[jeroenhd]

Most phishing I've encountered comes from .com, in my experience. Everything but ccTLDs seems to be listed in some kind of spam filter (I tried to email from a personal .xyz domain for a while, it just doesn't work). .ru is also quite popular for some reason, but that seems to be mostly untargeted phishing attemps. Most shit comes from legitimate(-looking) gmail.coms and outlook.coms.

I have a feeling people trust .com and .net more than they trust .zip and .mov. Without .com, the URL just looks weird to some people.

I can see why you dislike new TLDs if you're trying to protect your company, but you'll always have that problem. It's not like you're going to transfer money to the Taliban to register yourcompany.af, but criminals don't care, the money they transfer is probably stolen anyway.

One exception is the fact that there's an international bank called "ING". They've already registered bank.ing but I don't think they can come close to claiming all possible phishing attempts for their customer base.

[gorkish]

While what you say is completely true, unfortunately how I do my own security has very little to do with how my customers do their security. I see ccTLD and gTLD used in spearphishing and domain impersonation attacks on a frequent enough basis that I have form letters for the abuse reports. Start collecting some backscatter with a DMARC policy and you might be surprised at what you discover.