F-Secure Calls on ICANN To Introduce .SAFE
Internet security company F-Secure has publicly called on ICANN to introduce a .safe, .sure or .bank top level domain (TDL) for the exclusive use of registered banks and other financial organizations.
The goal? To combat the threat of phishing, which continues on the rise:
Right now, customers have no good way of automatically being able to tell whether or not a bank website belongs to the bank. [...] If .safe or .sure is locked down [i.e. available only to banks and financial organizations], then security companies [such as F-Secure] would have a much better set of assumptions to start with when filtering email and web traffic. Security providers would then be able to build a better security product and users would feel safe online.
Well, why not? Banks using .bank makes a lot ot sense, not just for anti-phishing but also for branding purposes. The other suggested options are not that good - .safe would imply that all other TDLs are unsafe, and .sure simply sounds unprofessional.
On the other hand, some, like CastrTroy on Slashdot, say that a domain like .safe or .bank will only give users a false sense of security:
As long as people continue to click on links they get in emails, a not verify that they are actually at their bank's website, then there's going to be problems with phishing. It doesn't matter if the url ends in .com, or .ca, or .safe, or .xxx. If you're clicking on links in emails and getting scammed, then changing the domain name won't help anything. I'm surprised there's not more worms out there that change your hosts file, to show you a phishing site when you type in the actual url of your bank. I guess it really is that easy to get somebody to click on a link in an email, because they haven't resorted to more complicated methods.
On a procedural note, ICANN doesn't introduce new TDLs whenever someone issues a press release to "call" upon them. They approve (or reject) viable applications from prospective domain registries. It would be up to a consortium of banks to get together and prepare a proposal.
What do you think… is .safe or .bank a good idea?
Related articles:
- ICANN Discusses New Generic Top Level Domains (gTLDs)
- New Zealand Banks Demand New Domain To Combat Phishing
I'm torn between saying it's an excellent idea and saying the opposition has a point. A TLD of this sort would give users a base of some sort to ensure they are working on safe grounds, and i cannot see much scope for misuse if it is thoroughly regulated.
I'm for it personally.
Well, you need do some really effective for not too much sense of security.
Maybe … 50,000 USD Yearly and need to be purchased by two years at least ?
The ral problem is the fragmentation… no body use aero museum travel or jobs, or if is the case, are around the .000000001 % of the whole internet.
TLD Against phishing? i do not belive they will make the TLD's becouse of the reason of phising, i am a server admin and each day there are all kinds of scammers trying to do something else, the only way to fight scammers is not by softwares or scripts, or oparators, it is by creating culture, job places and good education, the right combination is massive google earth tracer with the right offices to control the internet crimes, that of course,require funds.
A very similar proposal for .MAIL was made in the 2003/2004 sTLD round. The proposal (which I helped write) would have applied a layer of authentication to electronic mail. While this would not have prevented spam and phishing, it would have provided a secure channel to know that email sent in this manner was specifically *not* spam or phishing messages.
This was an actual TLD application in the same round as .TEL, .ASIA and .CAT - ICANN turned the proposal down.