Re: HTML email, was Re: Phishing and BGP Blackholing

[Joe Provo <nanog-post () rsuc gweep net>]

On Thu, Jan 18, 2007 at 07:05:25AM -0800, Matthew Black wrote:
[snip]
> This presupposes that corporations have a more significant claim
> to domain names than individuals. 

Wrong; that kind of policy does -and did when enforced back in 
the InterNIC days when the generic TLDs were meaningful- no such 
thing. 

> Does anybody recall the fiasco
> between ETOY.COM and ETOYS.COM? The former was created by an artist
> years before the now defunct toy retailer. ETOYS' corporate bullying
> took away the artist's longstanding domain claiming it might confuse
> consumers.

Wrong again; etoy won. I'm sure I'm not alone for having my copy
of the toywar soundtrack and share[s].

> That is the real problem.

Post-NSF, the failure of a distributed directory naturally lead 
to the dns & whois being treated as one.  In hindsight, any 
managed list wasn't what was needed, but certainly seemed natual 
to ma bell. A more dynamic, less-intermediated service *was* 
needed and the collective we worked around the problem, 
unfortunately pushing it down into the infrastructure.  The 
thing that rankles me most is that is where it frankly shouldn't 
*matter*, but there was this great hammer so naturally 'we' could
pound the nail...

> Phishing problems will not be corrected without multinational
[snip]

...reputation clearinghouses, one of the many drums long beaten 
by the anti-spam and general anti-abuse camp, is the answer. Like 
the other such drums before it, folks will listen well after it 
is too late and only after it directly affects them.

Cheers,

Joe

-- 
             RSUC / GweepNet / Spunk / FnB / Usenix / SAGE