ICANN/GNSO GNSO Email List Archives

[registrars]

<<< Chronological Index >>>    <<< Thread Index >>>

RE: [registrars] Motion to adopt Tasting Position Statement

  • To: "Eric Brunner-Williams" <brunner@xxxxxxxxxxx>, "Tim Ruiz" <tim@xxxxxxxxxxx>
  • Subject: RE: [registrars] Motion to adopt Tasting Position Statement
  • From: "Laura Mather" <laura.mather@xxxxxxxxxxxxxxx>
  • Date: Mon, 12 Nov 2007 09:52:25 -0800
  • Cc: "Registrars Constituency" <registrars@xxxxxxxxxxxxxx>
  • In-reply-to: <4734E015.9060206@nic-naa.net>
  • List-id: registrars@xxxxxxxxxxxxxx
  • Sender: owner-registrars@xxxxxxxxxxxxxx
  • Thread-index: AcgjIleKY0gXMHCsRl6y9oV8KTgnBQCMZP5g
  • Thread-topic: [registrars] Motion to adopt Tasting Position Statement
Hi everyone-

I am chair of the Anti-Phishing Working Group DNS sub-committee.  The
sub-committee recently performed a study on the use of domain name
tasting by phishers.  

The conclusions of the study were: 
1) Two independent analyses of phishing and domain tasting data showed
no correlation between tasting and phishing.
2) Although there have not been formal studies of the impact of domain
tasting on the fight against phishing, anecdotal information provided by
first responders strongly suggests that the several orders of magnitude
of domains registered and deleted daily adds considerable delay to
phishing detection, isolation and takedown procedures.

The full text of the study can be found here:
http://www.antiphishing.org/reports/DNSPWG_ReportDomainTastingandPhishin
g.pdf 

Please let me know if you have additional questions for the
sub-committee.

-Laura

> -----Original Message-----
> From: owner-registrars@xxxxxxxxxxxxxx [mailto:owner-
> registrars@xxxxxxxxxxxxxx] On Behalf Of Eric Brunner-Williams
> Sent: Friday, November 09, 2007 2:33 PM
> To: Tim Ruiz
> Cc: Registrars Constituency
> Subject: Re: [registrars] Motion to adopt Tasting Position Statement
> 
> 
> Tim,
> > The Registrars Constituency (RC) has not reached Supermajority
> > support for a particular position on Domain Name Tasting.
> This puts a (process) conclusion ahead of any (policy) ballot. I
suggest
> not making (process) comments, after all, in theory we could reach a
> two-thirds position among the voting RC members.
> 
> I think we should put the stability and security issue up front. Phish
> live for days, and the volume of tasting registrations makes it wicked
> difficult to create mechanisms which rely upon this critical temporal
> property -- registrations in the first tens of hours of life -- to
> detect and change A records used in Phish. Part of the energy for
WHOIS
> comes from the claim that without WHOIS Phish can't be caught. We
don't
> want to make that belief more credible than it already is.
> 
> I'll talk to the anti-Phish TF folks and get back to the RC, unless
> someone already has some text ready to go.
> 
> Eric
<<< Chronological Index >>>    <<< Thread Index >>>