Patent application describes system that validates web sites based on reputation of domain name registrar.
A patent application (pdf) filed in 2008 and published on December 31, 2009 describes a system where a web site’s reputation is affected, in part, by the reputation of the domain name registrar where the domain is registered:
Reputations of domain registrars are calculated based on the hosting of risky domains. The more undesirable domains a registrar hosts, the lower is its reputation. The risk level of the hosted domains is also a factor in determining the reputation. When a user attempts to access a hosted domain, the calculated reputation of the hosting domain registrar is used in determining what security steps to apply to the access attempt. The worse the reputation of the hosting registrar, the more security is applied, all else being equal.
Although it may seem like just an interesting idea, it could actually have a large impact. That’s because, even though the patent isn’t directly assigned to a company, both of the listed inventors worked for computer security firm Symantec at the time the patent was filed. Symantec is maker of Norton, a popular internet security suite. Included with Norton is a search engine security plug-in that indicates if a site is safe to browse:
If Symantec hasn’t already, it could consider the reputation of a domain name registrar when flagging a site as safe or unsafe. That would certainly force a number of domain name registrars to clean up their act.
Ace says
If I’m reading the patent correctly, a score is assigned to a registrar which is a function of number of bad domains it has in its repository. This has potential to backfire. If a registrar has few good domains with very very good sites, but many with with sites bordering okay and bad. I wonder how do they grade a domain as bad or good.
Michele says
Interesting, but if it’s tied to “hosting” and not the actual IANA ID it could be a lot more serious than might appear at first glance
Kevin Ohashi says
I think Google has probably been doing this for ages. It doesn’t surprise me that security companies would do this. Generally, you get clusters of bad stuff (people willing to look the other way or just don’t notice) so it makes perfect sense to help analyze security threats. Birds of a feather and all that…