PhishTank is alive, and filling up.

PhishTank is a community anti-phishing Web site where anyone can go to submit suspected phishes, track the status of their submissions and help verify others’ submissions. Unlike other anti-phishing efforts that may come to mind, PhishTank is totally free to use and open to access.

After a qualified number of users collectively agree that a suspected phish is, in fact, a real phish, the phish becomes verified. (Amit drew the Digg parallel.)

But we didn’t stop there. Because we genuinely want to stop phishing and believe firmly that phishing data should not cost money, PhishTank has a free and open API. Our hope is that developers will use PhishTank data to build anti-phishing elements into their tools.

And you’ve probably guessed by now how OpenDNS uses PhishTank data. Once the PhishTank community collectively verifies a phish, we conduct an additional layer of checks and balances and ultimately block the phish for OpenDNS users (if the users have phishing protection enabled, of course). We still get phishing data from other sources, too, but we think you’re going to help make PhishTank our best source.

We want OpenDNS to be the best it can possibly be, and in order for that to happen we need the best phishing data available. But we’re not selfish — the data belongs to all of us.

Read more about PhishTank here and let us know what you think!

For the audio-inclined, I wanted to share with you two recent clips about OpenDNS.

The first is an interview of David Ulevitch by Mark Howson of The Mac Nurse, conducted via Skype on July 20. The interview runs a bit over 14 minutes. Go listen for yourself (link is to web page, not file). Mark put together an interesting slideshow on top of the audio interview.

The second item for your listening pleasure comes courtesy of David Redekop, one of the founders of Nerds on Site. David and his colleagues join host Ryan Spence every Tuesday to talk about technology on Ask the Experts, on Newstalk 1290 CJBK, in London, Ontario, Canada. This past Tuesday, July 25, Redekop told Spence (and his audience) about OpenDNS.

Listen to the MP3 (6 minutes, 53 seconds; 1.6MB). Redekop explains DNS, explains phishing (and how DNS can help…more on this soon), and explains OpenDNS. I’m pleased to hear that he’s been using OpenDNS since he heard about it, and considers it for his clients.

I would clear up one point from the Ask the Experts segment. The search results page you see if

1. OpenDNS cannot resolve the entered domain
2. OpenDNS cannot fix a typo

has both organic (unpaid) search results and clearly labelled advertisements. Redekop says he think that OpenDNS is a service worth using even if all the results are ads on that page (thanks!), but I wanted to clear that up all the same.

Note: In describing OpenDNS, Redekop throws out what he calls “the old phrase”: “There’s majesty in simplicity and simplicity in majesty.” I didn’t recognize the phrase, but a bit of poking around leads us to Alexander Pope, the English poet.

There is a certain majesty in simplicity which is far above all the quaintness of wit.

Learn something new every day.

Phishing prevention is not a “fire and forget” task. You have to make sure you have great data, double-check the information, and update the data to avoid “false positives.” And you have to do it all the time.

Different folks (see two below) have wondered publicly where our phishing data comes from and how OpenDNS uses the data. This post helps answer those questions, and more.

Phishing protection is a significant benefit to customers but it’s also a notable responsibility — under no circumstances does OpenDNS want to disrupt its customers’ normal Internet usage.

Note: if you just want speedy, reliable DNS without any protection from phishing, it’s available. (Not recommended, but available.) Use the OpenDNS preferences.

With that background out of the way, let me share what we added to our Frequently Asked Questions earlier this week.

How does OpenDNS decide if a site is a phishing site?

Currently, OpenDNS uses two methods for determining if a site is a phishing site:

1. Analysis of our network data, based on years of experience with DNS traffic.
2. Feeds from several network operators and others working against “Internet Bad Guys.”

There are three providers that we may identify and thank publicly for their participation:

1. Support Intelligence
2. Team Cymru
3. CastleCops PIRT

How do I report a phishing site to OpenDNS?

The fight against phishing isn’t just for the banks and big companies to tackle; you can help. Right now [July, 2006], we encourage submission of possible phishing sites via our contact form. Nothing will be blocked unless it’s verified.

How do I tell OpenDNS about a mistakenly-blocked site?

Every time OpenDNS shows the phish-blocked page (example), we offer the option to tell us to review the site. These requests are treated with urgency; we understand that false positives are painful, too.

Sites which are removed from the phishing list will be available to OpenDNS customers within one hour after review, and hopefully much sooner.

An extra detail: for the data from outside partners, we update our lists every six hours, including removing sites which no longer appear in the feeds.

PhishTank

PhishTank is a site OpenDNS will launch later this summer as a collaborative clearing house for data and information about phishing and malware on the Internet. PhishTank will be a free community site for validating and sharing this kind of data. There will be various statistics and an API, so anyone else who needs solid data to help fight Internet Bad Guys can use PhishTank as a source.

The point? The fight against phishing isn’t just for the banks and big companies to tackle; you can help. Several of you have sent us phishing URLs to add to our lists already — thank you! OpenDNS is selfishly interested in having the best, most up-to-date data available, but we don’t believe that proprietary data in this area is the answer: the API will be open to others, whether they contribute or not.

Too often now, phish reports go into a black hole where no response comes back and none of the aggregated intelligence is shared. PhishTank will be a solution to that problem.

Next steps

Yesterday, we were offered another validated feed of sites to avoid. Thanks! This looks to be a great additional resource, and once it’s confirmed and integrated, we’ll announce it here (with permission).

If you have data that will help us block the “Internet Bad Guys” from OpenDNS customers, please let me know. Use the contact form, or try me via direct email (first name at opendns.com).

p.s. As noted above, here are two blogs which took a look at OpenDNS right as we launched and wondered aloud about our phishing protection.

Another thing OpenDNS should work on ASAP is transparency. I’d really like to know the false positive rate on phishing sites. How many legitimate sites get flagged as a phishing site? (Tyler Longren, July 10, 2006)

Tyler, too early to have that specific stat, yet, but we hear you.

It looks like they are using blacklists to stop you from hitting known phishing sites. They don’t say where the list comes from or how ofter it is updated. (Mike Frank, July 11, 2006)

Mike, thanks for pushing us.