APWG publishes “best practices” advisory for domain registrars

The Anti-Phishing Working Group (APWG) has published a “best practices” advisory for registrars to help them implement mechanisms to make it more difficult to register and use domains for illicit uses such as phishing. The advisory distills the counter-ecrime techniques of APWG membership, forged from their experiences, as well as keystone policies of registrars who have already implemented them as safety measures to protect against the registration and use of domain names for phishing. The APWG worked closely with several registrars through ICANN’s Registrar Constituency to ensure that the best practices were practical and applicable.

“It has been great to see registrars take phishing prevention seriously,” said Rod Rasmussen, co-chair of the APWG’s Internet Policy Committee and President of Internet Identity. “Since phishing campaigns often start with a domain registration, the domain name registrars are in the perfect position to make phishing more difficult.”

The Anti-Phishing Best Practices Recommendations for Registrars document focuses on three principal areas in which house policy at registrars can help neutralize abusive domain registrations. Those include:

• Proactive fraud screening: low user-burden processes that registrars can adopt to limit phishers’ ability to complete fraudulent domain registrations on a large scale.
• Phishing domain takedown: best practices registrars can use to process the takedown requests in the most optimized fashion and suspend fraudulent domain registrations used in a phishing campaign
• Evidence Preservation for Investigative Purposes: Data retention practices to save key evidence that can be later used by law enforcement to identify and prosecute the phishers.

The report is available in PDF format at: http://www.antiphishing.org/reports/APWG_RegistrarBestPractices.pdf