Re: Phishing and enforcing Confusables.txt

From: Akshat Joshi (
Date: Wed Nov 24 2010 - 05:37:37 CST

  • Next message: CE Whitehead: "RE: Phishing and enforcing Confusables.txt"

    Dear Shriramana,

    IMO, the authoritative body in this case has to be the registry that is
    holding the Top Level Domain. (.com in this case)
    There are different bodies for various TLDs.
    If such kind of phishing attacks are to be prevented, the registry operating
    bodies need to be made aware of Confusables.txt and the need of handling the


    On Wed, Nov 24, 2010 at 2:39 PM, Shriramana Sharma <>wrote:

    > Dear all,
    > A friend of mine who is in the computer security industry told me that
    > Confusables.txt is NOT enforced across the world. For example, despite
    > there existing a website అపార.com <> with a Telugu అ
    > registered somewhere
    > in the world, another (phishing) website ಅపార.com <>with a Kannada ಅ may
    > be later registered elsewhere in the world despite the following
    > confusable mapping in the Confusables.txt:
    > 0C85 ; 0C05 ; ML # ( ಅ → అ ) KANNADA LETTER A → TELUGU LETTER A #
    > I certainly hope this is not true! Please clarify. Is there no
    > authoritative body to prevent such duplicate encoding? Doesn't the
    > IANA do this?
    > Shriramana Sharma.

    This archive was generated by hypermail 2.1.5 : Wed Nov 24 2010 - 05:41:22 CST