Microsoft KB Archive/930151

= How to minimize the possibility that your Web site will be flagged by Phishing Filter =

Article ID: 930151

Article Last Modified on 10/27/2007

-

APPLIES TO


 * Windows Internet Explorer 7
 * Windows Live Toolbar
 * MSN 9.2 Premium Internet Software

-



SUMMARY
This article describes how Web site owners can minimize the possibility that a Web site will be flagged by the Windows Internet Explorer 7 Phishing Filter.

return to contents



MORE INFORMATION
There are several things that Web site owners can do to help prevent their Web sites from being flagged as suspicious. Consider using the following best practices or Web site design guidelines:
 * If you ask site visitors for personal information, use secure sockets layer (SSL) certification with a current server certificate that was issued by a trusted certification authority.
 * Make sure that your Web site does not expose any cross-site scripting (XSS) vulnerabilities. Protect your site by using anti-cross-site scripting attack tools.
 * Use the fully qualified domain name. All domains should reverse to actual domain names, not to numeric IP addresses. This means that a URL should resemble &quot;microsoft.com&quot; instead of &quot;207.46.19.30.&quot;
 * Avoid using the @ symbol before the fully qualified domain name in your URLs. The @ symbol give phishers the opportunity to create deceptive URLs. Therefore, the @ symbol is immediately suspicious to Phishing Filter.
 * Do not encode or tunnel your URLs unnecessarily. If you do not know what this means, you probably are not using this practice.
 * If you post external or third-party-hosted content, make sure that the content is secure and that it comes from a known and trusted source.

Enterprises can also add the sites that they trust to the trusted zones in Windows Internet Explorer 7 by using Group Policy controls.

Phishing Filter has a built-in, Web-based feedback system to help customers and Web site owners report any potential false warnings or blocks as quickly as possible. In Internet Explorer 7 or Windows Live Toolbar, click Report this site as safe from a yellow warning message. Or, click Report that this is not a phishing website from a red warning message. This will take you to a feedback page where you can indicate that you are a site owner or a site representative. Follow the instructions, and provide the information about the site to submit the site for review. After a dispute is submitted, a team of graders inspects the site. For the quickest resolution, submit all disputes through the Web site reporting process.

For more information about anti-phishing technologies, visit the following Microsoft Web site:

http://www.microsoft.com/mscorp/safety/technologies/antiphishing/default.mspx

For more information about anti-phishing strategies for enterprises, visit the following Microsoft Web site:

http://www.microsoft.com/mscorp/safety/technologies/antiphishing/guidance.mspx

return to contents

Keywords: kbhowto kbpubtypekc kbmsnia kbmsnpartnerportal kbmsnreachportal kbexpertisebeginner kbmsnqwestportal kbmsnclientportal kblivesearchportal KB930151

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.