These lists, it should be pointed out, are quickly becoming outdated as more folks sign up for new domain names. For example, there’s this on .xyz https://www.symantec.com/connect/blogs/exploring-xyz-another... and then there’s actual usage of it: https://abc.xyz (completely not mentioned...) If you want to know the most popular/relevant sites on a TLD, search google for `site:xyz` to see a small list... E.g. .link often is used by websites with very long domains looki for a shorter one, like http://gcr.link/ Amazon has http://aws.science/ .country is mostly crap, but there is http://cma.country/ .click is indeed only slightly less spammy, but does have http://bbc.click/ And .rocks doesn’t deserve the ban. It’s used by fan sites, people promoting tech or events, and fun stuff like kqed.rocks for kqed.org ... I’ll admit though, it can be hard to tell with all the third party domains which sites are legitimate and which aren’t...
Given the risk/reward of, oh, say, finding my systems hosed or users scammed and/or bank accounts drained, vs. missing out on someone's link shortener, I think I'll err on the side of caution.
This being an assessment based on local awareness of circumstances.
In what way are you more secure then when someone uses a .com domain? In both cases it is easy to register a url and turn into a malicious site. It really seems you are blackholing parts of the web for no good reason except to exempt yourself from actually performing a security check on the sites on the assumption all other tld's are safe.
The first of these I blocked when I looked at the domain and realised that the TLD were registering any old line noise. I'm not going to bother sorting that. Search for other experience turned up Blue Coat.
I subscribe to blocklists, and they update periodically. There are other levels of protection.
When a TLD is 99.9% malware or scams, it's far easier to block it outright. Registrars should take responsibility for what they're registering. Not my problem.
My experiance with symantec web protection (which I assume will use the same blocklists they are talking about) is that it has a ridiculous false positive rate and when I was still in High School they had blue-coat installed and it had a worse false positive rate. I would be very careful about running blacklists from those companies aside from anti-ad blocklists.
