Homograph attacks still exist in Unicode domains: https://www.xudongz.com/blog/2017/idn-phishing/ (scary! Whitelist character sets by TLD?)