I've always thought it was a stupid idea to allow non-ascii in domain names. That's just asking for trouble. I know, ascii is too US-centric, but allowing literally everything in domain names is a really bad idea. At the very least, require domain name to be in one single character set, rather than a mix. Hopefully that would prevent most or all abuses.