On-going Internet Emergency and Domain Names

Hash: SHA1

The suggestion was to preview the addition of domains 24 hours in
advance of being published. This can identify look-alike and cousin
domain exploits, and establish a watch list when necessary. A preview
provides valuable information for tracking bad actors and for setting

<> up more effective defenses as well.

And just how many humans would this require?

Or are you going to write a 12-kilobyte regex in Perl to do the work

for you?

Do you know how many trademarks and words that represent companies

there are in existence?

What about local lingo that might be misleading--like if you weren't

familiar with college sports and thus "officialNittanyLions.com"
(contrived example) didn't raise any red flags with you?

I could see perhaps a flag or a standard value to go into TXT (maybe

part of the exiting SPF conventions) that indicate the age of the

Then leave it up to the user as to what to do with that information (a

mail server not allowing emails from domains less than 15 days old for

Good questions, all -- but having said that, there are certainly
ways to approach each of these. And of course, there will obviously
be things that fall through the cracks.

And having said that, something is better than nothing. The value
in matching newly registered domains, the registrants themselves,
the nameservers, MX records, and historical IP addresses as a matrix
operation is incrementally positive as the effort itself becomes also
incremental in the positive.

What I'm saying is this: Historical reputation systems, coupled with
intelligence on known malware domains, observed fast-flux'ers, etc.,
gives some measure of control.

You still have to do an enormous amount of weeding, but again,
this is an endeavor that can be undertaken by private and
commercial organizations, as long as the domain registration
process is changed only slightly, to allow for a minor delay
between toe time that the registration(s) are made, and the time
that they become "live".

As it stands now, everyone gets pretty much blind-sided by domains
that crop up solely for the sake of malfeasance.

I'm not sure I articulated that very well, but there it is. :slight_smile:

- - ferg