Stop the problem at the source
While this could go around in circles for days, we tend to overlook the fact that the domain name registration process has been made as simple as possible. No real checks are done if you wish to register a domain, in fact some "resellers" advertise they will never ask your name so that it could never end up in the hands of law enforcement.
I could use a gift credit card to register a domain right now using the name Margaret Thatcher of some fake UK address while I am sitting in anywhere but the UK, shop on the internet for a telephone number and register using a free Gmail account as a point of contact. Then I abuse the free privacy provided in the competitive registrar market or simply use MelbourneIT with their bastardized whois showing a name you supply and their address. While I am at it I use a proxy. Now I am set to go phishing/scamming/herding. Total cost less than $10.00, however free domains do exist as well (MS Online). Free hosting with email facilities is to be had as well.
Fact: criminal domains are hardly ever registered with valid registration details.
I has never been easier to register a domain, real checks simply do not exist for most registrars.
So why should we then use excuses as to why a domain should be holy? In fact the difficulty with which domains are normally canceled is exactly what I would count on in my registrar selection process if I wish to use it for criminal actions.
To turn this picture around, law enforcement have their hands full. International LEA cooperation simply does not exist for the bulk of the victims. The UDRP is not the answer for criminal websites that sprout up faster than mushrooms. Once I have been conned the chance of recovering my money is virtually nil. If my identity is stolen I have forever lost my privacy. In fact I would have to spend more money, much more than $10.00 to get back on track and undo the damage done to me. People lose their livelihoods, privacy etc via malicious domains.
There are groups that specialize in certain abuse type. Domains are not canceled merely based on suspicion as was implied, it is not a free for all, registrars do not accept "hey - joeblogs.com is bad , terminate the domain" statements. Registrars are not stupid. In fact it takes time for them to know they can trust you and that trust is based on detailed abuse reports with evidence and a lot of hard work after ensuring a site has not been hacked and then abused. You only have to get it wrong once to destroy that trust.
We also need define unacceptable. Pornography may be acceptable, child pornography is not. Political sites are acceptable, phishing is not, 419 scams is not, malware is not, money mule domains not, escrow/couriers scams not. Especially unacceptable are those domains that are used to entrap an unsuspecting victim at home via email or in drive by infections.
We can draw a clear line between criminal and geographic/social undesirability. Registrars dare not touch the second group, but it is and should be open season on the first group.
Ad hoc malware police besiege net neutrality
