[policy] When Tech Meets Policy...

Douglas Otis dotis at mail-abuse.org
Tue Aug 14 00:48:36 UTC 2007


On Aug 13, 2007, at 2:01 PM, Carl Karsten wrote:

> I am not sure tasting is criminal or fraud.

Tracking domain related crime is hindered by the millions of domains  
registered daily for "domain tasting."  Unregistered domains likely  
to attract errant lookups will not vary greatly from unregistered  
domains useful for phishing.  The large flux in domain names  
significantly inhibits anti-phishing efforts.

Although some may see delays in publishing as problematic, often  
domain facilitated crime depends upon the milli-second publishing  
rapidity used to evade protective strategies.  A publishing process  
that offers notification will allow protection services a means to  
stay ahead of criminals.  Exceptions could be granted on an exigent  
or emergency basis, where of course additional fees might be required.

Just as background checks are normally part of the hand gun trade, a  
background check should be normally part of the domain trade.  Many  
are deceived by "cousin" domains frequently used in crimes netting  
billions in losses.  Money garnered by capturing errant domain  
entries can not justify criminal losses that are likely to have been  
otherwise prevented.  Domain tasting is worse than a disgrace.

For domains to play any role in securing email, a published MX record  
should become a necessary acceptance requirement.  Using MX records  
also consolidates policy locales which mitigates some DDoS concerns.

-Doug






More information about the NANOG mailing list