The anti phishing working group (APWG) launched a new best practice guide for registrars today, aimed at making it more difficult for online criminals to register domains for purposes such as creating phishing sites.

The Anti-Phishing Best Practices Recommendations for Registrars, produced in conjunction with several key global registrars including Go Daddy, and the Icann Registrar Constituency, focuses on three areas – phishing site takedown, evidence preservation and fraud screening.

It recommends ways for registrars to suspend domains that are suspected of being used in phishing campaigns, how to preserve evidence for law enforcers to identify and prosecute the phishers, and processes for fraud screening that have a low impact on end users.

The guide was launched in response to the increasingly ingenious ways phishers are abusing the domain name system (DNS) to launch their attacks.

One particularly popular method is to rapidly shift the internet protocol (IP) address hosting the phishing web site, thus making it more difficult to track and remove that site.

"Based on Network Solutions' experience, the APWG's best practices are effective tools in the fight against phishing, and we hope that more registrars will implement them as well," said Jon Nevett, vice president of policy for registrar, Network Solutions.

Copyright © 2009 vnunet.com