What are your thoughts on basic suggestions such as: 1. Allowing registrars to terminate domains based on abuse, rather than just fake contact details.
I don't like this because its impossible to define abuse clearly enough in this context.
If a fictitious web-shop 'nice-but-dim.com' get a box owned which has the reverse dns set to something in that zone, is this abuse ? Yes .. sort of, but it's no business of the registry. Is registering a domain name which causes offense to some people abuse ? It might be, but its no reason not to let the domain name registration go through. What if you and I fall out, and I manage to build a case against you to get linuxbox.org de-registered ? Do you want to spend time and effort fighting it ?
Who arbitrates/polices this scheme ?
Who pays for any mistakes ? I think the shutdown of seclists.org by GoDaddy is a perfect example of exactly why the registrars should NOT be making these decisions.
And exactly what good is 24 hour notice (as some people have suggested) going to do? With 2 million domains registered every single day (according to a recent techworld article) who could possibly go through such a list and make informed decisions? If you want a really simple, and probably very effective first step- then stop domain tasting. It doesn't help anyone but the phishers. An even better idea would be for companies to send out their own phishing emails. Every user that falls for it gets an email/phone call informing them just how stupid they are and notifying them that if they fall for it again they are going to lose their account. The next time fall for it you shut down their account. Seriously though- why do we keep blaming the infrastructure for the mind boggling stupidity of users? -Don