-----BEGIN PGP SIGNED MESSAGE-----
The suggestion was to preview the addition of domains 24 hours in
advance of being published. This can identify look-alike and cousin
domain exploits, and establish a watch list when necessary. A preview
provides valuable information for tracking bad actors and for setting
<> up more effective defenses as well.
And just how many humans would this require?
Or are you going to write a 12-kilobyte regex in Perl to do the work
Do you know how many trademarks and words that represent companies
there are in existence?
What about local lingo that might be misleading--like if you weren't
familiar with college sports and thus "officialNittanyLions.com"
(contrived example) didn't raise any red flags with you?
I could see perhaps a flag or a standard value to go into TXT (maybe
part of the exiting SPF conventions) that indicate the age of the
Then leave it up to the user as to what to do with that information (a
mail server not allowing emails from domains less than 15 days old for
Good questions, all -- but having said that, there are certainly
ways to approach each of these. And of course, there will obviously
be things that fall through the cracks.
And having said that, something is better than nothing. The value
in matching newly registered domains, the registrants themselves,
the nameservers, MX records, and historical IP addresses as a matrix
operation is incrementally positive as the effort itself becomes also
incremental in the positive.
What I'm saying is this: Historical reputation systems, coupled with
intelligence on known malware domains, observed fast-flux'ers, etc.,
gives some measure of control.
You still have to do an enormous amount of weeding, but again,
this is an endeavor that can be undertaken by private and
commercial organizations, as long as the domain registration
process is changed only slightly, to allow for a minor delay
between toe time that the registration(s) are made, and the time
that they become "live".
As it stands now, everyone gets pretty much blind-sided by domains
that crop up solely for the sake of malfeasance.
I'm not sure I articulated that very well, but there it is.
- - ferg