[orangepanda]

It is. Would require an actual solution to prevent phishing - it's easy to overlook facebook.com.example.com

I highly doubt showing the domain prevents any meaningful amount of phishing attempts.

[aj3]

AFAIK, there are exactly two ways to avoid getting phished. One is using physical security keys (not implemented everywhere and we can't expect everyone in the world to buy one). The second one is checking the domain you're in.

Please, do elaborate on what other ways of phishing preventions you have in minds.