Call me simplistic, but it seems to me that there is a relatively simple solution to the phishing epidemic, assuming those in control of the Internet would like to stop it. Since almost all phishing emails using a hyperlinks something like http://www.MyBigBankName.com.bad_guys_domain.info/login.html, eliminating it would be a simple as ICANN cancelling domain registrations for anyone caught phishing. (I assume Internet registrations are ICANN’s domain? No pun intended…)
To implement they would set up an email alias like email@example.com where people could forward phishing emails. Once they had someone verify that an email routed to a phishing website (I bet this could even be done with vetted volunteers), ICANN would cancel the domain registration. Then it would be a simple matter for browser, personal firewall, and anti-spyware vendors to be update their software to provide anti-phishing warning for any website that is reached via IP address rather than via domain name.
With domain cancellation in place and IP-address based anti-phishing functionality by browser, personal firewall, and anti-spyware vendors, phishing would be eliminated as it would quickly become effectively impossible for a phisher to maintain a domain, and IP addresses would be easily filtered.
Or so it seems to me. But it must not be that easy, or someone else would have thought of it by now. I’m posting this hoping that someone can either explain to me why this would not work, or if I just happen to be the only one to have thought of it and it would work, that someone reading this will forward to the good folks at ICANN for implementation.