Hi, so - cutting through a lot to discern a kernel of meaning - you decry the speculation-extortion cycle that drives part of the domain-name market (except for Anguilla, of course!, registering .ai names at 180 USD a pop + 250 annual renewal) and think that only people who are vetted for good intentions should register domain namess? Am I missing something? I have tried to state this in a way amenable to translation into Spanish to help readers. And, isn't that what the KYC - "Know your client" - initiatives floating around are about? In the meantime - and it's a very mean time - are you actually opposing the takedown of massively registered domain names, when these registrations are "specifically to carry out a criminal act"? Whom is that opposition serving? Alejandro Pisanty ________________________________ De: lac-discuss-en <lac-discuss-en-bounces@atlarge-lists.icann.org> en nombre de Carlton Samuels <carlton.samuels@gmail.com> Enviado: martes, 5 de septiembre de 2023 10:05 a. m. Para: LAC-Discuss-en Asunto: [lac-discuss-en] Scope and Distribution of Phishing - InterIsle 2023 Report Here it is: https://interisle.net/PhishingLandscape2023.html So the reporter makes this key acknowledgement: "Two-thirds of domain names reported for phishing across all TLDs were registered specifically to carry out a criminal act. Preventing the registration of these domains, and taking them down quickly, should be a priority for the domain name industry." Due process aside, no it is not priority! DNS expansion is predicated on more domain names for rent. Year after year, these reports have been telling us that domain names utilised in these scams are acquired just as the business model and market practice intended. So a 'stop the steal' response at the acquisition stage is likely a non-starter. At least I don't discern an appetite for remediation by going to the root of this in the entire value chain, ICANN to the registry. Preventive action would require a zero trust procedure that lumps together before the fact criminals with legitimate acquirers, same process for all. Seems to me the first step of this would be establishing identity, closely followed by a regime involving the acquirer declaring a reason for the acquisition with enforceability attached. Will not fly, reasons more than you can count. So one is left to catch the miscreants after the fact, which requires establishing territoriality of injury and then collaboration with the regular terrestrial law enforcement. Therein lies the greater challenge to remediation. Carlton ============================== Carlton A Samuels Mobile: 876-818-1799 Strategy, Process, Governance, Assessment & Turnaround ============================= ---------- Forwarded message --------- From: Justine Chew via CPWG <cpwg@icann.org<mailto:cpwg@icann.org>> Date: Mon, 4 Sept 2023 at 18:21 Subject: [CPWG] Interisle's Phishing Landscape 2023: An Annual Study of the Scope and Distribution of Phishing To: CPWG <cpwg@icann.org<mailto:cpwg@icann.org>> https://interisle.net/PhishingLandscape2023.html https://circleid.com/posts/20230903-phishing-attacks-surge-despite-increased... _______________________________________________ CPWG mailing list CPWG@icann.org<mailto:CPWG@icann.org> https://mm.icann.org/mailman/listinfo/cpwg