While I agree in concept that this is not how the internet runs, and I am
not proposing a domain name police force be instituted, it seems to me
that things like this are easily caught. Not to mention, the purpose of
them is clear.
Someone is... or trying to, at least, watch and contact the
responsible owners/registrars, but in some cases they aren't
apparently eager to assist.
Some registrars are good and some are bad and without better controls
being developed by ICANN, user-based reputation system will eventually
come in and will be greatly despised by registrars (like many ISPs
do not like RBLs) but nonetheless widely used by users.
Shouldn't someone be watching these, though?
root@sodium:~# whois paypal.com
Above are hostnames under another domain that were registered as nameservers
(which seems to be mostly for fun so it would show up in whois for those using less-then-smart whois clients). I don't think above names have anything to do with phishing at all since for phishing one could easily just setup host "paypal.phisherdomain.com" (without any registration in whois), but that is not widely used and a lot more common are attempts at something like paypa1.com.