Is the TLD Still Relevant? 

In a digital landscape flooded with phishing, fraud, and malicious activity—across .com, traditional ccTLDs like .ca, and newer gTLDs like .tech—trust in any domain extension has eroded. Malicious actors exploit every type of TLD, making it clear that no single extension inherently guarantees credibility.

So, if trust can’t be derived from the domain alone, does it really matter which TLD you choose? My answer: not as much as it used to.

As the way we consume information and market trends evolve, I’ve come to believe that the premium value placed on traditional TLDs like .com is overinflated. Given how people now discover and interact with content, the importance of a business’s specific TLD may be diminishing, and the high price of .coms may no longer be justified.

In this blog, I take a deeper look at the domain name landscape: how we got here, why .com pricing feels outdated, and what really matters when choosing a domain in today’s evolving digital world. By the end, you might agree or at least find some food for thought. Either way, let’s dive in.

Why Domain Names Matter

Every organization wants a digital presence, a visible and easily accessible “address” for people to find and interact with them. At the core of this presence is the domain name, with the top-level domain (TLD) historically playing a key role in shaping how users perceive and access a brand. 

Originally, domain names served a simple purpose: to provide an easy-to-remember way for people to access web servers without needing to memorise complex IP addresses. Over time, they evolved from being purely technical tools into essential brand assets. For businesses, a memorable domain name became a critical element of their online identity, with TLDs like .com often associated with credibility and trust.

Beyond websites, custom domains are also important for services like email. Larger companies typically use their domains to create branded email addresses, reinforcing their identity across multiple touchpoints. However, for many smaller businesses—such as local plumbers or electricians—the domain serves primarily as a discovery tool. I’ve often noticed these  businesses using email addresses from providers like Gmail or Hotmail, and phone numbers on their websites for contact purposes rather than investing in custom email solutions, which still remains costly and complex for non-technical people.

But for digital-first and/or global organizations, the stakes are higher. A domain isn’t just a URL; it becomes the foundation for their entire digital presence, supporting websites, email services, and various online tools. This brings me to my own experience: when I was evaluating domains for a new website, we needed a web domain that went beyond local identity. Since the project is global and digital-first, a country-code TLD (ccTLD) like .ca or .nl didn’t seem appropriate.

This decision-making process highlights a common dilemma for businesses operating in a crowded domain landscape: with so many TLDs available, how do you choose the one that best fits your goals? The answer isn’t always straightforward, especially when you weigh factors like branding, availability, cost, and long-term credibility.

How TLDs are Governed and Monetized

Since I’ve already mentioned .com and ccTLDs like .ca, let’s take a step back and look at how TLDs are governed and commercialized. This context helps explain why certain extensions, like .com, have historically dominated the market and why newer options are rapidly emerging as viable alternatives.

The governance and commercialization of TLDs involve multiple stakeholders who manage, sell, and profit from domain names.

At the top of this structure is the Internet Corporation for Assigned Names and Numbers (ICANN), which coordinates the global domain name system and establishes policies for TLD operations. ICANN works alongside its technical affiliate, the Internet Assigned Numbers Authority (IANA), which maintains the root zone—the authoritative “master list” of all recognized TLDs. Readers can explore a comprehensive list of all TLDs and their respective managers via the IANA Root Zone Database.

Broadly, TLDs fall into three main categories:

1. Generic TLDs (gTLDs) – These include well-known extensions like .com, .org, and .net, which are generally open to registrants worldwide without strict eligibility requirements. While .org was originally intended for non-profits, it remains widely available for any entity to register. In addition to legacy gTLDs, newer options such as .tech, .shop, and .digital have gained popularity, particularly among businesses looking for industry-specific branding. These newer gTLDs offer affordable alternatives to .com while allowing companies to create a distinct identity aligned with their sector.
2. Country-Code TLDs (ccTLDs) – These two-letter extensions, such as .ca for Canada or .nl for the Netherlands, are tied to specific countries or territories. Some ccTLDs, like .ca, enforce geographic restrictions to ensure that registrants have a connection to the country. However, others, like .io (originally for the British Indian Ocean Territory) and .ai (for Anguilla), have no such restrictions and are commonly used by tech companies, making them more akin to generic domains in practice than region-specific ones.
3. Specialized or Restricted TLDs – Certain extensions, such as .gov or .edu, are reserved for specific types of entities. For example, .gov is limited to U.S. government organizations, providing an inherent trust signal due to its strict eligibility requirements. Similarly, .edu is available only to accredited educational institutions in the U.S., ensuring that its use is limited to legitimate academic entities.

If you’re curious about what kinds of sites are registered under specific TLDs, you can use a simple trick with Google Search. Just type site:.ai or site:.tech into the search bar, and you’ll get a list of websites using that TLD. You can swap in any other extension, like site:.design, to explore different namespaces. It’s a handy way to see what’s out there across various TLDs.

Based on the type of TLD, governance processes differ. ICANN plays a central role in coordinating the global domain name system and delegates the management of TLDs to various registry operators. For generic TLDs (gTLDs) like .com, ICANN directly oversees the process and authorizes specific entities through contracts, such as Verisign, to manage the databases of registered domains and set wholesale prices. In contrast, country-code TLDs (ccTLDs), such as .ca for Canada, are delegated to national organizations, like the Canadian Internet Registration Authority (CIRA), through a separate process that typically involves the local government or regulatory body.

While ccTLDs are intended to signify regional identity, their governance varies widely—some, like .ca, enforce geographic restrictions to ensure registrants have a connection to the country, while others, such as .io and .ai, impose no such restrictions and are used globally, often perceived as generic extensions in industries like tech.

But how do domains actually get to market? That’s where registrars and resellers come in. Registrars—like GoDaddy, Namecheap, and Google Domains—are accredited by registry operators and have direct access to their databases. For example, if GoDaddy sells .com, .ca, and .tech domains, it means they have contractual relationships with Verisign (which operates .com), CIRA (which operates .ca), and Radix Technologies Inc. (which operates .tech). Each of these contracts outlines specific terms for registering domains, including costs, registration requirements, and technical standards that the registrar must adhere to.

When a customer searches for a domain, the registrar queries the TLD operator’s registry to check availability in real-time. If the domain is available, the registrar registers it by paying a fee to the TLD operator as specified in their agreement. Registrars are free to set their own prices for customers, provided they cover the required registry fees. Pricing often varies based on factors like demand, promotional strategies, or the perceived value of certain TLDs.

On top of this, there’s the secondary market—where high-value domains are bought and sold, sometimes at steep premiums.

Trends and Implications of TLD Market Evolution

As I considered the value of a primary domain within a top-level domain’s namespace, I became curious about how the market is evolving. Are traditional heavyweights like .com still dominating? Are newer gTLDs truly making a dent? And what about hybrid ccTLDs like .ai, .io, and .co, which seem to have become mainstream options far beyond their original geographic designations? To answer these questions, I broke down key metrics across different TLD categories, including a distinct category for “Hybrid/Global” ccTLDs.

The following table provides a snapshot of the TLD market, covering market share, growth rates, pricing trends, and cybercrime relevance over the past decade. While I’m aware that the data may not perfectly reflect reality, it’s based on the best available sources and should be close enough to offer meaningful insights and direction for my analysis.

Notes on sources: Data for this analysis was compiled from Verisign’s Domain Name Industry Briefs, CENTR’s Global TLD Report, Afnic’s Global Domain Name Market Reports, and the IANA Root Zone Database. Insights on cybercrime and gTLD abuse were drawn from Interisle Consulting Group’s cybercrime reports and reporting from KrebsOnSecurity. Pricing data is estimated based on industry reports, registrar websites, and domain market resources, particularly for premium domains which are highly variable.

Stagnation in .com and Traditional ccTLDs

As shown in the table, .com and traditional ccTLDs like .ca, .de, and .uk have experienced relatively slow growth over the past decade. For .com, we can hypothesize that perhaps this stagnation is attributed to a scarcity of desirable names. With so many prime .com domains already registered, businesses looking for a memorable or brand-aligned domain often face exorbitant costs in the aftermarket, where prices can range from six to seven figures. While .com still carries prestige, its high cost and limited availability have pushed many businesses toward alternatives. If we wanted to purchase the 4sure.com domain, it would have cost us millions of dollars.

Traditional ccTLDs, meanwhile, are naturally limited by geography. Since they primarily serve local markets, their growth potential is tied to the size and economic activity of their respective countries or territories. Despite this limitation, traditional ccTLDs remain important for regional branding, making them a popular choice for local businesses seeking to establish trust within their local communities.

The Rise of Hybrid/Global ccTLDs

As I have mentioned a couple times so far, some ccTLDs have broken out of their regional mold and gained widespread global adoption. These “Hybrid/Global” ccTLDs—like .ai (Anguilla), .io (British Indian Ocean Territory), .co (Colombia), .tv (Tuvalu), and .me (Montenegro)—are used far beyond their original country designations, often by businesses in tech, media, and creative industries. For example:

• .ai has become synonymous with artificial intelligence startups and projects.
• .io is widely used by tech companies and developers, symbolizing innovation and digital-first thinking (northernblock.io, for example!).
• .co is often marketed as a sleek alternative to .com, appealing to startups and global brands.

Unlike traditional ccTLDs, these hybrid ccTLDs command higher prices due to their association with specific industries and their perceived brandability. On average, these domains are priced in the $50–$100 range for initial registration, significantly higher than many traditional ccTLDs, which typically fall between $10 and $30. The demand-driven pricing for hybrid ccTLDs reflects their desirability as branding tools rather than regional markers.

However, while hybrid ccTLDs offer flexibility and global appeal, they don’t inherently add legitimacy. Their open registration policies mean that anyone can purchase them, making them just as susceptible to misuse as gTLDs. It is worth noting that their higher price points compared to many gTLDs have somewhat mitigated their attractiveness to cyber criminals.

The Double-Edged Sword of gTLDs

New gTLDs have grown steadily, offering businesses industry-specific branding opportunities at lower prices. However, this affordability comes with a trade-off: minimal registration requirements have made some gTLDs a hotspot for malicious activity. gTLDs priced as low as $1 or $2 have disproportionately high rates of phishing and cybercrime. This trend underscores the risks associated with a “race to the bottom” pricing strategy, where rapid adoption is prioritized over security.

Despite these challenges, many businesses continue to adopt gTLDs like .tech, .shop, and .xyz, using them as creative branding tools rather than trust signals. Unlike .gov or .edu, which enforce strict eligibility criteria, gTLDs rely purely on their marketing appeal.

Evaluating Trust in TLDs

With the rise of phishing and other malicious activities across all types of TLDs—including .com, gTLDs, and hybrid ccTLDs—trust in a domain name’s extension alone has diminished. Whether a business uses .com, .io, or .tech, users can’t automatically assume credibility based on the TLD. Phishing attempts can come from any type of domain, highlighting that no TLD is inherently safe or trustworthy.

To illustrate this point, here’s a visual example of phishing messages using domains from different TLD categories, including .com, traditional ccTLDs, and newer gTLDs. It shows how easy it is for malicious actors to leverage any TLD, making the specific extension irrelevant from a trust perspective. 

For legitimate businesses, this means that building trust requires more than just choosing the right domain.

Ultimately, while the specific TLD still plays a role in branding, its value as a trust signal is eroding. For businesses operating globally, especially in digital-first industries, hybrid ccTLDs and gTLDs offer viable alternatives to .com, provided they prioritize trust-building measures beyond their domain name.

A Changing Landscape of Content Access

The way we access content online has changed dramatically over the years. In the early days of the web, domain names were indispensable—users needed to know the exact URL to find a site. Then came search engines, like Google, which transformed discovery by allowing users to locate web pages without needing to remember full URLs. Today, however, this evolution has taken another leap, with social media platforms, content apps, and AI-driven tools dominating how people find and consume information. 

Existing search platforms have adapted too. Google, for example, now integrates AI directly into its Google Search results, offering immediate answers alongside traditional links. This shift means that users increasingly get the information they need without ever visiting a specific website. Add to this the fact that smartphones have become the primary devices for accessing information, and the result is a user experience heavily shaped by apps, where users rarely think about the underlying servers or domain names powering these services, as they don’t need to visit websites directly—the app provides a UX layer above that.

Looking ahead, I predict we’re on the cusp of a massive paradigm shift. 

As search engines evolve and AI-driven platforms take over more of the content discovery process, the role of TLDs in SEO is becoming increasingly irrelevant. Google has already stated that it treats all generic TLDs the same, meaning a .tech, .ai, or .digital domain has no inherent disadvantage compared to a .com in search rankings. But even beyond this, SEO itself may be losing relevance as a whole. As AI assistants, chat-driven search, and content aggregators become the primary way people retrieve information, traditional web searches—and by extension, website rankings—are playing a smaller role in content discovery. If an AI tool surfaces the best answer directly within an app or voice interface, does it even matter where that content is hosted, let alone what TLD it uses? The shift toward AI-mediated content delivery is gradually replacing the need for users to navigate search results, further diminishing the importance of both TLDs and SEO as primary visibility drivers.

A Market in Transition

Given these trends in content access, it’s clear that the TLD market is in transition. While traditional segments like .com and regional ccTLDs (like .ca, .nl, or .uk) continue to face stagnation, newer gTLDs (like .tech, .shop, and .digital) and hybrid ccTLDs (like .io, .ai, and .co) are growing steadily. Yet, alongside this growth comes a rise in security concerns and phishing, further eroding trust in domain names as signals of credibility. The examples of phishing I shared earlier highlight that no TLD—whether it’s .com, a regional ccTLD, or a trendy gTLD—can fully guarantee trustworthiness on its own.

This leaves us with an important question: how do we solve the trust problem? Clearly, it can’t just be left to the application layers. Apps and platforms may provide some level of safety, but they don’t control the authenticity of the information they aggregate or deliver. 

If businesses want to inspire confidence—whether people are interacting directly with their websites or consuming content through intermediaries like AI-driven tools—they need a way to ensure the integrity of their digital presence.

Conclusion: Building Trust in a Fragmented Digital Ecosystem

Eligibility requirements play a critical role in how certain TLDs establish trust. Restricted TLDs like .gov and .edu offer a compelling example: users trust these domains because they believe in the underlying governance structures. A .gov domain inherently signals that it represents a verified U.S. government entity, while a .edu domain implies accreditation within the U.S. education system. But this trust relies on accepting the authority behind those assertions—an authority that governs only a specific jurisdiction.

Here’s where things get nuanced. In a globally distributed digital landscape, no single governing body can make claims for everyone, everywhere. The DNS system, while often critiqued for being “centralized,” is a tradeoff. Yes, the namespace is governed centrally, but that governance provides credibility, legitimacy, and a unique namespace, which has been historically valuable. Without governance, which is always centrally managed in nature, there’s no basis for trust—no way to verify whether a domain represents what it claims to be. The key isn’t to eliminate governance but to allow users and organizations to choose which governance models they trust.

If the goal is to prevent fraud, spam, and abuse on the internet—and ultimately make web domains a better product, given the stagnation and unresolved trust issues highlighted in this blog—it raises an important question: should these assurances exist at the TLD level, or should claims be made at the individual domain level? I personally think they could exist at both levels, as each approach offers distinct advantages depending on the context. 

Claims at the TLD level are inherently more restrictive but can provide immediate, built-in trust by ensuring that every domain under the TLD meets specific verification standards. For example, a country-code TLD (ccTLD) and its delegate registrars could implement rigorous identity verification processes to ensure that registrants comply with regional presence requirements. While this would increase costs and impose greater restrictions, it could significantly enhance trust for domains operating under that TLD, which can then be sold for higher prices.

Similarly, new generic TLDs (gTLDs) could adopt a similar model tailored to their specific context. A gTLD aimed at legal professionals, for instance, could require registrants to verify their credentials as licensed attorneys. This would create a more trusted namespace for users seeking legal services. However, scalability and cost—especially the ongoing maintenance of such a verification process—must be carefully analyzed. Implementing and maintaining rigorous governance across thousands (or even millions) of domains would require significant resources. Balancing these operational concerns with the potential benefits of greater trust is critical to determining whether such an approach is viable in practice.

Historically, there has always been a tradeoff between openness and quality. A fitting analogy is the explosion of online content creation. With the rise of social media and blogging platforms, anyone can publish content, leading to a flood of low-quality material alongside valuable insights. While this democratization has benefits, it also dilutes the overall quality and makes it harder to distinguish credible sources. The same tension applies to domains—greater openness in registration lowers costs and fosters growth but increases the prevalence of spam, phishing, and low-value websites. However, we today have opportunities to mitigate these risks.

Imagine a future where claims at the domain level could dynamically provide information to consumers, helping them assess the integrity of a domain’s content and identity against their own criteria.

Unlike static claims baked into TLD governance, this approach would allow for greater flexibility while still enabling trust. Businesses could publish cryptographic claims about their identity, content, and governance, which consumers—or even automated systems—could verify before engaging. Beyond self-published assurances, domain owners could also link to external trust realms, authoritative systems of record, and established roots of trust that make claims about them. For example, if a corporate registry, a professional association, or a government entity verifies a business’s legitimacy and explicitly associates its domain as an identifier, it creates an additional layer of credibility. By aggregating these trust signals, businesses wouldn’t just be asserting their own legitimacy—they would be verifiably linked to third-party attestations, strengthening confidence in their digital identity.

Ultimately, both approaches can have their place. Governance at the TLD level can offer strong initial assurance by imposing strict requirements on registrants, making it ideal for scenarios where immediate trust is critical. Meanwhile, domain-level claims provide an opportunity for businesses to offer dynamic, verifiable assurances tailored to their specific audiences. Together, these layers of trust could create a more robust and resilient digital ecosystem—one where people can make informed decisions about who they trust and why.