If an URL arrived 10 secs ago to a mailbox is already submitted/voted/verified by Phishtank users, that is some amazing success. I have seen that more than couple of times now.

Phishtank and this community made a $50.000 (lets not name) security service look like a toy and joke, that is some success which should be taken very serious. These are the same people who are alerting Mac userbase about “theoretical” proof of concepts for years to sell their products. I am telling these since there could be a major propaganda against Phishtank by very same people who aren’t happy to lose their $50.000/year customers.

About the educational role? As site is open to visitors, if you notice someone around you hasn’t got a single clue about what “Phishing” is, show him/her this site , live examples. When he/she sees a major financial organisation is targeted on 100-200 live web sites with fake addressbars, he/she will take it serious.

“pour être efficace dans la lutte contre le phishing, le système doit être très réactif, très diffusé, avoir un rôle plus éducatif et ne pas devenir payant dans les prochaines années.”

“To be effective in the fight against phishing, the system must react quickly, be widely used, have an educational role, and not become commercial in the next few years.”

I definitely concur with the educational role idea. There’s a lot that PhishTank should be doing to illustrate and teach the art of detecting phishing (for instance, a filter on the Phish Archive to show valid phishes with valid screenshots so that newbies can learn from the experts).

In addition, there are a number of “how to vote” explanations in the Blog that should be collected on an explanatory page for new phishing members and reference by the existing experts.

Nicely put, John!

Quality is a journey, not a destination.