"This is actually going to be extremely powerful if we can make this work," Mather said.
The exact protocol for how and when a domain name would be removed is still being discussed. But the general plan is to have a few trusted companies that will be certified to report phishy domains to DotAsia. That will relieve DotAsia of the burden of having to investigate each domain name before shutting one down permanently, Mather said.
Companies would pay a fee to become certified to be a trusted source, but the costs and exactly how that will work are still being discussed, Mather said.
The Internet Corporation for Assigned Names and Numbers (ICANN) is also working with APWG on the plan. Eventually, ICANN could make registries adopt the policy as part of their contracts to run TLDs. If the plan is successful with DotAsia, it's hoped that other registries will just go ahead and adopt, Mather said.
Phishing is an ever-growing problem. In June, close to 29,000 phishing sites were reported, spoofing some 146 brands, mostly in financial services, according to statistics published by the APWG. Market analyst Gartner Inc. said 2.3 million U.S. citizens lost an average of $1,250 from August 2005 through August 2006.