On May 28, 2010, at 1:08 AM, Steve Atkins wrote: > Paypal is rather a special case, as they actively register > many, many domains in a lot of TLDs that contain the word > paypal or some misspelling of it, both proactively and in > response to enforcement. I didn't consider those domains > as triggering an ADSP rejection for a number of reasons. > One is that many (most?) of them would have been acquired > by paypal though enforcement action after the phishes were > sent, and the other is that it's a behaviour (registering a > huge number of domains purely to deny them to others) > that's atypical and that doesn't scale. > > Havning said that, I did spot check quite a lot of the phishes that > I'd tagged as "not rejected" and the vast majority weren't > using domains I'd expect paypal to have proactively reserved > (paypal.net, for instance) - they were mostly using the word > "paypal" in the friendly from, the local part or a subdomain of > the domain part. Of those that weren't of that form many were > things like "@paypal-access.com" and suchlike. So I think those > two numbers are likely accurate to within a few percent or better.
Your numbers were so far off from what we see that I was perplexed, but now it's clear why. In reality we do register many of the domains you assumed we don't (like paypal.net) and we are not unique in that practice. We have over a thousand of these domains parked. The result of this simple error in assumption has skewed your data to the point where it is no longer representative. I feel compelled to point out this error since several people on the list have been quoting your data since you circulated it and are likely to draw erroneous conclusions from it. -- Brett _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
