I started Form Kid a year ago and since then more phishers than normal users have been signing up to create phishing forms which has been very very annoying.
I implemented many censored words such as admin, username, password, passwd, etc. which baffled a lot of phishing form creations but still not working 100%. I then turned off free registration because I was tired of being notified by security parties and was also afraid the domain formkid.com might fall permanently untrustworthy.
What do you think I should do now? I’m thinking:
-
Going paid. Either a very low yearly subscription such as $12 / year or a one-time activation fee. But I really DO want to keep this a free service.
-
Opening the service only to email addresses such as .edu or .gov. Any other TLDs you believe would be good as well? - Wait, is there anything like an ‘email TLD whitelist’ or something like that?
-
Invitation only which greatly reduces the chance but a phisher sign-up would still be possible.
-
Manual approval of newly created forms? - This would definitely be the most bullet-proof solution but it would require human hours, especially when it’s growing into popularity.
Any ideas? Which approach would you prefer? Personally, I want to go with Approach 2.