• by Ray Schultz , Columnist, August 30, 2018

Forget all those warnings that GDPR would lead to a rise in spam: It hasn’t happened. Rather, there has been a slight falloff in generic top-level domain (gTDL) registrations such as .men and .date, according to an analysis by Recorded Future.

Total new domain registrations fell from 223,000 per day in the month prior to May 25, the date of GDPR implementation, to 213,000 in the period from May 26 to July 2, the company reports in a blog post.

The authors attribute this decline in gTLD filings to “GDPR-enforced WHOIS privacy rules.” But they add, “it is possible that spammers are focusing on registering new domains in top-level domains (TLDs) that have a reputation for delivering a lot of spam, but that also does not appear to be the case.” 

The assumption all along was that GDPR restrictions on use of Whois data would leave authorities with no way to identify spammers.” But malefactors “are not taking advantage of the potential new anonymity afforded by GDPR to register new domains as part of new spam campaigns, at least not in the gTLD space.”

Meanwhile, overall email volume declined from 433.9 billion messages on May 1 to 361.83 billion on Aug. 1, according to tracing by Cisco Talos. But that may be largely due to seasonal fluctuations.

Spam accounted for 370.04 billion messages, or 85.28% of the May 1 email total. That fell to 308.05 billion, or 85.14% of the total, on Aug. 1.

The most popular gTLD domains are .men, .fun, .review, .date, and .yokohama, Recorded Future writes, citing Spamhaus. But most of all these have fallen off this summer.

For instance, .men declined from 0.98% of all new domains prior to GDPR to 0.32%. In addition, .date fell from 0.46% to 0.24%.

Moreover, 'biz fell from 6.93% to 0.6%, and .app from 3.63% to 0.59%.

The only gTDL to grow in this period is .loan, which rose from 7.26% of all new domains to 11.32%. Spamhaus reports that 29% of all .loan domains are bad, the post continues.

The authors’ conclusion? “Spam is still a big problem, but it has not become a bigger problem, contrary to popular opinions among security researchers.”