I want to shut off one aspect of this discussion, because it's wasting
time, making us go around in circles, and causing a lot of
The aspect that I'm shutting off is any variation on the idea that
because phishing succeeds despite any blocks on a particular domain
name (using look-alikes and other funny domain-name tricks),
protecting a domain name (for whatever value of "protecting" we want
to talk about) does not affect the ability to phish, and therefore is
This working group has consensus that it IS useful to "protect" a
domain name. That consensus is well established, and has been much
discussed. Further discussion of that question is out of scope.
Let's please stop wasting time and effort on it.
We all agree that making it harder for someone to send mail with
"something(_at_)paypal(_dot_)com" in the "from" line does not stop phishing
attacks that fool recipients into thinking that the mail comes from
PayPal. Nevertheless, we have rough consensus that it is useful to
make it harder for senders who are not PayPal to send mail with
"something(_at_)paypal(_dot_)com" in the "from" line.
I'll also add that the chairs have the job of declaring consensus, of
declaring an issue resolved, and of declaring discussion closed. I
ask that people avoid being dismissive in their responses, but I also
remind others that a dismissive response from a participant does not
enjoin anyone from continuing discussion.
-- Barry, as chair.
NOTE WELL: This list operates according to