idea to stop fishing site
Add a new functionnality where in the settings you can edit a sentence that will be stored encrypted.
It will only be decrypted and shown to you after your enter your login password but BEFORE you enter the mailbox password.
This way if the network is compromised and you end up on a protonmail fishing site, you will only have given the login password and NOT the mailbox password.
This will be especially helpfull when a tor address will be made available.
The new authentication protocol (TLS-SRP) that ProtonMail quietly introduced around two months ago, protects against that threat, I believe.
Peter Gorski commented
There are also other approaches which should be considered if you like to address Phishing threats:
Lo Iacono, L., Viet Nguyen, H., Hirsch, T., Baiers, M. and Möller, S. (2014). UI-Dressing to Detect Phishing. Proc. 6th Int. Symposium on Cyberspace Safety and Security