[mik3y]

    A big problem that came up at the domain level was what I'd call
    a _trustworthy domain with untrustworthy subdomains_, specifically
    where those subdomains represent user-generated content.

The Public Suffix List (PSL) [1] to the rescue! It can help with this kind of disambiguation.

Paraphrasing, it's a list of domains where subdomains should be treated as separate sites (e.g. for cookie purposes). So `blogger.com` on the list means `*.blogger.com` are separate "sites".

[1] https://en.wikipedia.org/wiki/Public_Suffix_List

[ghayes]

But the cost dynamic would still be different, right? As in, it doesn't cost as much to register a .blogger.com as it does a .com?

[heleninboodler]

How current is this? It doesn't actually have *.blogger.com in it, nor the other two examples I checked.

[mik3y]

I just made up `blogger.com` as an example. I probably could have picked a better one. `blogspot.com` & its many TLD variations are on the list.

It looks like the repo where the list is maintained [1] is pretty active. YMMV, I'm not a maintainer or anything..

[1] https://github.com/publicsuffix/list

[heleninboodler]

The other two I checked were *.wordpress.com and *.bandcamp.com, both well known TLDs with user-generated subdomains. Neither is there.