Feeds

Yahoo! Teams! With! eBay! And! PayPal! To! End! Phishing!

If you use Yahoo!, eBay, and PayPal.

Secure remote control for conventional and virtual desktops

Yahoo! has teamed with eBay and PayPal to save you from phishing scams. If you use Yahoo! Mail. And the scams involve eBay or PayPal.

Yesterday, the three companies announced that, over the next several weeks, Yahoo! Mail users worldwide "will begin receiving fewer fake e-mails claiming to be sent by eBay and PayPal." You see, Yahoo! is rolling out a new email authentication system that uses the company's very own DomainKeys technology to block such messages.

"By reducing the risk of phishing scams," said vice president of Yahoo! Mail John Kremer, "Yahoo! Mail now offers a much safer Web mail service for eBay and PayPal users."

Presumably, Yahoo! Mail is also offering a much safer Web mail service for extremely gullible people who succumb to eBay or PayPal phishing scams even though they don't use eBay or PayPal.

According to a spokeswoman for eBay and its PayPal subsidiary, the two companies have included DomainKey signatures on all outbound email since the end of 2006. So, if Yahoo! identifies a message that purports to come from the eBay or PayPal domain and it doesn't include the proper signature, the message will be blocked.

Of course, this doesn't stop eBay or PayPal scams that claim to originate from other domains. "If I try to get something through that says it's from PayPal, I'll put money down - a million to one - that it will now get stopped by Yahoo!," says Patrick Peterson, vice president of technology at email monitoring vendor IronPort. "But people can always send a PayPal phishing email from abcd.com."

IronPort's parent company, Cisco, is another big-name backer of DomainKey authentication. The technology was originally developed by Yahoo!, and in May 2007, a revised version - known as DomainKeys Identified Mail (DKIM) - was approved by the Internet Engineering Task Force as a "proposed Internet standard".

Currently, Yahoo!, eBay, and PayPal are using the original DomainKey technology dreamed up at Yahoo!, but they'll soon switch to DKIM. Our eBay and PayPal spokeswoman said DKIM technology will be in place "over the next few months".

She also said that all eBay and PayPal messages are signed with Microsoft's Sender ID signatures, an alternative to DomainKeys. eBay and PayPal hope to extend their anti-phishing efforts well beyond Yahoo! Mail.

"There are about half a dozen large internet service providers around the world which between them operate nearly fifty per cent of the world’s email addresses," wrote PayPal chief information security officer Michael Barrett, on the company's its official blog. "We’re working with all of them to implement similar technology to what we announced with Yahoo!" ®

Remote control for virtualized desktops

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Business security measures using SSL
Examines the major types of threats to information security that businesses face today and the techniques for mitigating those threats.