Internet Explorer 7 contains several levels of protection against phishing. Its phishing filter looks up an URL in a local whitelist before the site is opened. If it is not listed there, the browser sends the URL - with SSL encryption and without any user parameters or cookies for reasons of data protection - to an anti-phishing server in Redmond, which takes a look at the whole web site in real time. Certain criteria, which have not been described in detail, are then used to categorize the site; if it smells of phish, the browser warns the user.
In addition, users can also have suspicious websites reviewed at any time by pushing a button in the status bar and even report a website if they are certain that phishing is involved: