Let me explain. The problem is that somebody malicious might impersonate another company through a domain name.
So they send people emails with URLs like "netflix.user-support.com" where "user-support.com" is owned by the malicious actor. This is extremely common.
I honestly don't see any other problem. How else would you get people to visit "netflix.soy", if not by the same mechanism? It doesn't matter who controls which part of the domain, users are either going to notice the odd parts of the domain, or they are not. The fact that one is a TLD and the other isn't doesn't really make a difference, at least for uncommon TLDs.
> On the other hand, someone owns and operates .soy, and has to actually approve new domains getting created. Part of that process could be a step that automatically screens for scammy looking registrations.
Yes, but that wouldn't do anything to solve the problem. It would only make things more expensive. I honestly don't see the issue with anybody owning "netflix.soy" unless they're malicious, but in that case owning "netflix.anything-else.com" would be just as bad, if not worse. Since we can't really prevent the latter case, preventing the former case is moot.
So they send people emails with URLs like "netflix.user-support.com" where "user-support.com" is owned by the malicious actor. This is extremely common.
I honestly don't see any other problem. How else would you get people to visit "netflix.soy", if not by the same mechanism? It doesn't matter who controls which part of the domain, users are either going to notice the odd parts of the domain, or they are not. The fact that one is a TLD and the other isn't doesn't really make a difference, at least for uncommon TLDs.
> On the other hand, someone owns and operates .soy, and has to actually approve new domains getting created. Part of that process could be a step that automatically screens for scammy looking registrations.
Yes, but that wouldn't do anything to solve the problem. It would only make things more expensive. I honestly don't see the issue with anybody owning "netflix.soy" unless they're malicious, but in that case owning "netflix.anything-else.com" would be just as bad, if not worse. Since we can't really prevent the latter case, preventing the former case is moot.