>> DNS isn’t the right place to attack this, IMHO. > > Why not (apart from a purity argument), and where should it happen instead? > As others pointed out, network operators have a vested interest in protecting > their customers from becoming victims to malware.
Takedowns of the hostile target sites. You dismiss the purity argument, but IMHO, there’s merit to the purity argument. Any such DNS filtration, if provided, should be provided on an opt-in basis, not as a default. I’ve seen plenty of situations where the filters were just plain wrong and if the end user didn’t actively choose that filtration, the target site may be victimized without anyone knowing where to go to complain. Owen
