An antiphishing bill that was introduced in the U.S. Senate last week could end up being used by large holders of trademarks to unfairly wrest legitimate domain names away from small businesses and individuals, according to a trade group that represents domain name investors and so-called direct search companies.

But supporters of the new legislation proposed by Sen. Olympia Snowe (R-Maine) claim that the bill is timely and offers a more effective mechanism for dealing with phishing and the deceptive use of domain names than existing statutes do.

The bill is called the Anti-Phishing Consumer Protection Act of 2008 (APCPA) and was introduced in the Senate on Feb. 25, with Sens. Bill Nelson (D-Fla.) and Ted Stevens (R-Alaska) as co-sponsors (download PDF) . The proposal would basically outlaw phishing and "related abuses," such as using for commercial gain domain names that are identical or confusingly similar to those legitimately held by trademark owners.

As part of the proposed law, such practices would be formally defined as deceptive practices under the Federal Trade Commission Act. The APCPA also would require U.S.-based domain name registrars that offer proxy services to reveal the full contact information of registrants to individuals or entities that file complaints or lawsuits. The contact info of proxy registrants typically is hidden from public view in the Internet's WHOIS database.

The legislation calls for statutory damages of $250 per violation, up to a maximum of $2 million. But in cases in which a defendant is deemed to have willfully violated the provisions of the bill, the total damages could go up to $6 million. Actions could be brought under the APCPA by trademark owners or by state attorneys general, federal banking and securities agencies, ISPs and the FTC itself. (Compare Messaging Security products)

"Phishing and other online fraud activities directly undermine the vital trust of online consumers," Snowe wrote in a blog post on The Hill Blog.

"Now more than ever, Congress needs to take action to limit the growth of a practice that attacks the very essence of our commerce," she added, noting that more than 3.5 million U.S. residents fell victim to phishing and online identity theft last year.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.