Remember that glorious period back in 2012, when #ICANN started accepting applications for new generic top-level domains (#gTLDs), eventually adding over 1,200 new TLDs, including such goldmines as .extraspace and .vermögensberatung?
Well, clearly that wasn't enough, because we're now finding ourselves on the cusp of another round.
Why, you ask?
Is it because we've filled up all existing #TLDs and ran out of space?
Or is it because consumers, widely recognized for understanding so well the intricacies of the internet, are clearly asking for more TLDs?
Or could it be because ICANN will charge applicants $227,000, and if they get even half the number of applications they did in 2012 (1,930) that adds up to a cool $220M?
I'm gonna go out on a limb here and say that we don't need any new gTLDs. I've previously discussed TLDs[1] and am collecting ongoing stats[2] on the domain count as best as I can, which lets me provide an at least superficial overview of their current use, so if you'd indulge me for a moment...
[1] https://www.netmeister.org/blog/tlds.html
[2] https://www.netmeister.org/tldstats/
As of 2024-12-04, there are 1,445 TLDs found in the root zone.
Ignoring ccTLDs as well as the original TLDs (.gov, .edu, .com, .mil, .net, and .org), there are 1,118 domains marked as "generic".
Counting subdomains in each, we get:
That is, more than half of all gTLDs contain fewer than a thousand names; 77% fewer than 10K names, and 98% contain fewer than 100K names.
The largest gTLD, .xyz, contains approximately 3.7 million names.
For comparison, .com contains over 157 million, .net over 12 million, and .org over 11 million.
In the very small number of popular gTLDs, those 0.7% with over 1 million domains, what names do we expect to find?
I imagined that the majority are those that are already registered in .com and that the owner registered in many other gTLDs purely or partly to prevent others from squatting on them.
Checking for second-level labels found in both the given gTLD and in .com, I'm currently seeing the following distribution:
It's worth noting that many of these popular gTLDs (i.e., .info, .online, .top, .xyz) regularly appear in the lists[1][2] of domains most frequently used for phishing and malware attacks (alongside the notorious Freenom ccTLDs (see also: [3])), in part because these domains may be cheap to register, fly under the radar of the legitimate brand owner, or have lax policies allowing abuse with high anonymity.
[1] https://interisle.net/insights/phishing-landscape-2024-an-annual-study-of-the-scope-and-distribution-of-phishing
[2] https://unit42.paloaltonetworks.com/top-level-domains-cybercrime/
[3] https://www.netcraft.com/blog/cloudflare-loses-22-of-its-domains-in-freenom-tk-shutdown/
One of the less phishy looking domains that's still fairly popular at around 736K names is .app, which has an overlap with .com of 89%; this is in contrast with e.g., .sbs (822K names), which only has an overlap of around 12% with .com. Why would there be such a discrepancy?
My guess:
(a) cost of registration (> $20 for .app, around $1 for .sbs)
(b) .app is included in the HSTS preload list, so less appealing for throw-away domains
That is, .app is more likely than e.g., .sbs to actually be used for legitimate use cases.
Visual inspection suggests that names in .app are actual words, while .sbs names appear to consist primarily of random strings like ihkclsx.sbs.
Based on random sampling of domain names, this seems to be a trend: random (looking) strings take up a large part of popular, cheap domains, while names that are also registered in the common TLDs are often also found in even some of the less popular gTLDs.
To observe this, let's look at some of the newest up-and-coming gTLDs, i.e., domains that have recently seen increased numbers of registration, for example because their sunrise periods ended and they have been opened up for registration by anybody.
Some of those domains include .box, .ing, .locker, .meme, and .music:
As best as I can tell, these gTLDs are populated almost entirely with duplicates of existing .com domains, and virtually no unique or novel use.
So yeah, I'm gonna say that we don't need new TLDs.
The market is not clamoring for new strings to append to their brand names, and over 50 companies who sponsored a TLD have let it become inactive again (e.g. .comcast, .macys, .oldnavy, or .volkswagen), presumably because they realized it's a waste of money.
@jschauma Interesting thread and definitely there's a financial incentive for ICANN. But isn't it a bit of an assumption that gTLDs that exist in .com are duplicates registered by the same person? Isn't the whole point of gTLDs so that different people can have foobar.xyz or foobar.app without having foobar.com?
@roddie Yes, that is true, but you will also find that pretty much any popular brand name will very quickly use trademark law to (try to) take <companyname>.<tld>. And of course companies also routinely proactively register <companyname and all variations>.<most tlds> for that reason.
I actually think the financial incentive is more for the registries and registrars (who then convince ICANN), as they are the ones making money from registrations.
@jschauma @roddie this is not the case for smaller / newer companies, who then don't have to deal with domain-sitters / speculators, e.g. https://oxide.computer.
