Feeds

Yahoo! Teams! With! eBay! And! PayPal! To! End! Phishing!

If you use Yahoo!, eBay, and PayPal.

Providing a secure and efficient Helpdesk

Yahoo! has teamed with eBay and PayPal to save you from phishing scams. If you use Yahoo! Mail. And the scams involve eBay or PayPal.

Yesterday, the three companies announced that, over the next several weeks, Yahoo! Mail users worldwide "will begin receiving fewer fake e-mails claiming to be sent by eBay and PayPal." You see, Yahoo! is rolling out a new email authentication system that uses the company's very own DomainKeys technology to block such messages.

"By reducing the risk of phishing scams," said vice president of Yahoo! Mail John Kremer, "Yahoo! Mail now offers a much safer Web mail service for eBay and PayPal users."

Presumably, Yahoo! Mail is also offering a much safer Web mail service for extremely gullible people who succumb to eBay or PayPal phishing scams even though they don't use eBay or PayPal.

According to a spokeswoman for eBay and its PayPal subsidiary, the two companies have included DomainKey signatures on all outbound email since the end of 2006. So, if Yahoo! identifies a message that purports to come from the eBay or PayPal domain and it doesn't include the proper signature, the message will be blocked.

Of course, this doesn't stop eBay or PayPal scams that claim to originate from other domains. "If I try to get something through that says it's from PayPal, I'll put money down - a million to one - that it will now get stopped by Yahoo!," says Patrick Peterson, vice president of technology at email monitoring vendor IronPort. "But people can always send a PayPal phishing email from abcd.com."

IronPort's parent company, Cisco, is another big-name backer of DomainKey authentication. The technology was originally developed by Yahoo!, and in May 2007, a revised version - known as DomainKeys Identified Mail (DKIM) - was approved by the Internet Engineering Task Force as a "proposed Internet standard".

Currently, Yahoo!, eBay, and PayPal are using the original DomainKey technology dreamed up at Yahoo!, but they'll soon switch to DKIM. Our eBay and PayPal spokeswoman said DKIM technology will be in place "over the next few months".

She also said that all eBay and PayPal messages are signed with Microsoft's Sender ID signatures, an alternative to DomainKeys. eBay and PayPal hope to extend their anti-phishing efforts well beyond Yahoo! Mail.

"There are about half a dozen large internet service providers around the world which between them operate nearly fifty per cent of the world’s email addresses," wrote PayPal chief information security officer Michael Barrett, on the company's its official blog. "We’re working with all of them to implement similar technology to what we announced with Yahoo!" ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.