the more general problem is hard to agree about. i think it's that every day neustar and afilias and verisign and the other TLD registries handle many millions of new-domain transactions, most of which will never be paid for ("domain tasting")
Right.
and most of which are being held with stolen credit cards. i don't know if these companies book the revenue ("ship bricks") or if this is just a hell hole of wasted time and money for them (or, both?)
Registrars don't get credit with registries. They have to prepay a deposit, then for each registration their account gets debited, for each reversal it gets credited, so they´re basically shipping and restocking a million bricks a day.. It is my understanding that one or two registrars do nearly all of the domain tasting, and it's widely assumed that they're their own "customer" for those registrations. They really do have $6M of deposit to handle a million registrations. Verisign tolerates tasting probably because the actual cost of handling a registration is close to zero, and a few of them aren't cancelled. Afilias has complained about the load and proposed and I think got an amendment so that registrars who cancel more than 90% of their registrations don't get quite all of their money back. I haven't seen much connection between tasting and malware. Tasted domains are set up as web sites which consist of nothing but pay per click ads. Malware domains are much less numerous, the registrar is not a knowing party (beyond some registrars' reluctance to do takedowns), and those probably are paid for with stolen plastic. R's, John