The maawg abuse metrics, various studies on malware (and just how many domains malware use etc) might give you some numbers.
Add a lot more that target closed messaging platforms (skype/ fb / WhatsApp etc) The volumes are staggeringly high as absolute numbers. As Neil says, they're enough to keep threat intel analysts spending several hours a day doing nothing but identifying thousands of new domains after seeing just two or three in a particular phish or malware campaign. Search by registrant, search by IP, then identify related domains exhibiting the same behaviour and find a fresh set of registrants and IPs with their very own bunch of domains .. a never ending rathole. There may be more domains registered by various domainers and parked for search monetisation / resale and such but they don't even count. Among domains that are "in use" - seen by other mail, messaging, access etc systems - malicious domains far outnumber legitimate ones. Spamhaus has data, surbl has data - but some registrars choose not to believe it. The more fool them. --srs > On 25-Mar-2017, at 7:06 PM, Michael Orlitzky <mich...@orlitzky.com> wrote: > > For the other perspective, what sort of abuse is stopped? How much does it > cost? How many scams, threats, etc. are avoided as a result, and how do those > numbers compare to the ones for the "privacy" side? Can someone list the ways > that the WHOIS data is used for good? _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
