Welcome to WebmasterWorld Guest from 54.144.243.34

Forum Moderators: buckworks & webwork

Why don't registrars defend against phishing-style domain names?

   
9:51 pm on Jul 10, 2005 (gmt 0)

WebmasterWorld Senior Member tedster is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I was just checking out some of the devious work done by phishing scams. It seems to me that to be really successful, these phishermen use a clear knock-off of a well known domain -- paypal and ebay being high on the list.

Maybe I'm being naive here, but why aren't registrars a first line of defense here, at least on the names of the biggest online services, major banks and credit cards? Seems like it would be an easy thing to raise a red flag on a requested regitration for any name that contains "paypal", as an example.

1:49 am on Jul 11, 2005 (gmt 0)

10+ Year Member



"hey, we would like to pay you money for domains"
"sorry, but we wont take your money because of the potential to upset some people"

its all about the money... that plus if they did it with some companies they would have to do it with all of them, and thats just not practical.

2:16 am on Jul 11, 2005 (gmt 0)

WebmasterWorld Senior Member digitalghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Whay aren't companies asked to register the IP that they send email from, which can be checked against a list? Wrong IP, email not sent. Gmail does something very close to that, they verify the IP, (at least from e-bay and Paypal), and provide a warning that the IP doesn't match.
5:00 am on Jul 11, 2005 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



You mean e-mail validation something like SPF? [spf.pobox.com ]
5:55 am on Jul 11, 2005 (gmt 0)

WebmasterWorld Senior Member digitalghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Exactly like that. Sorry Tedster, I know that doesn't answer the question, but it is not the domain that's the real problem, it's the email. Most folks don't even know how to view headers, let alone interpret them. Stop the false email.

In short, don't make me think.

8:21 pm on Jul 11, 2005 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member



Well SPF and its like are a good step in the right direction against phishing. It is also being touted as a fix for SPAM, unfortunately in that case it is overstated, as I can see ways of SPAMming and even with SPF in place.
7:18 pm on Jul 12, 2005 (gmt 0)

10+ Year Member



I believe Gmail uses DomainKeys.
2:15 pm on Jul 13, 2005 (gmt 0)

10+ Year Member



In that case, guys, how about letting your thoughts on this subject be known at you-
know-where? ;)

And yeah, you're being naive, tedster. :)

Fortunately, there are some registrars out there who will take time to handle this. However,
it's a matter of finding out who. (I have 1-2 candidates in mind who, I'm sure, will indeed
proactively handle this issue...)

Not to mention there are hardly any laws authorizing registrars to handle this. (I think...)

10:10 pm on Jul 13, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



To answer your question, I don't believe the registrars want to or are even allowed to be the domain name police. Who is to say that a misspelling of paypal is incorrect? Perhaps it's a perfectly legitimate reason.
11:51 am on Jul 14, 2005 (gmt 0)

10+ Year Member



By the way, guys, Tedster just approved my request to post this link: spoofstick.com [spoofstick.com].
It's available for both IE and Firefox users, so go check it out!
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month