Rendered at 14:41:25 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
fabstei 19 hours ago [-]
A concrete counterexample: plantura.garden is a large, reputable German-language gardening magazine / brand, and probably exactly the kind of legitimate site one would expect on .garden.
So while the abuse numbers may well justify treating newly registered / low-reputation .garden domains with suspicion, blanket-blocking the entire TLD seems like it would create real collateral damage.
strictnein 18 hours ago [-]
For businesses, it's not a valid reason to not block .garden simply because a gardening site exists. If a site is important enough, exceptions to the blanket rule can be applied.
In general though, if you want Fortune 500s to utilize your service/company, don't utilize a novelty TLD.
kingforaday 16 hours ago [-]
Would you consider .aero, .cat, .asia, .info novelties? They have been around for 20+ years. Sure, there are over 1500 gTLDs now, but when does something stop becoming a novelty? .ai a ccTLD, that Google recognizes as a gTLD, is that a novelty? These are a bit rhetorical.
ctippett 15 hours ago [-]
I can't speak for the others, but registering a .aero domain requires submitting an application that's reviewed by a human and assessed based on the domain's relevancy to the aviation industry.
Bender 16 hours ago [-]
I would define them by the bar to entry. When a spammer can pick up thousands of domains for a few hundred bucks or less because a dodgy registrar is intentionally selling all domains on a specific TLD for next to nothing I find it safe to block anything on that TLD. I have always done this for email both personally and professionally and never once received any push-back. I explained the risk of collateral damage and leadership was always fine with it. Customers were B2B and could log in to open a ticket. Customer emails would come from domains we already trusted in their on-boarding process.
drdexebtjl 17 hours ago [-]
Blanket ban rules are extremely lazy and unacceptable in 2026, especially for Fortune 500s. It’s extremely cheap to use a scoring system instead.
strictnein 15 hours ago [-]
Really don't understand what "unacceptable" even means in this context. It is perfectly acceptable for a company to control internet access.
More to the point though, what is this cheap and easy domain scoring system that does a better job than a blanket ban?
The best domain reputation provider, DomainTools, definitely isn't providing their data for cheap, nor is it always the fastest. We pay a substantial amount to them for thousands of requests a day, something we reserve for enriching actual security incidents, not because someone wants to go to catparty.foobar or whatever.
Martinussen 16 hours ago [-]
Unacceptable for who? It's definitely more than acceptable for a lot of people.
monster_truck 11 hours ago [-]
They really aren't when you are operating at ISP scale. Especially when there are 20+ years of evidence of said scoring systems being abused until they calcified into the mess that is modern email hosting
thih9 17 hours ago [-]
Sure, but blanket bans are even cheaper.
SOLAR_FIELDS 13 hours ago [-]
You say this as if the people implementing TLD blocks even understand what the term scoring system means
ctoth 15 hours ago [-]
> In general though, if you want Fortune 500s to utilize your service/company, don't utilize a novelty TLD.
New potential technique to not have your open source project yoinked/resold by cloud providers? :)
qq66 18 hours ago [-]
I don't think that anyone claims that there aren't any legitimate sites on .garden, but the risk of using an abuse-prone TLD is that Bayesians are going to assign you an increased prior risk of abuse. Honestly the TLD is making more money from the abusers than from Plantura so they're not going to tighten up their ship, Plantura should probably move to a different TLD.
aaron695 11 hours ago [-]
[dead]
sikozu 19 hours ago [-]
I had no idea the .garden TLD even existed. Having just checked Porkbun, it seems like they go for $1.54 which is pretty cheap. No wonder they're being abused.
If you have a cheap TLD of course bad actors will buy a bunch.
OutOfHere 19 hours ago [-]
It is absurd to consider a TLD bad just because it's cheap and its names were registered by some bad people. It's a bad case of stereotyping. Filters need to be better than this. There are plenty of good names within a TLD.
amingilani 19 hours ago [-]
Further to your point, it harms the existing wonderful sites like https://radio.garden/—which has been featured on HN several times over the past few years.
> First-year TLDs under $2 is one of the best indicators of likely abuse. Some TLDs like .xyz are truly fighting abuse while others feign ignorance.
I don't understand this. The first year being discounted (or free) helped .me, and .xyz in the past. This is one year of data. Surely more time is needed?
> It is unlikely that there are valid business reasons for network environments to allow .garden domains;
What do you mean? What is this likelihood based off of?
> highly recommend defenders completely block the .garden top-level domain, and allowlist items as needed.
Holy overreaction, Batman.
furyofantares 18 hours ago [-]
Just another data point about this, not an argument for (or against) blocking a TLD, but personally I wouldn't register an .xyz again, due to what I presume is related to them having to fight abuse. I still have one site on there and have migrated another off.
My domain was flagged for abuse (it's a static site with a daily word game, no ads or anything else) and the TLD took it down. Not my registrar or host, the TLD itself. There was no communication on this, it took some effort to work out what even happened, and appealing was a pretty blind process of claiming to have fixed the issue and issuing proof (which felt a bit strange to fabricate proof that it was fixed, since no issue existed to begin with - I sent a screenshot of the page or something, I can't recall) and hoping they'd unblock it, with no communication at all beyond a place to send such a claim.
They did unblock it, and while I am sympathetic to them having to fight abuse, I still moved away from them.
unethical_ban 18 hours ago [-]
On a corporate network, blocking lesser-used TLDs combined with an aggressive use of DNS and web reputation filters is recommended. I work for a company that provides both services. Makes sense to keep Internet traffic on a sensitive network limited to the sites most likely to have a business case.
For end-users, less so - stick to DNS blocklists and uBlock filters for malware domains which are freely available.
gruez 18 hours ago [-]
>Holy overreaction, Batman.
I don't see it as that much different than people setting up IP blocks at the country/ASN level.
microgpt 18 hours ago [-]
Which is also bad.
brookst 18 hours ago [-]
Eh, really?
Like is it stereotyping to say Black people tend to have darker skin than whites?
At some point, it’s not stereotyping, it’s intrinsic. And if the domain is super cheap to register, is overrun by bad actors, and is generally a nuisance… is it really stereotyping?
Collateral damage I get. Like if you’re running a convenience store and observe that teenagers in track suits and bandanas are robbing you blind (hey look I’m stereotyping), banning these kids will also ban the totally legit kid who happens to dress that way.
But? Isn’t that ok? Should the shop owner just eat continued losses for fear that eventually someone might dress like that and not be a risk?
I fear that I sound snarky, but I really don’t mean to. My point is that at a macro level stereotyping is absolutely wrong. But at a tactical, day-to-day lived experience level, how much abuse do we all have to put up with? An unlimited amount ?
9dev 18 hours ago [-]
> Like is it stereotyping to say Black people tend to have darker skin than whites?
Nah. But it’s stereotyping to say black people tend to commit more crimes than whites.
Which is a lot closer an analogy here, and just as wrong.
472936721 18 hours ago [-]
[flagged]
17 hours ago [-]
OutOfHere 18 hours ago [-]
> is it stereotyping to say Black people tend to have darker skin
Your analogy is altogether misplaced.
> But? Isn’t that ok?
No, it never is. The hallmark of civilization avoiding collateral damage and protecting the innocent, without which we're animals.
> And if the domain is super cheap to register, is overrun by bad actors,
That is not established. The bad actors merely make noise, and get reported. The good actors stay out of the news.
Your argument is bogus because filters absolutely can be nuanced, operating at the name level. It is a non sequitur for a filter to operate at the TLD level.
> My point is that at a macro level stereotyping is absolutely wrong. But at a tactical, day-to-day lived experience level
Huh. That is just laughable and sad. Stereotyping is wrong at every level, and it's even more wrong at the everyday level.
bakugo 18 hours ago [-]
It's not just the price, but also how "legitimate" the registrars are and how well they deal with abuse.
Here's an anecdote: I know someone who insisted on using a .tk domain for legitimate business purposes for many years. When I heard of this, I immediately asked "isn't that the TLD managed by a shady company that gives domains away for free and then steals them back if they become popular?" He insisted this did not affect him, as he was a legitimate customer who had been paying for the domain for over a decade.
Fast forward a few years, the company behind the TLD (Freenom/OpenTLD) went under due to their shady business practices, he lost the domain, and was told he had to register it again at a new registrar for a much higher price to recover it.
strictnein 18 hours ago [-]
[dead]
qasderghytfgyt 17 hours ago [-]
considerations@52%5%8%*%@٤&٠!٧٠؟
mandrade2 17 hours ago [-]
damn I got git.garden
microgpt 18 hours ago [-]
[flagged]
wartywhoa23 18 hours ago [-]
They'd better compare the abuse statistics, in wide all-things-considered¹ sense, of .garden to that of .ai.
¹As in abuse of planet's resources, economy, job market and on human sanity and patience.
So while the abuse numbers may well justify treating newly registered / low-reputation .garden domains with suspicion, blanket-blocking the entire TLD seems like it would create real collateral damage.
In general though, if you want Fortune 500s to utilize your service/company, don't utilize a novelty TLD.
More to the point though, what is this cheap and easy domain scoring system that does a better job than a blanket ban?
The best domain reputation provider, DomainTools, definitely isn't providing their data for cheap, nor is it always the fastest. We pay a substantial amount to them for thousands of requests a day, something we reserve for enriching actual security incidents, not because someone wants to go to catparty.foobar or whatever.
New potential technique to not have your open source project yoinked/resold by cloud providers? :)
If you have a cheap TLD of course bad actors will buy a bunch.
> First-year TLDs under $2 is one of the best indicators of likely abuse. Some TLDs like .xyz are truly fighting abuse while others feign ignorance.
I don't understand this. The first year being discounted (or free) helped .me, and .xyz in the past. This is one year of data. Surely more time is needed?
> It is unlikely that there are valid business reasons for network environments to allow .garden domains;
What do you mean? What is this likelihood based off of?
> highly recommend defenders completely block the .garden top-level domain, and allowlist items as needed.
Holy overreaction, Batman.
My domain was flagged for abuse (it's a static site with a daily word game, no ads or anything else) and the TLD took it down. Not my registrar or host, the TLD itself. There was no communication on this, it took some effort to work out what even happened, and appealing was a pretty blind process of claiming to have fixed the issue and issuing proof (which felt a bit strange to fabricate proof that it was fixed, since no issue existed to begin with - I sent a screenshot of the page or something, I can't recall) and hoping they'd unblock it, with no communication at all beyond a place to send such a claim.
They did unblock it, and while I am sympathetic to them having to fight abuse, I still moved away from them.
For end-users, less so - stick to DNS blocklists and uBlock filters for malware domains which are freely available.
I don't see it as that much different than people setting up IP blocks at the country/ASN level.
Like is it stereotyping to say Black people tend to have darker skin than whites?
At some point, it’s not stereotyping, it’s intrinsic. And if the domain is super cheap to register, is overrun by bad actors, and is generally a nuisance… is it really stereotyping?
Collateral damage I get. Like if you’re running a convenience store and observe that teenagers in track suits and bandanas are robbing you blind (hey look I’m stereotyping), banning these kids will also ban the totally legit kid who happens to dress that way.
But? Isn’t that ok? Should the shop owner just eat continued losses for fear that eventually someone might dress like that and not be a risk?
I fear that I sound snarky, but I really don’t mean to. My point is that at a macro level stereotyping is absolutely wrong. But at a tactical, day-to-day lived experience level, how much abuse do we all have to put up with? An unlimited amount ?
Nah. But it’s stereotyping to say black people tend to commit more crimes than whites.
Which is a lot closer an analogy here, and just as wrong.
Your analogy is altogether misplaced.
> But? Isn’t that ok?
No, it never is. The hallmark of civilization avoiding collateral damage and protecting the innocent, without which we're animals.
> And if the domain is super cheap to register, is overrun by bad actors,
That is not established. The bad actors merely make noise, and get reported. The good actors stay out of the news.
Your argument is bogus because filters absolutely can be nuanced, operating at the name level. It is a non sequitur for a filter to operate at the TLD level.
> My point is that at a macro level stereotyping is absolutely wrong. But at a tactical, day-to-day lived experience level
Huh. That is just laughable and sad. Stereotyping is wrong at every level, and it's even more wrong at the everyday level.
Here's an anecdote: I know someone who insisted on using a .tk domain for legitimate business purposes for many years. When I heard of this, I immediately asked "isn't that the TLD managed by a shady company that gives domains away for free and then steals them back if they become popular?" He insisted this did not affect him, as he was a legitimate customer who had been paying for the domain for over a decade.
Fast forward a few years, the company behind the TLD (Freenom/OpenTLD) went under due to their shady business practices, he lost the domain, and was told he had to register it again at a new registrar for a much higher price to recover it.
¹As in abuse of planet's resources, economy, job market and on human sanity and patience.