On 19 July 2013 11:22, oldcrow <oldcrow@dal.net> wrote:

One concern that I would have is for the potential impersonation of representatives from businesses, like PayPal or (in the case of gaming) XBox Live or whatever. If someone could set their hostmask to CSR@paypal.com, or support@apple.com, it's not difficult to imagine that some users might be fooled into handing over sensitive account information.

Indeed. Under my system:
A file contained a list of hostmasks (line by line) which users couldn't pick for a host, so:
apple.com - would disallow apple.com but allow uses.apple.com *dal.net - Would deny anything ending in dal.net
and so on. Perhaps make that list dynamic with a separate OperServ autokill like command to place temporary/perm bans of changing to certain hosts.
The other issue I had considered was multiple people using the same hostname. Under mine, services wouldnot allow them to use:
- Someone elses exact hostname (real or with /ns set host)- ipv6 or ipv4 ip address- hostname matching something in the deny list
holbrook / zort / srd