William Tan <[EMAIL PROTECTED]> wrote: > some "commercial" ccTLDs are actually very liberal in their IDN > implementations as well. An example would be nic.tm, which permits > any Unicode character allowed by IDNA.
Yes, and I supposed they should be added to the blacklist as they are discovered, but I think getting the Verisign TLDs (.com and .net) into the blacklist will accomplish most of the benefit to be had from this approach. It's not like the phishers can move all their attacks to .tm after they get shut out of .com and .net, because there aren't nearly as many targets in .tm. How many users have sensitive trust relationships with sites in .tm (and .nu, etc)? AMC
