Email titans Google, Microsoft, Yahoo aim to battle phishing

Email titans Google, Microsoft, Yahoo aim to battle phishing

Summary: A working group is pitching a system that will allow providers to authenticate emails better.

SHARE:

Email giants Google, Microsoft and Yahoo along with other players such as eBay's PayPal, AOL and Bank of America have formed a technical working group aimed at curbing phishing attacks.

Phishing, which refers to bogus email designed to coerce victims to fork over data, is a scourge along with spam. The working group, DMARC.org, has 15 members and aims to beef up email authentication. DMARC stands for Domain-based Message Authentication, Reporting & Conformance.

In a statement, Brett McDowell, chair of DMARC.org and senior manager of customer security initiatives at PayPal said that industry cooperation is needed to thwart phishing.

After 18 months of work, DMARC is pitching a system that allows email senders to include authentication technologies. In this system, email providers can get reports that highlight gaps in authentication schemes.

Here's how the system would work:

DMARC said it will submit its spec to international standards groups. Companies in DMARC include Agari, American Greetings, AOL, Bank of America, Cloudmark, Facebook, Fidelity, Google, LinkedIn, Microsoft, PayPal, ReturnPath, Yahoo and Trusted Domain Project.

Topics: Social Enterprise, Collaboration, Google, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • spam or not spam?? Land Grab???

    many websites have shared certificates from thier hosting companies. I have 2 websites that already have problems with getting mail to inboxes, instead of the spam bin (one is a non-profit, and the other is my personal website). Are they interested in becoming the new postal system, and all e-mail must originate from them?? Who will oversee what websites are worthy of using their inboxes??<br><br>It also seems to do little about the actual content being rigged from people with compromised computers. What would prevent someone from using a compromised computer to send legitimate e-mails from accounts that are "okay"?? While it may cut down on mass mailings, targeted phishing won't feel much effect.

    I have already recieved mail from google accounts that were compromised, (I know because I asked about the mailing). It is possible, and happens now, so how can this system resolve that??.
    sparkle farkle
    • RE: Email titans Google, Microsoft, Yahoo aim to battle phishing

      @sparkle farkle <br>a website costs 80 dollars a year, the certificate is 50 dollars a year or thereabouts. how will they certify legit websites, and can they provide an e-mail certification for 10 bucks (or for free)?
      sparkle farkle
    • RE: Email titans Google, Microsoft, Yahoo aim to battle phishing

      @sparkle farkle This is less targeted at spam than at phishing. So while it does little about the myriad ads for unwanted products, it should help reduce the likelihood that you'll get a mail you THINK is from your bank.
      vulcan666
  • What about the little guy?

    A new company, organization, or just an individual or group may be created. Does this take them into account? It seems like these would be at most risk when it comes to being blocked. It's all based on your reputation; something that could be of issue to new-comers.
    jetsethi
  • Why is Apple never a part of the solution?

    Being the biggest, richest, most powerful technology company in the world, why is Apple's name always conspicuously absent? Why can't Apple be a part of the solution instead of relying on everyone else to do the heavy lifting?
    toddybottom_z
    • $

      @toddybottom_z Being part of the solution costs $ most likely... Not an Apple basher. I'm an Apple products owner.
      nssdiver
    • Because you're a troll and you deserve no answer

      NT
      ScorpioBlue
  • RE: Email titans Google, Microsoft, Yahoo aim to battle phishing

    the thing about apple is apple is a walled garden, and in a walled garden no one can see in and those inside cant see out. Wall do that you know locks you in as well as locks out the outside. That is why.
    Drowelf
  • RE: Email titans Google, Microsoft, Yahoo aim to battle phishing

    Ping Pong. Tennis. Back and Forth, Back and Forth. One side makes a move, the other then responds in turn. How long will this go on? If there were a concrete way to do this, wouldn't it have been done by now? How long will it take for these "phishermen" to come up with an equally elaborate (or possibly simple) way to circumvent these new filters?? It's just a battle of attrition, until one side gives up.
    James Keenan
  • RE: Email titans Google, Microsoft, Yahoo aim to battle phishing

    Good idea, and might just work!
    eargasm
  • RE: Email titans Google, Microsoft, Yahoo aim to battle phishing

    Measure - Counter Measure -Counter Counter Measure - Counter Counter Counter Measure - And so it goes on ad nauseum
    acw342original
  • RE: Email titans Google, Microsoft, Yahoo aim to battle phishing

    All I can say is "WHAT TOOK THEM SO LONG???"
    Willnott
  • RE: Email titans Google, Microsoft, Yahoo aim to battle phishing

    I'd say the vast majority of phishing attempts are obvious to the discerning observer, and many of them are quite humorous in their ham-fistedness. ('We be you Bank. Do to updates in our Systems, you need Login or your account will be deactivated, please').

    I actually (carefully, maybe it wasn't a good idea), followed a link to see what one looked like...ohmigosh, they asked about every possible question imaginable (SS#, bank #, CC numbers including the CCV code, mother's maiden name, etc.). That was one helluva trawler net, not just a phishing line.

    Still, some of the attempts DO look legitimate to the more casual observer, so innocents get hurt, and these scum need to be stopped (arrest and prosecution is sadly highly unlikely).
    ProfQuill