[jessaustin]

A) Of course trademark is valuable (to important parties!), that is the premise of the grandparent comment. (So the "...firms would make do without trademark..." clause is a deliberate absurdity.)

B) This anti-phishing idea is security theater. If you teach cardholders that a URL will save them from getting phished, they'll get phished. This is analogous to, though quite a bit worse than, the idea that a logo guarantees authenticity, even in our current regime. (E.g., some of those who thought they had purchased FTDI components were discovered recently to have not done.)

[smt88]

Re: A) You said either trademarks should go away or apple.gripe should become acceptable. Definitely a false dichotomy, but my comment was targeted at either/both of those possibilities.

Re: B) I completely disagree. I frequently visit mail.google.com, and I trust that I'm not getting phished. I'm going purely on the basis of the URL there. I wouldn't feel the same way going to, say, mail.google.me.

In order to trust a URL, you must be sure that your client system isn't compromised (and nothing in between). If it is, you're vulnerable to much worse than phishing. Phishing is likely unnecessary at that point.

It has nothing to do with the URL being secure or insecure. Using web-enabled computers on a daily basis means that we're trusting our systems not to be infected by unknown/undetected malware. We don't have any alternative, so we take the risk.

There are many ways to be slightly more certain that our DNS records haven't been tampered with nowadays, but we're still basically trusting hackable systems all the time.

[13]

In a way short .com domains display some level of financial cost involved in obtaining them. If I saw a website hosted on hexagon.com I'd assume it's probably legitimate just due to the probable expensive of obtaining it being higher than a phisher might be willing to pay.