Strong opinions, weakly held

The case for .bank

F-Secure security researcher Mikko Hyppönen suggests that in order to combat phishing, a new top level domain should be set aside for use by banks and other entities that are often spoofed. The organization that manages the domain would verify that the sites are owned by actual financial institutions and that they were not being used for fraudulent purposes, and the registration fees would have to be high enough to support the due diligence required.

I don’t see what it would hurt, assuming the organization registering the domains did a good enough job to insure that any sites on that domain really could be whitelisted.


  1. Eh, I doubt it’d do anything, since phishing sites rarely (if ever) use a domain name that’s supposed to fool the end user. Rather, they use obscured and/or obfuscated links — like http://www.paypal.com — to lure their subjects in. Hell, I got three today that SAID they were to PayPal but, hovering over them, were to IP addresses — the scammers didn’t even bother registering a domain.

  2. I don’t think it would help out users in the sense of checking the addresses links point to, but by giving a clear way to discriminate between trusted and untrusted domains, it would allow email programs and Web browsers be much more aggressive in how they handle potential phishing.

Leave a Reply

Your email address will not be published.


© 2020 rc3.org

Theme by Anders NorenUp ↑