On May 28, 2010, at 1:08 AM, Steve Atkins wrote:
Paypal is rather a special case, as they actively register
many, many domains in a lot of TLDs that contain the word
paypal or some misspelling of it, both proactively and in
response to enforcement. I didn't consider those domains
as triggering an ADSP rejection for a number of reasons.
One is that many (most?) of them would have been acquired
by paypal though enforcement action after the phishes were
sent, and the other is that it's a behaviour (registering a
huge number of domains purely to deny them to others)
that's atypical and that doesn't scale.
Havning said that, I did spot check quite a lot of the phishes that
I'd tagged as "not rejected" and the vast majority weren't
using domains I'd expect paypal to have proactively reserved
(paypal.net, for instance) - they were mostly using the word
"paypal" in the friendly from, the local part or a subdomain of
the domain part. Of those that weren't of that form many were
things like "@paypal-access.com" and suchlike. So I think those
two numbers are likely accurate to within a few percent or better.
Your numbers were so far off from what we see that I was perplexed, but now
it's clear why.
In reality we do register many of the domains you assumed we don't (like
paypal.net) and we are not unique in that practice. We have over a thousand of
these domains parked.
The result of this simple error in assumption has skewed your data to the point
where it is no longer representative. I feel compelled to point out this error
since several people on the list have been quoting your data since you
circulated it and are likely to draw erroneous conclusions from it.
-- Brett
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html