshkov
on 22 Jul 2018
Will be reopened if necessary.
TheHasagi
on 10 Dec 2018
Related issues
TPS
路
4Comments
adguard-bot
路
4Comments
adguard-bot
路
4Comments
adguard-bot
路
3Comments
adguard-bot
路
4Comments