undefined | Better HN

0 pointstekchip1y ago0 comments

I'm guessing here because I'm not the author but I believe this statement is directed towards the blocklisting entities because they don't provide transparencies or a method to reach them to resolve issues with a domain once it's aquired by someone else. That absolutely is the issue of those entities.

0 comments

supriyo-biswas1y ago

At one point of time when I had to deal with people submitting phishing links to a web service I owned, I learned some of the tricks that phishers use to get around reports, such as using IP geolocation or the accept-language and accept-encoding header to determine if the phishing page should be served.

With tricks like this, it's not a surprise to see why the companies operating blocklists are hesitant to make this process easy; after all, what's to prevent the phishers from temporarily stating that the issue has been resolved to get out of the denylist, and then restarting their campaign again?

Seattle35031y ago

If the process required you to verify ID, e.g. a passport + video selfie, some accountability might be possible. But that might be too invasive for many folks.

bragr1y ago

This doesn't work because there's a nearly unlimited supply of people willing (out of desperation, drug addiction, or just plain poor decision making) to let bad actors use their IDs.

1 more reply

chrischen1y ago

If you could get out of blacklists by transferring ownerships then people can “wash” domains by fake transfers.

j / k navigate · click thread line to collapse