Hallam-Baker, Phillip wrote:
Statement is misleading
4.2.1. Look-Alike Domain Names
Attackers may attempt to circumvent signing policy of a domain by
using a domain name which is close to, but not the same as the domain
with a signing policy. For instance, "example.com" might be replaced
by "examp1e.com". If the message is not to be signed, DKIM does not
require that the domain used actually exist (although other
mechanisms may make this a requirement). Services exist to monitor
domain registrations to identify potential domain name abuse, but
naturally do not identify the use of unregistered domain names.
Actually these services mostly make money selling registrations. Engage
VeriSign to do this and you will get wonderfull tools to predict look-alikes
you might want to register ordered by a variety of risk factors.
I thought there were surveillance services as well. From
http://www.verisign.com/static/002120.pdf :
Monthly email reports show new domain name registration activity and
published contact information as well as views of online brand infringement.
I'm not claiming to know Verisign's business that well, but that there
was some basis for my statement.
-Jim
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html