> (I came up with this one): use a little firewall rule that prevents any IDN from resolving. That's a one line UDP rule and it stops cold dead any IDN homograph attack. Basically searching any UDP packet for the "xn--" string.

I couldn't see how to do this in Windows Firewall. Which OS/firewall/rule are you using?