Now that TLS certificates are nearly ubiquitous, they no longer serve as any sort of signal about the legitimacy of domains. I'm thinking that checking the whois database to determine the recency of a domain's registration may be useful to signal at ...
