F-Secure security researcher Mikko Hyppönen suggests that in order to combat phishing, a new top level domain should be set aside for use by banks and other entities that are often spoofed. The organization that manages the domain would verify that the sites are owned by actual financial institutions and that they were not being used for fraudulent purposes, and the registration fees would have to be high enough to support the due diligence required. I don’t see what it would hurt, assuming the organization registering the domains did a good enough job to insure that any sites on that domain really could be whitelisted.