Can We Move Past Blocklists to Automated Takedowns?

In the struggle to prevent phishing, cyber defenders use URL blocklists. URL blocklists are ever-changing and difficult to keep current. Attackers make use of automation and other methods to bypass their effectiveness.

Rather than everyone struggling to keep their ever-changing blocklists accurate and up-to-date, is it possible to ease the burden on cyber defenders by automating “verified” phishing site takedowns? There are for-profit companies that claim they have implemented automated API-based phishing site takedowns with trusted web host providers. Would it be effective to implement a community-driven automated takedown request method?