Yahoo Mail to block fake eBay and PayPal e-mail

If you use Yahoo Mail you should soon be seeing a significant reduction in the number of e-mail scams purporting to be from eBay and PayPal.

If you use Yahoo Mail you should soon be seeing a significant reduction in the number of e-mail scams purporting to be from eBay and PayPal.

Yahoo upgraded its system on Thursday in the US with technology -- dubbed "DomainKeys" -- designed to block spam and other fraudulent e-mails that look like they come from eBay and PayPal but don't.

The system works by verifying the domain of the sender of the e-mail, allowing ISPs to block messages they deem illegitimate.

The upgrade is expected to be accomplished globally over the next several weeks.

Typically, the phishing scams masquerade as e-mails from trusted financial sources and direct a recipient to a Web site where they're asked to enter their user name and password. From there, their information is stolen.

Although most companies warn customers that they won't send unsolicited e-mails asking for usernames and passwords, many people are still fooled. Blocking the scam e-mails before they hit in-boxes should cut down on the problem.

Chris Gatford, from penetration testing firm, Pure Hacking said, "It's about time service suppliers like PayPal try to assist users in trying to protect themselves.

Everyone has been expecting end users to be security guardians, but users don't have any clue around security practices and we can't expect users to keep picking up security problems."

The question remains, however, will Yahoo do this in partnership with major banks?

Better than nothing, but not foolproof
DKIM relies on a quietly inserted digital signature on the sender's end, which is designed to vouch for the identity of a message's sender by identifying the domain name from the sender's e-mail. This became a standard under The Internet Engineering Task Force in May this year.

A potential weakness of the system, according to a Cisco engineer, Jim Fenton, is that messages passing through the authentication are not necessarily clean. Also, the standard doesn't require that messages with invalid signatures be flagged as "junk".

He added that cybercriminals also tend to register disposable domain names. So, despite Cisco having validated signatures from over 20,000 domains, cybercriminals can still find a way around it.

"Cybercriminals will authenticate their messages," said Fenton. "They will do whatever it takes to make their messages look more legitimate."

What it does do however is shrink the number of domain names spammers can use and enables anti-spam tools to create a blacklist and prevent further activity from offending domains.

Show Comments