top | item 46252363

(no title)

ghssds | 2 months ago

> The real domain of the Jacksonville Sheriff’s Office in Florida is jaxsheriff.org. We purchased jaxsheriff.us

This would not be an issue if RFC 1480 had been taken seriously.

discuss

thih9|2 months ago

Too many edge cases, some would still be exploitable. Eg if the real address was:

    Sheriff.CI.Jacksonville.FL.US

Malicious actors could register:

    Sheriff.Jacksonville.FL.US

Unless your solution is to add some verification step as part of .us registrations.

marcianx|2 months ago

Can people register a subdomain of fl.us willy-nilly though? Isn't the root domain owned by the state?

Etheryte|2 months ago

Many top-level TLDs have requirements you need to fulfill, .edu is a good example. Similarly you need to prove you're a local entity for many country-specific TLDs. At the end of the day though, this attack vector will always be there, no matter how diligent you are about it. Phishing is all about numbers and one in is often all you need.

monerozcash|2 months ago

Wouldn't make any difference, you'd just hack one email at any random sheriff department in the country. Or pay $5 for one, anyway.