Blocking top level domains

Blocking top level domains can be tricky

Geographic considerations: If your organization does not do business with certain countries or regions, it may make sense to block TLDs associated with those locations. For example, if you have no business interests in China or Russia, blocking .cn and .ru TLDs could help reduce the risk of cyberattacks from those regions. Malware comes from every country so best to conduct an exercise on what regions you do business with. There are some exceptions

.ms (used by microsoft)

.co (columbia but can block .co.uk and .com if your rule is not specific)  used by companies that can't get a .com iptel.co, adobe.co

.in (india but used by companies like logme.in, linked.in)

 .lt .jp .gr .es .pl (used by tech companies)

Business considerations: If your organization relies heavily on certain TLDs for business operations or communication with clients, it would be prudent to allow those TLDs. For example, if you frequently communicate with clients using email addresses that end in .com, it would be counterproductive to block that TLD.

Security considerations: Some TLDs are associated with higher levels of risk than others. For example, TLDs such as .cc .xyz, .top, and .loan have been associated with high levels of spam and malicious activity, so it may be wise to block those TLDs.

Brand considerations: Some TLDs are associated with well-known brands, and blocking those TLDs could inadvertently block legitimate traffic. For example, blocking .co could also block legitimate traffic to sites such as adobe.co, bbc.co, and others.

Ultimately, the decision to block or allow specific TLDs should be based on a risk assessment specific to your organization, taking into account factors such as geographic location, business needs, security risks, and brand considerations.

Do an assessment, block TLDs, review what is blocked and allow specific / needed domains.