Dropping a well-known and trademarked name like "eBay" into a domain name registration should cause registrars to give them a glance and make sure they aren't being purchased by someone who is not entitled to use the term.
Keeping phishers at bay
Mikko Hypponen of Helsinki-based F-Secure sees phishing URLs regularly as the company deals with various threats to its customers' electronic assets. In his view, maybe there should not be as many phony domains permitted to go live as there are today.
In an open letter to domain registrars everywhere, Hypponen asked why they blithely permit every application to go through the process unreviewed. "Even when the name is obviously going to be used for phishing?" he wondered.
Using the example of a newly-registered domain that blatantly misuses eBay's trademark, signin-ebay-c.com, and running a phishing site, Hypponen suggests that registrars take more responsibility for registrations beyond collecting their fee:
This fake site asks users for their eBay login names and passwords and then uses an unsecured email form at www.statesmanjournal.com to send the details via email to the attacker's email address: maildeusere@gmail.com.
Wouldn't it make sense for a registrar to filter such obvious registrations and have a real person review and approve them before they go through? At least check who the domain is being registered to in case it's obviously an imaginary person?
If registrars started doing this, it would shift the burden of responsibility from the registrant of a name to them. Lawsuits would definitely take place, and perhaps it's a bit surprising that here in the litigation-happy US of A we haven't seen someone who's been phished go after a registrar in court.
iEntry 10th Anniversary
RSS
Archive
Del.icio.us
Digg
Reddit
Furl
