Network News

X My Profile
View More Activity

A Notable Step in the Fight Against Phishing

Yahoo! e-mail users should soon start noticing the disappearance of scam e-mails that try to steal PayPal and eBay account information. eBay and Yahoo! announced a partnership today that involves a technology developed by Yahoo! called "DomainKeys" to filter out such messages.

DomainKeys works like this: The sender, in this case eBay/PayPal, digitally signs all e-mails that it sends with a special cryptographic signature. The receiving network, in this case Yahoo!, agrees to block or delete any incoming e-mails that purport to be from eBay or PayPal but do not have this special signature.

In a post on the PayPal Blog, the company's chief information security officer, Michael Barrett, said the announcement was the first of many the company will be making with other service providers.

"There are about half a dozen large Internet service providers around the world which between them operate nearly fifty percent of the world's e-mail addresses," Barrett wrote. "We're working with all of them to implement similar technology to what we announced with Yahoo!."

This is welcome news, as PayPal and eBay were the No. 1 and No. 2 most-phished companies in September, according to Phishtank.com, a volunteer phish-fighting group. Phishtank members verified at least 3,649 PayPal scams and 3,509 distinct eBay spoof sites in the past month alone.

By Brian Krebs  |  October 4, 2007; 4:51 PM ET
Categories:  Fraud  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Second Credit Bureau Offers File Freeze
Next: QuickTime Security Update for Windows

Comments

There are three separate sender-confirmed email methods in the wild. I love the encryption aspect of this one, because it's most likely to be useful in this kind of mass email to mass email circumstance. It's an inoculation for an entire ISP from an entire ecommerce firm.

Yahoo's method requires examination of the whole message; the other two (SPF and the similar Sender ID, backed by Microsoft) can look just at headers, reducing computational load, but lacking some useful aspects of how messages can be verified.

In Sender ID and SPF, a domain holder can list just legitimate sending mail servers, but also provide additional information about how mail can be sent from other sources.

The big issue is always that some email "needs" to be forged. Forwarded email, for instance, is essentially forged, even when legitimate. If I have a forwarder at Yahoo.com that sends email to my own mail server, Yahoo sort of forges that message. There are ways around this, by identifying legitimate intermediate mail servers, but that becomes complicated, too.

Posted by: Glenn Fleishman | October 4, 2007 5:33 PM | Report abuse

Once again, all 3 credit bureaus are IMPACTED by an OPT OUT number that prevents your name from being on lists sold to vendors by all 3 bureaus.

The opt out period is for 5 years and it means that you will not be receiving 'junk mail' offers for credit cards for 5 years after a 2-3 month implementation period.

Those credit card vendors who get their lists from other sources are not impacted

The number to call is 888 5OPTOUT 888-567-8688. The voice recognition is the best I have ever used.

Posted by: BRUCEREALTOR@GMAIL.COM | October 4, 2007 11:30 PM | Report abuse

I wonder how it decides it's purporting to come from ebay? If it's just the "from" address, the phishers can just change it to something "non-ebay". It will be less effective. But "less effective" still counts as "effective".

Posted by: penno | October 5, 2007 1:14 AM | Report abuse

Another thing I wish someone would build is the ability for MTAs to query hops the email has taken and find out if the one just before the final destination email server has an MX record. Since most of the SPAM comes from home computers that have no MX record you should be able to squash viruses like Storm Worm for the most part. I'm sure there are some negative impacts of this but would be nice if it was an option.

Posted by: David | October 5, 2007 5:42 AM | Report abuse

And now, for some commercial words from DtX. Back to our regular programming in a minute. Stay with us!

P.S. Bob, use a spell check next time.

Posted by: Pete from Arlington | October 5, 2007 10:53 AM | Report abuse

I thought you were talking about upgrading to Vista!

Posted by: steve Ballmer | October 8, 2007 2:44 AM | Report abuse

I thought you were talking about upgrading to Vista!

Posted by: steve Ballmer | October 8, 2007 2:45 AM | Report abuse

flat flat buy apartment

Posted by: House appartment | December 18, 2007 7:19 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company