[gtld-tech] gtld-tech URS technical requeriments

[John Levine]

>Since the kinds of people who typo squat probably don't care about 
>setting up MTAs properly, and probably care less for standards; how do 
>we prevent them abusing partitions, slow networks, and/or high pre-URS 
>TTLs to "guide" emails to their servers that don't/won't respect a lower 
>level MX record? Wouldn't it be easy enough for the typo squatters to 
>"pre-cache" the MX / A records on major ISP's recursive servers at the 
>time of registration with very high TTLs to circumvent this strategy?

Actually, I've never seen typosquats doing anything with mail other
than perhaps setting up a mail server to collect inquiries from buyers
and one odd startup that wants to monetize bounce messages.  (Don't
ask.)

The problem is more subtle.  As brands have gotten better at
authenticating their real mail, it's gotten much harder to get a phish
delivered with a return address like security at paypal.com.  So instead
they use lookalike domains, e.g., security at paypaI.tld, or
security at paypal-validation.tld.  That's much harder to defend against
since it's effectively impossible to mechanically identify names that
look like other names in a fraudulent way.

So what you want to do when you suspend a typosquat is to publish as
clearly as possible that this isn't a valid mail domain.  A null MX
record is part of it, but you also need SPF, DMARC, and some other
stuff.  ICANN's proposing a wildcard to catch *.whatever.tld, which
makes things harder but not impossibly so.

The point of this rant is that if ICANN or whoever is going to design
this, they need help from people who are more familiar with the
security issues, who can tell them what they need to specify and what
they don't need to bother with.

R's,
John