Google, Microsoft, Yahoo look to stop phishing attacks
A group of fifteen technology and email providers announced plans Monday that aim to curb the spread of phishing e-mails by making it more difficult for scammers to impersonate legitimate e-mails. The agreement calls for the use of preexisting standards to authenticate messages on a much wider scale than ever before.
Currently, PayPal is one of the few companies using the technologies, known as SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). Its work only has limited effectiveness though as so far it only has working partnerships with Yahoo and Google.
Under this new agreement that use spreads to many more email providers, and calls for the use of the standards among other technology companies. AOL, Gmail, Hotmail, and Yahoo Mail will all now implement the authentication standards, and providers American Greetings, Bank of America, Facebook, Fidelity, and LinkedIn comprise the founding members of the new organization.
"Industry cooperation, combined with technology and consumer education, is crucial to fight phishing", Paypal customer security senior manager Brett McDowell says. McDowell will chair the industry group, known as DMARC (Domain-based Message Authentication, Reporting and Conformance).
DMARC is off to a good start: the founding email members make up a significant portion of Internet email traffic, and the technology providers are some of the most commonly spoofed companies. If the company wishes, it is now able to request a participating email provider to automatically delete any message that does not carry its authentication.
This does not fix the problem of phishing overall: if an email is sent to a non-participating provider, it will still end up in the user's inbox. Missing yet is a method that can cut off spam at its source.
Regardless, those involved are confident the system will work. "The road is paved for more members of the email ecosystem to start getting a handle on phishing", Gmail product manager Adam Dawes says. He also notes that about 15 percent of Gmail's current mail traffic comes from DMARC-protected domains.
"The phishing potential plummets when the system just works, and that’s what DMARC provides", he argues.
Photo Credit: Slavoljub Pantelic/Shutterstock