Symantec joins the phishing fight .. for a price
Symantec are patting themselves on the back again. Their latest "Symantec Enterprise Security News Clip" has proudly announced that "Industry Leaders Back Symantec Phish Report Network"
(cite: http://www.symantec.com/about/news/release/article.jsp?prid=20060501_01)
So, let's have a look at Symantec's new service at http://www.phishreport.net/. A nice, professional looking site - very pretty.
"Senders" can submit URLs for free only after agreeing to the Data Provider Agreement which allows Symantec to, among other things, publicise your involvement in the service as a sender.
"Receivers" must sign an agreement as well, and pay Symantec $50,000 per annum for a "Network Maintenance Fee".
What the???? $50,000 per annum???
Let me tell you something; Castlecops already has a very effective service, called the "Phishing Incident Reporting and Termination (PIRT) Squad" aka Fried Phish
Anybody can submit URLs for free, and without having to sign an agreement:
http://castlecops.com/pirt
Wiki here: http://wiki.castlecops.com/PIRT
Unlike Symantec, CastleCops DO NOT CHARGE A FEE to share information gathered, and those being spoofed do not have to subscribe and sign an agreement to be given information about phishing that affects them and their customers.
I have been receiving email reports about phishing sites that are reported to PIRT since the service's inception and I can tell you that every single URL reported is blocked by Microsoft's Phishing Filter within hours. Often they are blocked even if I check the URL within minutes of the email being received.
PIRT reports phishing sites to an average of 20 different parties per phish and including the company being targeted and the ISP hosting the site.
I fail to understand how a $50,000 per annum "network maintenance fee" can be justified for Symantec's "service".
I say stick with CastleCops. They'll accept the same reports as Symantec, but unlike Symantec will pass the information on to *all affected parties* WITHOUT CHARGE and without expecting recipients to sign agreements.