[gnso-ff-pdp-may08] Domain takedown through 100% automation - kicking the hornet's nest of controversy

[Marc Perkel <marc@xxxxxxxxxx>]

OK - moving to controversial, I want to address automated domain 
takedown. Let me give you an example of why this can work.
I am a spam filtering operation and a huge number of fraud attempts come 
into our servers every hour. In this example I'll use PayPal. A message 
comes into the system in this form:
From:  paypaI@xxxxxxxxxxxxxxxxxxxxxxxx
To: honeypot@xxxxxxxxxxxxxxxxxxx
Subject:  Please unlock your PayPal Password

Your Online PayPal Password was blocked on 19/07/2008
Log In into your account to resolve the problem.

Click here to Log In

The link goes to this address: http://paypaI.com/login.cgi

The message did not come from a PayPal server and does not have PayPal's 
domain key signature. So there's no doubt that it's bogus and there are 
no civil liberty or free speech issues involved. This is 100% about 
criminals stealing money form technically ignorant users.
My software isolates the domain from the link and sees "paypaI.com" 
(note the I instead of the L) and the domain appears in URI blacklist. 
And suppose I read information from the DNS info I've proposed and I can 
see the domain is 1 day old, the name servers have changed 40 times in 
the first day (clearly fast flux), and the domain is registered through 
godaddy.com. So - being part of a trusted closed reporting group my 
software blocks the email and sends it to GoDaddy's automated abuse 
system. At the same time GoDaddy has received similar messages from 
several other trusted sources (not a secret society forming a shadow 
government to dominate the world).
So as a result GoDaddy - through automation - takes down paypai.com in 
less that 15 minutes after the fraud starts, disrupting the fraud, and 
saving thousands of people from being ripped off by the russian mafia. 
With a network like this one could probably ID 90% of purely criminal 
fast flux abuse with 100% accuracy and be so effective that fast flux no 
longer works and criminal abandoned the technique.
Tell me why this isn't a good idea.