As a way to block some “low hanging fruit” is it still generally a good idea to block risky Top Level Domains on your corporate network internet gateway?
I know that many phishing sites are now using quick website builder sites ([Canva.com](https://Canva.com), etc), AWS, Azure, etc. so those wouldn’t be blocked. However, I wonder if blocking obviously risky/bad TLD’s that there is no business use for is still advisable. Blocking things like .zip, .work, .party, .ru, .ca, etc.