<<<
Chronological Index
>>> <<<
Thread Index
>>>
Re: [gnso-ff-pdp-may08] Domain takedown through 100% automation - kicking the hornet's nest of controversy
- To: dave.piscitello@xxxxxxxxx
- Subject: Re: [gnso-ff-pdp-may08] Domain takedown through 100% automation - kicking the hornet's nest of controversy
- From: Joe St Sauver <joe@xxxxxxxxxxxxxxxxxx>
- Date: Sun, 3 Aug 2008 10:58:07 -0700
Dave mentioned:
#It's not the automation itself that some registrars may find worrisome,
#it's the non-zero probability of false positives that some registrars
#may feel calls for a human decision. I'm not suggesting that the human
#factor is infallable, but that the human decision may say, "before I
#take down ebay.com, even if every marker in the universe of possible
#markers says this is bogus, I'm going to make a call". Perhaps you
#could program an automaton to think like this, but I think it would be
#harder and more expensive.
As I've previousl mentioned, I too like human participation in the
decision making chain, but a lot of automated checks CAN be easily
built into the process, and routinely are for things like anti-spam
(or potential anti-fastflux) services.
For example, you mentioned ebay.com as an example of a domain that
would merit extra decision making care, and we all instinctively
grok that, but we can actually lay out specific criteria that could
be used to mechanically send up a "red flag" including things like:
-- is the domain from a TLD that is known to have its own aggressive
security policies and controls in place? For example, is the
domain from .mil? No, it's not in this case, but if it were, that
would be enough to trigger extra review.
-- is the domain on various rankings of "top sites"? For example,
just to check one such list, Alexa's, eBay is #18 (see
http://www.alexa.com/site/ds/top_sites?lang=none&ts_mode=global )
which would, in and of itself, be sufficient IMHO to flag this
domain for extra review before any action were to be taken
-- if you google for the domain, is it prominent? (in ebay.com's
case, at 220 million hits, I'd suggest, "Yes", again triggering
extra review)
-- is the domain one that has been around for some time? (in ebay.com's
case, its provenance dates to 04-aug-1995, again potentially
triggering extra review)
-- are there indicia that the domain is one where the registrant
wants extra scrutiny applied before changes are made? yes, in
ebay.com's case, the domain has been set to "clientDeleteProhibited,
clientTransferProhibited, and clientUpdateProhibited" status,
again potentially triggering extra review)
I would also expect to see 3rd party domain reputation services
to take an active role in this area, whitelisting or bonding
domains against allegations of abuse, just as services of that
sort have emerged for the convenience of email senders and
receivers.
Regards,
Joe
Disclaimer: all opinions strictly my own
<<<
Chronological Index
>>> <<<
Thread Index
>>>
|