On Mon, Nov 02, 2009 at 12:49:52PM +0000, Florian Weimer wrote: > * Rich Kulawiec: > > > So of course they're in favor of .mobi and .info and .pro and > > as many more variations as possible, because every time another > > one is launched, they get to do this all over again. > > But this whole thing only works if new TLDs are relatively rare. If > they aren't, the whole scheme breaks down.
I don't see that at all. If 100 random gTLDs were created tomorrow, then abusers would try to do the same trick in every single one of them. There's no reason for them not to: it's cheap (especially if they're running a registrar or have a deal with one), it's easy, and they only need to succeed a fraction of the time for it to pay off. And *of course* the registrars will fall all over themselves to accomodate them: all they care about is their profits, absolutely nothing else. This is why I permanently blacklisted .info a long time ago, and consider it a best current practice in anti-spam engineering. The FP rate is far below that of costly, inferior and obsolete methods like content scanning. (And yes, of course it's always possible to whitelist for the poor chumps who wasted money on .info domains.) Same for .mobi, same for .pro, same for others: blacklist and forget. ---Rsk _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
