[hunter2_]

Would it be best practice for filter list maintainers to purge on expiration, though? Bad actors would be able to take advantage of that. Until there's a standard around this, maybe blacklisted domains should just remain unused.

[Dylan16807]

Take advantage of it how? They could get a new domain more easily.

[dspillett]

> Take advantage of it how?

If there is a domain that could be useful as a phishing site (a domain the original company allowed to expire, one that just looks right enough, etc) but is on the common blacklists, isn't that useful. If it dropped of the blacklists when registration expired then another nefarious type (or the same nefarious person if they are lucky) could re-register it and use it as a freshly useful phishing location until it once again got on the lists.

Though given how carefully people often don't check domains, or in some cases how easily they are hidden, which is why many phishing attacks work, this might not make a big difference overall.

[Dylan16807]

For "just right", the domain also has to look more "just right" than the many unregistered names that are very close. And an aggressive filter trying to block on that basis should be doing it preemptively and not very much based on domain history.

A domain that used to be tied to the company has different considerations, but ideally it would also be blocked based on ownership changes and not wait for content.