Domain Names are Backwards

Date:2016-12-04
Abstract:Domains should be com.example.www instead of www.example.com. The former format would prevent a certain type of phishing attack where one just has the legitimate domain as a subdomain of the attacker’s domain.

I try to sell some stuff that is sitting in the on eBay small ads. People will contact you via email or phone and ask for prices and pickup dates. Therefore it did not really surprise me to get a text message like this one here:

../../_images/sms.png

Tapping on the URL, I got to a login page. That was strange since a link to a public small ad should be, well, public. Also it felt strange that the person just pasted an URL And not referred to the product by the name. Since I did not care to enter the password on my phone, I have emailed myself the text message and opened it in the browser. And then, this happened:

../../_images/firefox.png

To my shame I must say that I did not look at the URL closely enough. Luckily Firefox has saved me with two features: the obvious blocking message as well as the sensible highlighting of the URL. There you can see that it is a plain phishing scam. Since I was already logged into eBay small ads on a different tag, I would have wondered why I had not been logged in again, if Firefox would not have saved me.

I think this should not have happened to me as thought I would spot stuff like that. It just has been engineered well enough to trip me.

This highlights a thing that has been bugging me a long time now: Domain names are backwards! The hierarchy of the subdomains is roughly this: http://C.B.A/D/E. Here A is the top-level-domain, often com, here de. Then B is the actual domain, say martin-ueding. C could be www and D/E might be something like en/articles. In full, it reads something like www.martin-ueding.de/en/articles. As one can see with the phishing scam, the left-to-right reading direction and this ordering of name parts does not make too much sense.

If the URL had been http://com.de-item123456789.ebay-kleinanzeigen/s-anzeige and one would expect http://de.ebay-kleinanzeigen, I would certainly not have fallen for it. But with the URL starting off with ebay-kleinanzeigen.de, it looks pretty legit.

The same thing is with the German date format DD.MM.YYYY. Also “Firstname Lastname” is somewhat odd. But there is no way to change that now, this is just another idiosyncrasy that one has to work with.