Yahoo!, eBay And PayPal Start The Anti-Phishing Crusade
Yahoo! announced a new initiative meant to protect eBay and PayPal customers from phishing attacks. The Internet giant intends to block such malicious mails using the DomainKeys e-mail authentication technology
October 4, 2007
"eBay and PayPal's adoption of e-mail authentication technology and this aggressive move on the part of Yahoo! Mail are significant steps forward in the fight to protect consumers against e-mail-based crimes," said Michael Barrett, chief information security officer at PayPal. "While there is clearly no silver bullet for solving the problems of phishing and identity theft, today's announcement is great news for our customers who rely on Yahoo! Mail."
DomainKeys has been developed by Yahoo and uses cryptography to verify the domain of the sender. The technology allows an email server to check if a certain email was send from a certain domain or not.
Also, if a certain domain adds a DomainKeys signature to all outgoing emails, messages not bearing the signature (but claiming to originate from the domain) will be simply ignored.
"Through industry cooperation, we can collectively try to stamp out phishing and other e-mail scams. We welcome Yahoo!'s commitment to this endeavor, applaud its leadership role within the Internet service provider community, and encourage others join in the fight to keep consumers safe from phishing attacks," commented Dave Cullinane, chief information security officer at eBay.
Currently, Yahoo!, eBay and PayPal are in the process of transitioning their systems from DomainKeys to the proposed standard DomainKeys Identified Mail and the implementation should be completed in the coming months.