Feeds

Yahoo! Teams! With! eBay! And! PayPal! To! End! Phishing!

If you use Yahoo!, eBay, and PayPal.

5 things you didn’t know about cloud backup

Yahoo! has teamed with eBay and PayPal to save you from phishing scams. If you use Yahoo! Mail. And the scams involve eBay or PayPal.

Yesterday, the three companies announced that, over the next several weeks, Yahoo! Mail users worldwide "will begin receiving fewer fake e-mails claiming to be sent by eBay and PayPal." You see, Yahoo! is rolling out a new email authentication system that uses the company's very own DomainKeys technology to block such messages.

"By reducing the risk of phishing scams," said vice president of Yahoo! Mail John Kremer, "Yahoo! Mail now offers a much safer Web mail service for eBay and PayPal users."

Presumably, Yahoo! Mail is also offering a much safer Web mail service for extremely gullible people who succumb to eBay or PayPal phishing scams even though they don't use eBay or PayPal.

According to a spokeswoman for eBay and its PayPal subsidiary, the two companies have included DomainKey signatures on all outbound email since the end of 2006. So, if Yahoo! identifies a message that purports to come from the eBay or PayPal domain and it doesn't include the proper signature, the message will be blocked.

Of course, this doesn't stop eBay or PayPal scams that claim to originate from other domains. "If I try to get something through that says it's from PayPal, I'll put money down - a million to one - that it will now get stopped by Yahoo!," says Patrick Peterson, vice president of technology at email monitoring vendor IronPort. "But people can always send a PayPal phishing email from abcd.com."

IronPort's parent company, Cisco, is another big-name backer of DomainKey authentication. The technology was originally developed by Yahoo!, and in May 2007, a revised version - known as DomainKeys Identified Mail (DKIM) - was approved by the Internet Engineering Task Force as a "proposed Internet standard".

Currently, Yahoo!, eBay, and PayPal are using the original DomainKey technology dreamed up at Yahoo!, but they'll soon switch to DKIM. Our eBay and PayPal spokeswoman said DKIM technology will be in place "over the next few months".

She also said that all eBay and PayPal messages are signed with Microsoft's Sender ID signatures, an alternative to DomainKeys. eBay and PayPal hope to extend their anti-phishing efforts well beyond Yahoo! Mail.

"There are about half a dozen large internet service providers around the world which between them operate nearly fifty per cent of the world’s email addresses," wrote PayPal chief information security officer Michael Barrett, on the company's its official blog. "We’re working with all of them to implement similar technology to what we announced with Yahoo!" ®

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.