Yes, and I supposed they should be added to the blacklist as they are discovered, but I think getting the Verisign TLDs (.com and .net) into the blacklist will accomplish most of the benefit to be had from this approach. It's not like the phishers can move all their attacks to .tm after they get shut out of .com and .net, because there aren't nearly as many targets in .tm.
How do you propose to shut the phishers out of .com when a popular IDN plug-in (i-Nav) for the most popular browser (Microsoft Internet Explorer) is made by *VeriSign*, the very company that controls the .com registry?
http://www.idnnow.com/index.jsp
Does VeriSign also sell domain names to end-users under .com? I mean, are they also a registrar, not just a registry?
Besides, in networking, it's better to be conservative. You don't start with a short blacklist and then grow it when you find others. No, you start with a whitelist, and grow that.
Erik
