Check out this phishing url:  http://www.facebook.com.profile.php.id.371233.cn.  Part of the reason why it’s so deceptive is because the true domain, “371233.cn” is at the very end of the URL.  But it didn’t have to be, in fact, it was probably a boneheaded design choice.

Domain naming conventions got the “left-to-right = hierarchy” metaphor backwards, with the root level at the end of the string

And we end up with these awkward URL strings where you traverse up the hiearchy at first, but once past the domain name, the URL starts to resemble a file path, where you’re traversing down down the hierarchy.   Just have a look at the latest Firefox location bar and you can see that the correct design choice is to put the root identity at the beginning of the string.

And meanwhile, we can get rid of that damn ‘www’ sub.