The Anti-Phishing Working Group (APWG), along with ICANN Registrar Constituency and a number of domain name registrars, have released a “best practices” advisory for registrars to help them guard against the use of domains to obtain personal financial information.

Several globally active registrars have already implemented many of the best practices recommend by APWG including Go Daddy and Network Solutions.

“It has been great to see registrars take phishing prevention seriously,” said Rod Rasmussen, co-chair of the APWG’s Internet Policy Committee and President of InternetIdentity of Tacoma, WA. “Since phishing campaigns often start with a domain registration, the domain name registrars are in the perfect position to make phishing more difficult.”

The APWG recommendations focus on three key areas.

Proactive fraud screening: low user-burden processes that registrars can adopt to limit phishers’ ability to complete fraudulent domain registrations on a large scale

Phishing domain takedown: best practices registrars can use to process the takedown requests in the most optimized fashion and suspend fraudulent domain registrations used in a phishing campaign

Evidence Preservation for Investigative Purposes: Data retention practices to save key evidence that can be later used by law enforcement to identify and prosecute the phishers.

The APWG says it plans to continue to work with registrars to evolve anti-phishing best practices.

“We look forward to continuing to develop new and innovative ways to combat Phishing at the most basic level — at the time of domain registration,” said Mr. Rasmussen.