ICT Policy



City Profiles

‘Riskiest domains’ list should be taken with a grain of salt

December 3, 2009  »  Statistics & WebNo Comment
Note how little of Africa Source: McAfee and CNET

Note how little of Africa has sufficient data. Hopefully people don't glance at the graphic and see Cameroon as representative of Africa. Source: McAfee and CNET

The Internet is a dangerous place, but Africa may be safer than once though. Although McAfee may call Cameroon the nation with the riskiest domain (with a 36.7% risk ratio), the statistics are somewhat unclear and misleading. The report may be unbiased, but readers could easily make false assumptions about Internet security in Cameroon and even the rest of Africa. The reason the .cm extension is so risky is that it’s a misspelling of .com. Accordingly, clever cyber criminals have all sorts of malware at these commonly misspelled websites. Since there are relatively few legitimate Cameroonian sites to balance the unsafe squatters, the percentage of dangerous .cm websites comes out to be exceedingly high.

It’s no surprise that the 2nd riskiest domain is the .com extension, trailing .cm by only 4%. The fact that .com domains are risky should eliminate any significance of Cameroon having poor Internet security. After all, who is afraid of visiting a .com site, and aren’t most .coms registered in the United States, a nation much more technologically advanced than Cameroon?


  • In Africa, only South Africa, Cameroon, Mauritius, and Cape Verde were included in the study of 104 top-level domains. Who knows what the actual ‘risk ‘levels’ are for the rest of the continent.
  • According to the results, extensions are nearly as safe as .edu domains. South Africa is the 9th safest domain, with only a 0.2% risk. This is great news for the Africa and hopefully developing nations can look to SA for security advice.
  • It really would have be nice to see nations typically associated with cyber crime like Nigeria or Ghana in the results.

The good news is that even domains that are found to be unsafe one year can often bolster their cyber-defenses in a single calendar year. Such was the case with Hong Kong’s .hk which was the riskiest domain last year but now is not even in the top 30. All it takes is the proper restrictions:

  • Registrar costs cannot be too low
  • Few volume discounts
  • Moderate refund policies
  • Registrars must not be afraid to ask questions
  • Registrars must act on knowledge of malicious domains

Comments are closed.