The Anti-Phishing Working Group (APWG) published a list of best practices for registrars of domain names that, if adopted, will make it harder for Phishers to register and use domains for fraudulent purposes.

I found the most interesting of these recommendations to "Share fraudulent domain registration information with law‐enforcement". This may seem like a no brainer but a few difficulties arise when considering this recommendation.

The first difficulty is that the information associated with domain registration transactions isn't often captured. In days gone by there was no need to store items like the originating IP address or the time it takes to fill out a form--to identify automated form-filling scripts--just to process a domain registration.

The second difficulty is knowing an appropriate law enforcement organization to share the information with. In today's era of terrorism threats and homeland security the FBI for example doesn't have enough bandwidth to effectively deal with these types of investigations. An ideal group to deal with some of these communication based issues is the U.S. Postal Inspection Service. They have a long history of effectively countering communication based frauds and swindles. This expertise is one of the most exciting parts of the Electronic Postmark program.

Another notable item is that the APWG is developing an accreditation process for Phishing site takedown providers. This interesting concept could go a long way to assisting expedient remediation of events when they occur. Unfortunately, a process like this doesn't help when it comes to prevention which I believe is where the real value lies.