Launched in 2016, the .xyz top level domain was meant to be the top level domain "for everyone". It really was the TLD "for everyone" because it's incredibly cheap to get started with domains starting at just $1 for the first year and $8 for the renewal. The way it's marketed, it's the TLD for businesses trying to reach "Generation XYZ" as well as for the Average Joe or Jane that wants to set up a non-commercial simple website. "For every website, everywhere" is the tagline on the registry's website.
Despite all this fluff, there is a lot of issues with using a .xyz domain that people need to be made aware of before buying a domain.
Recently I applied for a role at a company that uses a third party HR service to process applications and scheduling interviews. I saw this as a good use case for using my domain I use specifically for email forwarding so that my day-to-day email address doesn't risk being a part of some online data breach somewhere (it also helps with tracking my emails). I have chuckcarroll.xyz set up in a way that anything in front of @chuckcarroll.xyz will be automatically sent to my primary email account and when I reply it will still come from my .xyz domain.
After applying for the role, I received an email a few weeks later that my application was reviewed and the company was interested in setting up a series of interviews. I replied with my availability for the week but didn't hear back for several days. I responded again the following week because I hadn't heard anything. Still no response. The next day I received a follow email from the recruiter asking if I was still interested role, along with another email about 30 minutes later apologizing and that my two follow ups were automatically marked as spam.
Some wireless carriers such as T-Mobile here in the US straight up block any SMS messages that contain a .xyz URL. (They also block any text message with an Odyssey link, for what reason I don't know). I tried this with a buddy of mine who uses T-Mobile, sending him both a .co and .is links and he received both. However, when I sent him a .xyz link, he never received it, not did I get any notification that it had been blocked.
My assumption here is that because these domains are cheap, they're being used for spamming and phishing attacks. I understand the security aspect, however, as a wireless carrier and SMS service provider, they should not be blocking any message I send or any message I receive. There must be a better solution than blocking an entire top level domain from being sent over your network.
I don't know this from first hand experience, but I've seen posts online pointing out that sharing links ending in .xyz to social media platforms and their corresponding messaging apps will more than likely get flagged as spam.
This ties into my first point, but some websites and online services such as Steam block any email addresses ending in .xyz either entirely, or you'll sign up only to have you submission go into oblivion. Now that I think about it, there's several forums I've signed up for that were never approved, again likely because it's marked as spam and the approver never sees it.
I understand the need to protect users from spam and phishing attacks, but anecdotally I've received far more spam from Gmail accounts and received shady links from .com URLs more than .xyz. In fact, according to Spamhaus, more spam comes from .com TLDs than .xyz TLDs.
This website originally used chuckcarroll.xyz before I changed it to chuck.is, and I will own it until 2028. At this point I feel like I've wasted money on a "unique" non-commercial domain. In the future, I don't think I'll be using my .xyz domain for any work related things. If you're considering a domain, my recommendation is to avoid .xyz entirely (or at least for now).
Thanks for reading. Feel free to send comments, questions, or recommendations to email@example.com.