> > Well, technically, that's true since the total number of possible > domains is finite, it's 2^2040. But the claim that you can enumerate > all of the misleading domains, much less get control of them, is > completely contrary to my experience. > > Could you share more info about your experience here?
While there's many permutation of letters and symbols that can make a domain only a few will be close enough to be used for the purposes of fooling someone to think its another domain that they regularly interact with. (E.g. Someone isn't going to be fooled that t43397u.com looks like twitter.com.) Based on what I've seen protecting one of the more attacked domain on the internet the bad guys will use a few hundred look alike permutations. After that the domains aren't similar enough to be worth using since they won't fool anyone. A few hundred domains is manageable to both claim and then (finally!) throw up DMARC records that lock down the domains. Josh http://t.co/Josh Josh Aberant @jaberant On Thu, Jun 5, 2014 at 4:59 PM, John Levine <jo...@taugh.com> wrote: > >Actually there is a finite number of look alike domains to any domain that > >are similar enough to fool someone. > > Well, technically, that's true since the total number of possible > domains is finite, it's 2^2040. But the claim that you can enumerate > all of the misleading domains, much less get control of them, is > completely contrary to my experience. > > R's, > John >
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
