Updated Aug 28, 2018

EU data law may not have caused the expected sketchy website boom

Photo by Roberto Machado Noa/LightRocket via Getty Images

Experts feared that malicious websites would multiply after the European Union's General Data Protection Regulation began to thwart one of the most effective techniques of tracing their owners. But security intelligence firm Recorded Future sees some evidence that the boom may not have happened.

Why it matters: The GDPR bans companies from storing personal information without an E.U. citizen's permission — including so-called "WHOIS" data that companies use to track down the owners of criminal or spam websites. With those GDPR rules in place, experts expected a sudden boom of sketchy sites. The rules still make current forensic investigations more difficult, but they did not appear to trigger an explosion of malicious activity online.

The details: According to the Recorded Future report:

  • The total amount of global email dipped in July, with the amount of spam staying the same. Recorded Future attributes this statistic to Cisco's Talos group.
  • The number of new internet domains registered since GDPR took effect also declined, from 223,500 a day to 213,300.
  • While the total number of registrations declined, the percentage of new sites registered as .com addresses increased from just under 51% to just under 54% — increasing in total from 113985 to 117315. That's important, believes Recorded Future, because .com is the least likely of the publicly available domain suffixes to be used in spam campaigns.

What they're saying: "The fact that domains in well-known 'spammy' top level domains has dropped could be a signal that spammers may be worried about potential ramifications from GDPR violations," said Recorded Future senior solutions analyst Allan Liska via email. "It could also be a sign that spammers are holding back, seeing how GDPR plays out and then will adapt."

Go deeper