This informal CPD article ‘The 2026 new gTLD round could reshape the Domain name System’ was provided by Lexsynergy, an organisation that helps brands navigate the domain landscape with clear strategy, secure domain management and effective online brand protection services.
More than a decade after the last major expansion of the domain name system, the Internet Corporation for Assigned Names and Numbers (ICANN) is preparing to open the next application round for new generic top-level domains (gTLDs) in 2026 (1).
The 2012 round introduced hundreds of new extensions and permanently altered the structure of the Domain Name System (DNS) (2). The 2026 round is expected to expand it further, potentially adding a significant number of new generic strings to an already complex namespace.
This is not merely an industry milestone. It represents a structural shift that organisations, security teams and digital risk leaders need to understand, whether they intend to apply for a TLD themselves or not. The importance of 2026 lies less in participation and more in preparedness.
A broader namespace means broader exposure
Every new gTLD increases the available surface area of the DNS. While new extensions can create innovation opportunities, geographic identity markers, sector specific ecosystems and digital differentiation, they also expand the combinatorial possibilities for domain registration and the number of possible permutations of brand names across the namespace (3).
With each additional generic string comes greater potential for impersonation, phishing infrastructure, lookalike domain abuse, fraudulent email operations and traffic diversion. The dynamic is straightforward: the more extensions available, the greater the registration combinations that must be considered.
In 2012, many organisations underestimated how quickly new spaces would be used for malicious activity. In 2026, domain-based fraud is faster, more automated and more infrastructure driven (4). An influx of new generic TLDs will introduce fresh territory into an already active threat landscape.
The threat environment has evolved since 2012
The previous round took place in a very different threat landscape. Phishing volumes were lower. SMS-based fraud had not yet scaled globally. Automated domain registration, certificate provisioning and rapid infrastructure rotation were less industrialised. Abuse monitoring tools were less advanced, but so were attacker capabilities.
In 2026, the conditions are different. Domains can be registered in bulk within minutes. SSL certificates can now be issued automatically at scale. Email authentication frameworks such as SPF, DKIM and DMARC can be configured to increase deliverability and credibility (5). Infrastructure can be deployed and abandoned rapidly to avoid detection.
An expanded namespace under these conditions carries different implications than it did twelve years ago. New generic strings may become attractive channels for opportunistic registration, particularly during early launch phases when monitoring and defensive measures are still adjusting.
Opportunity and innovation remain part of the equation
The expansion of the DNS is not solely a risk narrative. New gTLDs can enable sector led ecosystems, community identity, regional branding and new commercial models. Industry specific extensions may foster trust if supported by strong governance. Geographic strings can reinforce local digital presence. Emerging technology sectors may pursue namespace control aligned to their communities.
The DNS has always evolved through expansion. However, innovation and risk scale together. The strategic question for organisations is not whether new gTLDs are positive or negative, but how to position themselves within a larger and more fragmented namespace.
Defensive strategy becomes more complex
As additional gTLDs are delegated, the question of defensive registration inevitably resurfaces. Registering a brand name across every new extension is rarely sustainable. The cost, administrative burden and monitoring overhead can escalate quickly. Yet ignoring new spaces entirely may introduce blind spots.
This is where registry level domain blocking mechanisms become increasingly relevant. Blocking services prevent third parties from registering a protected string across multiple participating TLDs. Rather than responding after abuse occurs, blocking operates at a preventive layer.
As the namespace expands, preventive controls become more scalable than reactive enforcement. One of the distinguishing features of how blocking models are evolving is their ability to expand coverage as additional participating extensions are added over time. In practice, this means an organisation can secure protection early and automatically benefit from future additions to the programme without renegotiating protection each time the namespace grows.
That model becomes particularly relevant ahead of a major expansion round. The earlier protection is established, the more value may accrue as new TLDs enter scope.
Blocking is not universal, and coverage varies by registry and policy framework. However, as the number of generic strings increases, coordinated preventive strategies may offer a more efficient approach than fragmented defensive registrations. In an automated threat landscape, prevention often proves more efficient than remediation.
Domain blocking mechanism
Monitoring must adapt to a wider DNS
An influx of new TLDs also reshapes detection models. Brand monitoring systems must incorporate newly delegated extensions promptly. Threat intelligence workflows must adjust to additional zones. Abuse teams must understand sunrise periods, general availability timelines and registry-specific rights protection mechanisms (6). Early launch phases can create short windows of opportunity for malicious actors if defensive visibility lags behind delegation.
The 2026 round therefore requires more than awareness of new strings. It demands operational readiness across monitoring, blocking and enforcement frameworks. Organisations that treat the expansion as a procedural industry event may find themselves reacting to abuse rather than anticipating it.
For some, control of the namespace itself will be the strategy
While much of the discussion around 2026 centres on exposure and defence, some organisations will evaluate a more structural response: operating their own top-level domain. A dotBrand gTLD represents a different governance model. Rather than defending across an expanding array of third-party extensions, an organisation can define naming rules, issuance policies and security standards within its own namespace. If a domain does not exist within that defined structure, it is inherently unauthorised.
However, operating a gTLD is not simply a branding exercise. It involves sustained operational responsibility, registry infrastructure, abuse management capability and compliance with ICANN contractual obligations (7). It shifts an organisation from being a participant within the DNS to being a steward of part of it. For some enterprises, that level of control aligns with long term digital identity strategy. For others, the operational demands may outweigh the benefits.
The 2026 round presents multiple strategic paths, direct participation, preventive blocking, selective defensive registration or a combination of approaches. Understanding these options is more important than defaulting to any single one.
A structural moment for namespace governance
The upcoming round is not simply an administrative reopening of applications. It marks another structural moment in DNS evolution. The namespace will grow. The potential attack surface will expand. So will the opportunities for innovation, differentiation and governance led trust.
The central issue for organisations is not whether they will apply for a TLD. It is whether they understand how a larger DNS ecosystem alters exposure, enforcement complexity and defensive strategy.
In 2012, the expansion was often framed around experimentation and digital novelty. In 2026, it must be assessed through the lens of infrastructure scale, governance maturity and risk management. Those who prepare for a broader namespace, rather than simply reacting to it, will be better positioned as the DNS enters its next phase.
We hope this article was helpful. For more information from Lexsynergy, please visit their CPD Member Directory page. Alternatively, you can go to the CPD Industry Hubs for more articles, courses and events relevant to your Continuing Professional Development requirements.
References
(1) ICANN, “New gTLD Program: 2026 Round.”
https://newgtldprogram.icann.org/en/application-rounds/round2
(2) ICANN, “2012 New gTLD Round.”
https://newgtldprogram.icann.org/en/application-rounds/round1
(3) ICANN, “History of the New gTLD Program.”
https://www.icann.org/resources/pages/newgtlds-history-2023-04-05-en
(4) Interisle Consulting Group, “Phishing Landscape 2025: An Annual Study of the Scope and Distribution of Phishing.”
https://interisle.net/insights/phishing-landscape-2025-an-annual-study-of-the-scope-and-distribution-of-phishing
(5) Let’s Encrypt, “How It Works”;
https://letsencrypt.org/how-it-works/
(6) ICANN, “Rights Protection Mechanisms & Dispute Resolution Procedures.”
https://www.icann.org/en/contracted-parties/registry-operators/services/rights-protection-mechanisms-and-dispute-resolution-procedures
(7) ICANN, “Base Registry Agreement”; ICANN, “DNS Abuse Mitigation Program.”
https://newgtldprogram.icann.org/en/application-rounds/round2/interested-in-applying/new-gtld-application/base-registry-agreement
