PhishTank Is Here

PhishTank launched today. PhishTank is a site designed to make keeping tabs on phishing sites easier. If you come across a phishing site while browsing the web, you’re encouraged to submit the URL to PhishTank.

PhishTank is a collaborative clearing house for data and information about phishing on the Internet. Also, PhishTank provides an open API for developers and researchers to integrate anti-phishing data into their applications at no charge.

PhishTank is operated by OpenDNS. OpenDNS opened their services to the public earlier this year to much fanfare. David Ulevitch and crew have done an amazing job with OpenDNS, I expect the same from PhishTank.

PhishTank does not provide protection against phishing sites, they simple store phishing related data. OpenDNS does protect against phishing though. OpenDNS and PhishTank go hand in hand. OpenDNS blocks access to phishing sites that are in the PhishTank database. Here’s a little piece from the OpenDNS FAQ about reporting phishing sites:

The fight against phishing isn’t just for the banks and big companies to tackle; you can help. Right now, we encourage submission of possible phishing sites via our contact form. Nothing will be blocked unless it’s verified.

Later this summer, we will introduce, a free community site, with API, which will serve as a collaborative clearing house for data and information about phishing and malware on the Internet.

PhishTank will no doubt prove to be a valuable resource for the internet security community. Now, users of OpenDNS can basically control what sites are deemed “phishing” sites by making use of PhishTank. This was one of the main gripes people had with OpenDNS initially. There was no method to show what sites were flagged as phishing sites. Let there be transparency!