The Anti-Phishing Working Group (APWG), in consultation with the ICANN Registrar Constituency including APWG members Go Daddy and several domain name registrars, has published a "best practices" advisory for registrars to help them implement mechanisms to make it more difficult to register and use domains for illicit uses such as phishing, a confidence scheme used to dupe consumers out of personal financial information.

APWG's best practices advisory purifies the counter-ecrime techniques of APWG membership, forged from their experiences as well as keystone policies of registrars who have already went through them as safety measures to protect against the registration and use of domain names for phishing. The APWG worked tight with a lot of registrars through ICANN's Registrar Constituency to ensure that the best practices were practical and applicable.

Anti-Phishing Best Practices testimonials for Registrars advisory focuses on three principal areas in which house policy at registrars can aid to neutralise offensive domain registrations. Those include:

* Proactive fraudulence screening: low user-burden procedures that registrars can adopt to limit phishers' ability to complete fraudulent domain registrations on a large scale

* Phishing domain takedown: best practices registrars can use to process the takedown requests in the most optimized fashion and suspend fraudulent domain registrations used in a phishing campaign

* Evidence Preservation for Investigative Purposes: Data retention practices to save key evidence that can be later used by law enforcement to identify and prosecute the phishers.

the world's largest Registrars and Network Solutions like Go Daddy , an Internet pioneer that was the first authorized to register domain names, are welcoming these guidelines to help domain name registrars make the Internet a safer place.

The APWG and its members were motivated to develop and issue the advisory to staunch abuse of the Domain Name System (DNS) in phishing attacks and other electronic crimes by means of increasingly sophisticated schemes. Various potent phishing techniques that have recently grown more prevalent require fraudulent domain registrations as their cornerstones.

Examples included so-called "fast-flux" attacks and the infamous "Rock" group's phishing sites, a method used to hide fake phishing websites by speedily shifting the Internet Protocol (IP) address hosting the website, vastly complicating their removal as security professionals are forced to chase the sites from one IP address to the next.

A domain registrar with a pathetic report, for example, is increasingly likely to see their domains blocked from access to large segments of the Internet. Thus there is a bottom-line affect to go along with helping to fight against e-crime, and the APWG is committed to serving registrars gain those benefits by implementing best practices.

Proceeding, the APWG plans to go forward to work with registrars to evolve the Anti-Phishing Best Practices Recommendations for Registrars advisory, keeping it up to date with contemporary phishing attack techniques that coopt the DNS - and to identify ways to implement correlative security measures in the most cost-effective and effective manner.