this is NOT a good solution, since a successful phish attack in this case would look exactly like the official red cross web site.
How's that one work?
One form of DirectNIC's redirection, which the phisher was supposedly using (I didn't check myself), uses a <FRAMESET> to hide the redirect inside a frame, thereby not showing the real address in the browser without deeper inspection.
Understood. If it's being pointed at redcross.org, a known good guy site, that wouldn't be a problem, would it? It seems that if the scammer is removed from the operation, it's not really a problem anymore. I'm interested because I think there could be value in a page(s) on an SP that says "This site terminated due to fraudulent activity" and pointers to how to not be sucked into these things.
Personally, I'd prefer registrar lock myself, as that keeps the distinction between scam and non-scam clear.
Registrar lock is preferred on my part. The redirect idea was creative. -M<