Since the kinds of people who typo squat probably don't care about setting up MTAs properly, and probably care less for standards; how do we prevent them abusing partitions, slow networks, and/or high pre-URS TTLs to "guide" emails to their servers that don't/won't respect a lower level MX record? Wouldn't it be easy enough for the typo squatters to "pre-cache" the MX / A records on major ISP's recursive servers at the time of registration with very high TTLs to circumvent this strategy?
Actually, I've never seen typosquats doing anything with mail other than perhaps setting up a mail server to collect inquiries from buyers and one odd startup that wants to monetize bounce messages. (Don't ask.) The problem is more subtle. As brands have gotten better at authenticating their real mail, it's gotten much harder to get a phish delivered with a return address like security@paypal.com. So instead they use lookalike domains, e.g., security@paypaI.tld, or security@paypal-validation.tld. That's much harder to defend against since it's effectively impossible to mechanically identify names that look like other names in a fraudulent way. So what you want to do when you suspend a typosquat is to publish as clearly as possible that this isn't a valid mail domain. A null MX record is part of it, but you also need SPF, DMARC, and some other stuff. ICANN's proposing a wildcard to catch *.whatever.tld, which makes things harder but not impossibly so. The point of this rant is that if ICANN or whoever is going to design this, they need help from people who are more familiar with the security issues, who can tell them what they need to specify and what they don't need to bother with. R's, John