From: Patrick Giagnocavo (no email)
Date: Mon Apr 02 2007 - 23:13:23 EDT
On Apr 2, 2007, at 10:27 PM, Douglas Otis wrote:
> The suggestion was to preview the addition of domains 24 hours in
> advance of being published. This can identify look-alike and cousin
> domain exploits, and establish a watch list when necessary. A preview
> provides valuable information for tracking bad actors and for setting
> up more effective defenses as well.
>
And just how many humans would this require?
Or are you going to write a 12-kilobyte regex in Perl to do the work
for you?
Do you know how many trademarks and words that represent companies
there are in existence?
What about local lingo that might be misleading--like if you weren't
familiar with college sports and thus "officialNittanyLions.com"
(contrived example) didn't raise any red flags with you?
I could see perhaps a flag or a standard value to go into TXT (maybe
part of the exiting SPF conventions) that indicate the age of the
domain.
Then leave it up to the user as to what to do with that information (a
mail server not allowing emails from domains less than 15 days old for
example).
[True Story: I had a client who was a pastor of a church.
One time he calls me because somebody had used his computer, which was
in his locked office, to surf what he was sure was "some kind of sick,
filthy site".
What had actually happened was that the guy fixing his machine the
night before (who had a key to all the offices) had left up a browser
for the popular tech-tips site ExpertsExchange.com .
The pastor, not having heard of the site, read the lowercase site name
in the browser bar as "ExpertSexChange.com". ]
|
|
|