Startup OpenDNS has launched a service called PhishTank, designed to put the process of identifying scam Web sites out into the public.
The service works on a principle similar to collaborative bookmark sites such as Digg, by allowing registered users to submit and vote on the validity of phishing URLs. Even if one user makes a mistake, the community should get it right, the logic goes.
When a certain number of users verify a site, it goes into a phishing database, which can be fed into anti-scam software via an open application programming interface (API).
URLs can be submitted by email or via the PhishTank Web site, which officially launched last week. As of Monday morning, 2,240 sites had been submitted, with 874 verified. The top submitter, using the handle "spamfighter", had sent in 332 sites.
OpenDNS contrasted the service to offerings from the likes of Symantec and McAfee that take a more proprietary approach. "Unlike other anti-phishing efforts that may come to mind, PhishTank is totally free to use and open to access," said OpenDNS' Allison Rhodes in a statement.
OpenDNS offers an alternative to ISPs' default domain name lookup services, promising faster web surfing and anti-fraud services. The company fuels its anti-fraud whitelist from various sources, now including PhishTank. "Once the PhishTank community collectively verifies a phish, we conduct an additional layer of checks and balances and ultimately block the phish for OpenDNS users," Rhodes stated.
In its first few days the service has run into a few hiccups, such as a problem that created duplicate URLs and some ambiguity over addresses that redirect to other sites. The duplicate URL problem has now been fixed, OpenDNS said.
The service will get more features and feeds in the coming days. OpenDNS plans to add Mail Transfer Agent (MTA) information from phishing emails to the API, as well as whois and Autonomous System Number (ASN) information.
OpenDNS wants to create RSS feeds for ISPs and web hosting companies based on ASN, allowing them to target and hopefully shut down phishing sites on their own networks.
Another upcoming feature will be a regularly updated text file that lists every verified phishing site, which OpenDNS plans to offer sometime this week, the company said on Friday.