Registry taking measures

Oct 12, 2007 09:27 GMT  ·  By

Finally, someone is getting to the bottom of things: instead of special phishing-preventing software, a new security solution has been disclosed. DotAsia is a new TLD (top level domain) and, because it's still "fresh", it's going to be able to fight better in the anti-phishing battle! As seen on TechWorld, the DotAsia Organization has agreed to implement a policy to ban domain names associated with phishing. This is great news even if it does highlight the fact that phishing has become a serious issue.

I've never heard of another registry (an organization overseeing the tech implementation of TLDs) taking similar measures, but I think this new idea is going to work great. Why just protect against phishing when you can stop it?

Also, this is going to tackle fast flux too. When you build a site, you need a domain name and hosting. On certain domain names (like .ro for example) you may buy a domain name for life. Others will rent it to you for a certain price per year (like .com). After you buy or rent a domain name, you need a server to host your website. No matter what server you chose, where it might be located on the globe, you can keep the same domain name. So, yes, you can have as many hosts or move them around for the same domain! Phishers use this tactic to make their sites always available - it's called fast flux and it consists of the site's IP address changing every few minutes, while the domain name remains the same. It's very hard to take them down, as before you bust one server, they've already moved on to another one. But if you take down their domain name - well, that will certainly stop them in their tracks!

Technical problems concerning local nameservers that cache IP addresses of domain names may appear. However, those are temporary and depend on how much the owner of the site wanted it to remain in the cache. In any case, this is something small compared with the greatness of the initiative - way to go DotAsia!