What are your thoughts on basic suggestions such as:
1. Allowing registrars to terminate domains based on abuse, rather than
just fake contact details.
I don't like this because its impossible to define abuse clearly enough in
this context.
If a fictitious web-shop 'nice-but-dim.com' get a box owned which has the
reverse dns set to something in that zone, is this abuse ? Yes .. sort of,
but it's no business of the registry. Is registering a domain name which
causes offense to some people abuse ? It might be, but its no reason not to
let the domain name registration go through. What if you and I fall out, and
I manage to build a case against you to get linuxbox.org de-registered ? Do
you want to spend time and effort fighting it ?
Who arbitrates/polices this scheme ?
Who pays for any mistakes ?
I think the shutdown of seclists.org by GoDaddy is a perfect example of
exactly why the registrars should NOT be making these decisions.
And exactly what good is 24 hour notice (as some people have suggested)
going to do? With 2 million domains registered every single day (according
to a recent techworld article) who could possibly go through such a list
and make informed decisions?
If you want a really simple, and probably very effective first step-
then stop domain tasting. It doesn't help anyone but the phishers.
An even better idea would be for companies to send out their own phishing
emails. Every user that falls for it gets an email/phone call informing
them just how stupid they are and notifying them that if they fall for it
again they are going to lose their account. The next time fall for it you
shut down their account.
Seriously though- why do we keep blaming the infrastructure for the mind
boggling stupidity of users?
-Don
