North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: On-going Internet Emergency and Domain Names

  • From: Patrick Giagnocavo
  • Date: Mon Apr 02 23:18:55 2007



On Apr 2, 2007, at 10:27 PM, Douglas Otis wrote:

The suggestion was to preview the addition of domains 24 hours in advance of being published. This can identify look-alike and cousin domain exploits, and establish a watch list when necessary. A preview provides valuable information for tracking bad actors and for setting up more effective defenses as well.


And just how many humans would this require?


Or are you going to write a 12-kilobyte regex in Perl to do the work for you?

Do you know how many trademarks and words that represent companies there are in existence?

What about local lingo that might be misleading--like if you weren't familiar with college sports and thus "officialNittanyLions.com" (contrived example) didn't raise any red flags with you?

I could see perhaps a flag or a standard value to go into TXT (maybe part of the exiting SPF conventions) that indicate the age of the domain.

Then leave it up to the user as to what to do with that information (a mail server not allowing emails from domains less than 15 days old for example).

[True Story: I had a client who was a pastor of a church.

One time he calls me because somebody had used his computer, which was in his locked office, to surf what he was sure was "some kind of sick, filthy site".

What had actually happened was that the guy fixing his machine the night before (who had a key to all the offices) had left up a browser for the popular tech-tips site ExpertsExchange.com .

The pastor, not having heard of the site, read the lowercase site name in the browser bar as "ExpertSexChange.com". ]