A large part of the .nl domain names listed in abuse reports are registered with malicious intentions. In other words, the registrants always intended to use them for phishing, malware or the publication of other abusive content. We could make the .nl zone even more secure if we could proactively identify such malicious registrations and disable the domains in question, preferably before they can do any harm.
In this talk we discuss different algorithms for identifying suspect registrations and our efforts to develop them responsibly. We show the pros and cons of different algorithms by evaluating them over a longer period. In addition, we consider how algorithms impact the activities of our anti-abuse team and motivate our choice to keep a human in the loop.