So the reporter makes this key acknowledgement:
"Two-thirds of domain names reported for phishing across all TLDs were registered
specifically to carry out a criminal act. Preventing the registration of these
domains, and taking them down quickly, should be a priority for the domain name
industry."
Due process aside, no it is not priority!
DNS expansion is predicated on more domain names for rent. Year after year, these reports have been telling us that domain names utilised in these scams are acquired just as the business model and market practice intended.
So a 'stop the steal' response at the acquisition stage is likely a non-starter. At least I don't discern an appetite for remediation by going to the root of this in the entire value chain, ICANN to the registry.
Preventive action would require a zero trust procedure that lumps together before the fact criminals with legitimate acquirers, same process for all. Seems to me the first step of this would be establishing identity, closely followed by a regime involving the acquirer declaring a reason for the acquisition with enforceability attached. Will not fly, reasons more than you can count.
So one is left to catch the miscreants after the fact, which requires establishing territoriality of injury and then collaboration with the regular terrestrial law enforcement. Therein lies the greater challenge to remediation.
Carlton
==============================
Carlton A Samuels
Mobile: 876-818-1799
Strategy, Process, Governance, Assessment & Turnaround
=============================