Anti-phishing best practices recommendations for domain registrars

The Anti-Phishing Working Group (APWG), in consultation with the ICANN Registrar Constituency and several domain name registrars, has published a “best practices” advisory for registrars to help them implement mechanisms to make it more difficult to register and use domains for illicit uses such as phishing, a confidence scheme used to dupe consumers out of personal financial information.

Several globally active registrars, including APWG members Go Daddy, the world’s largest registrar and Network Solutions, the world’s oldest commercial registrar, have already implemented or are planning to implement many of the best practices prescribed by the APWG’s Anti-Phishing Best Practices Recommendations for Registrars, released this month.

The APWG’s best practices advisory distills the counter-ecrime techniques of APWG membership, forged from their experiences as well as keystone policies of registrars who have already implemented them as safety measures to protect against the registration and use of domain names for phishing. The APWG worked closely with several registrars through ICANN’s Registrar Constituency to ensure that the best practices were practical and applicable.

Anti-Phishing Best Practices Recommendations for Registrars advisory focuses on three principal areas in which house policy at registrars can help neutralize abusive domain registrations. Those include:

• Proactive fraud screening: low user-burden processes that registrars can adopt to limit phishers’ ability to complete fraudulent domain registrations on a large scale
• Phishing domain takedown: best practices registrars can use to process the takedown requests in the most optimized fashion and suspend fraudulent domain registrations used in a phishing campaign
• Evidence Preservation for Investigative Purposes: Data retention practices to save key evidence that can be later used by law enforcement to identify and prosecute the phishers.

Registrars, like Go Daddy, the world’s largest, and Network Solutions, an Internet pioneer that was the first authorized to register domain names, are welcoming these guidelines to help domain name registrars make the Internet a safer place.

The APWG and its members were moved to develop and publish the advisory to staunch abuse of the Domain Name System (DNS) in phishing attacks and other electronic crimes by means of increasingly sophisticated schemes. Several of the most potent phishing techniques that have recently grown more prevalent require fraudulent domain registrations as their cornerstones.

Examples included so-called “fast-flux” attacks and the infamous “Rock” group’s phishing sites, a technique used to hide counterfeit phishing websites by rapidly shifting the Internet Protocol (IP) address hosting the website, vastly complicating their removal as security professionals are forced to chase the sites from one IP address to the next.

A domain registrar with a poor reputation, for example, is increasingly likely to see their domains blocked from access to large segments of the Internet. Thus there is a bottom-line impact to go along with helping to fight against e-crime, and the APWG is dedicated to helping registrars gain those benefits by implementing best practices.

Going forward, the APWG plans to continue to work with registrars to evolve the Anti-Phishing Best Practices Recommendations for Registrars advisory, keeping it up to date with contemporary phishing attack techniques that coopt the DNS – and to identify ways to implement correlative security measures in the most cost-effective and effective manner.