Hi everyone- I am chair of the Anti-Phishing Working Group DNS sub-committee. The sub-committee recently performed a study on the use of domain name tasting by phishers. The conclusions of the study were: 1) Two independent analyses of phishing and domain tasting data showed no correlation between tasting and phishing. 2) Although there have not been formal studies of the impact of domain tasting on the fight against phishing, anecdotal information provided by first responders strongly suggests that the several orders of magnitude of domains registered and deleted daily adds considerable delay to phishing detection, isolation and takedown procedures. The full text of the study can be found here: http://www.antiphishing.org/reports/DNSPWG_ReportDomainTastingandPhishin g.pdf Please let me know if you have additional questions for the sub-committee. -Laura
-----Original Message----- From: owner-registrars@gnso.icann.org [mailto:owner- registrars@gnso.icann.org] On Behalf Of Eric Brunner-Williams Sent: Friday, November 09, 2007 2:33 PM To: Tim Ruiz Cc: Registrars Constituency Subject: Re: [registrars] Motion to adopt Tasting Position Statement
Tim,
The Registrars Constituency (RC) has not reached Supermajority support for a particular position on Domain Name Tasting. This puts a (process) conclusion ahead of any (policy) ballot. I suggest not making (process) comments, after all, in theory we could reach a two-thirds position among the voting RC members.
I think we should put the stability and security issue up front. Phish live for days, and the volume of tasting registrations makes it wicked difficult to create mechanisms which rely upon this critical temporal property -- registrations in the first tens of hours of life -- to detect and change A records used in Phish. Part of the energy for WHOIS comes from the claim that without WHOIS Phish can't be caught. We don't want to make that belief more credible than it already is.
I'll talk to the anti-Phish TF folks and get back to the RC, unless someone already has some text ready to go.
Eric