DNSFilter should offer an option to one-click a button to block TLDs associated with malware. There are various lists that list the top offenders. This could be done dynamically. It would prevent the need to maintain a universal block list for TLDs.