The Alliance Against E-mail Fraud And Phishing Scams

From June 2004 to May 2005, an estimated 73 million US adults said they definitely, or think, received an average of more than 50 phishing e-mails in the past year. According to the FTC, email has quickly become the number one method of contact for scams. In August 2007 alone, PhishTank verified almost 9,000 phishing scams out of 12,490 submitted.

For these reasons and more three major websites have announced a "collaborative effort to better protect consumers against fraudulent e-mails and the dangerous scams known as phishing attacks."

eBay and PayPal have announced today that customers using Yahoo! Mail should start getting fewer illegitimate eBay and PayPal emails as Yahoo! Mail is the first Web mail service to block these kinds of emails using the DomainKeys e-mail authentication technology.

DomainKeys is a Yahoo! development that works by using cryptography to verify the domain of the sender and prevent email forgery. Blacklists and whitelists are used in the validation process that more easily detects phishing attacks. The internet service providers are then allowed to determine if a message is real and whether it should be delivered to a user's inbox.

"By reducing the risk of phishing scams, Yahoo! Mail now offers a much safer Web mail service for eBay and PayPal users, and this protection will benefit the larger Yahoo! Mail community as well," said John Kremer, vice president of Yahoo! Mail. "We look forward to helping to facilitate continued industry adoption of DomainKeys and the proposed standard DomainKeys Identified Mail, as we continue to increase our efforts to safeguard the inbox."

From my own experiences, PayPal is the site that I have received the most phishing attempts from, one in which did not even show a paypal domain in the sending email address. Lately I have received a few emails that try scamming me into believing that I have unclaimed funds due from the IRS, which is clearly not legit, as they read:

"After the last annual calculations of your fiscal activity we have determined that you are eligible to receive a tax refund of $193.77 . Please submit the tax refund request and allow us 6-9 days in order to process it."

Clearly, this is a scam and further displays how widespread this problem has become.

According to Michael Barrett, chief information security officer at PayPal, "eBay and PayPal's adoption of e-mail authentication technology and this aggressive move on the part of Yahoo! Mail are significant steps forward in the fight to protect consumers against e-mail-based crimes. While there is clearly no silver bullet for solving the problems of phishing and identity theft, today's announcement is great news for our customers who rely on Yahoo! Mail."

It is good to see some progress being made in the fight against online scams, and hopefully similar technologies will become available for users of other mail services. I cannot see Yahoo! lending its technology for use on say… Gmail, unless all parties benefits.

As mentioned in the press release, Yahoo!, eBay and PayPal are in the process of transitioning their systems to the new DomainKeys Identified Mail standard and the upgrade will be rolled out globally over the next several weeks to all users of Yahoo! Mail.