After offering free .ml domains in July, Mali seems to have a huge phishing problem with its ccTLD, according to a report on Thursday by Netcraft.
According to Netcraft, Mali now has the most phishy top-level domain of any country in the world. Nearly six percent of the .ml domains in Netcraft’s survey are currently blocked for hosting phishing sites.
Netcraft says the second most phishy TLD, .bt (Bhutan), has only 0.7 percent of its sites blocked for phishing, which means .ml has a substantial lead as the phishiest country domain.
.ml domains can be registered at Freenom, owned by Netherlands-based Freedom Registry. Registrants are required to have a valid email address to create an account, and a CAPTCHA attempts to prevent automated registrations.
Domains that contain more than 3 characters are free, and can be registered for between 1 and 12 months initially, with an unlimited number of renewals.
“It is not surprising to see free domain names being used in phishing attacks, but some TLDs have managed to tackle such fraud with astounding efficacy,” Paul Mutton of Netcraft said in a blog post. “The .tk TLD was taken advantage of extensively by phishers in 2011, prompting its registrar, Dot TK (another subsidiary of Freedom Registry), to introduce an anti-abuse API to allow trusted partners to shut down sites that use the .tk ccTLD. This dramatically reduced the average uptime of phishing sites which used .tk domains, making it a less attractive platform for fraudsters. Indeed, .tk does not even appear within the top 50 phishiest TLDs today; however, considering .tk and .ml share the same owner, this makes it somewhat surprising to see .ml being so heavily abused already.”
When Mali decided to offer the free .ml domains in July, it expected to see demand from a number of countries, including Manila in the Philippines, and Malaysia, according to a report by the Guardian.