homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Domain Names
Forum Library, Charter, Moderators: buckworks & webwork

Domain Names Forum

Why don't registrars defend against phishing-style domain names?

 9:51 pm on Jul 10, 2005 (gmt 0)

I was just checking out some of the devious work done by phishing scams. It seems to me that to be really successful, these phishermen use a clear knock-off of a well known domain -- paypal and ebay being high on the list.

Maybe I'm being naive here, but why aren't registrars a first line of defense here, at least on the names of the biggest online services, major banks and credit cards? Seems like it would be an easy thing to raise a red flag on a requested regitration for any name that contains "paypal", as an example.



 1:49 am on Jul 11, 2005 (gmt 0)

"hey, we would like to pay you money for domains"
"sorry, but we wont take your money because of the potential to upset some people"

its all about the money... that plus if they did it with some companies they would have to do it with all of them, and thats just not practical.


 2:16 am on Jul 11, 2005 (gmt 0)

Whay aren't companies asked to register the IP that they send email from, which can be checked against a list? Wrong IP, email not sent. Gmail does something very close to that, they verify the IP, (at least from e-bay and Paypal), and provide a warning that the IP doesn't match.


 5:00 am on Jul 11, 2005 (gmt 0)

You mean e-mail validation something like SPF? [spf.pobox.com ]


 5:55 am on Jul 11, 2005 (gmt 0)

Exactly like that. Sorry Tedster, I know that doesn't answer the question, but it is not the domain that's the real problem, it's the email. Most folks don't even know how to view headers, let alone interpret them. Stop the false email.

In short, don't make me think.


 8:21 pm on Jul 11, 2005 (gmt 0)

Well SPF and its like are a good step in the right direction against phishing. It is also being touted as a fix for SPAM, unfortunately in that case it is overstated, as I can see ways of SPAMming and even with SPF in place.


 7:18 pm on Jul 12, 2005 (gmt 0)

I believe Gmail uses DomainKeys.


 2:15 pm on Jul 13, 2005 (gmt 0)

In that case, guys, how about letting your thoughts on this subject be known at you-
know-where? ;)

And yeah, you're being naive, tedster. :)

Fortunately, there are some registrars out there who will take time to handle this. However,
it's a matter of finding out who. (I have 1-2 candidates in mind who, I'm sure, will indeed
proactively handle this issue...)

Not to mention there are hardly any laws authorizing registrars to handle this. (I think...)


 10:10 pm on Jul 13, 2005 (gmt 0)

To answer your question, I don't believe the registrars want to or are even allowed to be the domain name police. Who is to say that a misspelling of paypal is incorrect? Perhaps it's a perfectly legitimate reason.


 11:51 am on Jul 14, 2005 (gmt 0)

By the way, guys, Tedster just approved my request to post this link: spoofstick.com [spoofstick.com].
It's available for both IE and Firefox users, so go check it out!

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / Domain Names
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved