Seems to me the answer to the problem is simple: ISPs should be proxying known phishing sites. I’d make it an “opt-out” toggle, as only people know know what they’re doing would be crazy enough to actually want to view a known phishing site. That’s the key: being able to identify a phishing attack. I suppose this has proabably been done before, but I haven’t seen a widespread deployment of such a service (which should be free, IMHO).
Certainly, it shouldn’t be a browser’s or plugin’s responsibility – as connectivity is the lowest common denominator. I’ve got the Phishing setting toggled “on” in my OpenDNS configuration, largely because I don’t want Ponzi to be phished when I’m not around. This way, I’m protecting all the systems on my home network – not just the ones that have been upgraded to the latest browser configuration. Phishing should NOT be a problem anymore.