Big tech companies team up to combat email scams

Jan 30, 2012 By BARBARA ORTUTAY , AP Technology Writer
Google, Microsoft, Yahoo!, AOL and Facebook are setting aside their online rivalry to fight a common enemy: email spam and "phishing" attacks.

Google, Microsoft, Yahoo!, AOL, Facebook and other big tech companies are jointly designing a system for combating email scams known as phishing.

Such scams try to trick people into giving away passwords and other personal information by sending emails that look as if they come from a legitimate bank, retailer or other business. When Bank of America customers see emails that appear to come from the bank, they might click on a link that takes them to a fake site mimicking the real Bank of America's. There, they might enter personal details, which scam artists can capture and use for fraud.

To combat that, 15 major technology and financial companies have formed an organization to design a system for authenticating emails from legitimate senders and weeding out fakes. The new system is called DMARC - short for Domain-based Message Authentication, Reporting and Conformance.

DMARC builds upon existing techniques used to combat spam. Those techniques are designed to verify that an email actually came from the sender in question. The problem is there are multiple approaches for doing that and no standard way of dealing with emails believed to be fake.

The new system addresses that by asking email senders and the companies that provide email services to share information about the email messages they send and receive. In addition to authenticating their legitimate emails using the existing systems, companies can receive alerts from email providers every time their domain name is used in a fake message. They can then ask the email providers to move such messages to spam folder or block them outright.

According to Google, about 15 percent of non-spam messages in Gmail come from domains that are protected by DMARC. This means Gmail users "don't need to worry about spoofed messages from these senders," Adam Dawes, a product manager at Google, said in a blog post.

"With DMARC, large email senders can ensure that the email they send is being recognized by mail providers like Gmail as legitimate, as well as set policies so that mail providers can reject messages that try to spoof the senders' addresses," Dawes wrote.

Work on DMARC started about 18 months ago. Beginning Monday, other companies can sign up with the organization, whether they send emails or provide email services. For email users, the group hopes DMARC will mean fewer fraudulent messages and scams reaching their inbox.

The group's founders are email providers Microsoft Corp., Yahoo Inc., AOL Inc. and Google Inc.; financial service providers Bank of America Corp., Fidelity Investments and eBay Inc.'s PayPal; online service companies Facebook, LinkedIn Corp. and American Greetings Corp. and security companies Agari, Cloudmark, eCert, Return Path and the Trusted Domain Project.

Google uses it already, both in its email sender and email provider capacities. The heft of the companies that have already signed on to the project certainly helps, and its founders are hoping it will be more broadly adopted to become an industry standard.

Explore further: Is it too late to protect privacy? Pessimism reigns over big data and the law

4.7 /5 (3 votes)
add to favorites email to friend print save as pdf

Related Stories

Phishing Attacks in May Jumped More Than 200 Percent

Jun 30, 2005

The phishing season is officially open. Phishing – using fraudulent emails to try to dupe recipients into revealing personal or financial information -- reached its highest level in May, according to IBM. The month Global ...

Researchers fight phishing attacks with phishing tactics

Oct 02, 2007

Early findings by Carnegie Mellon University researchers suggest that people who are suckered by a spoof email into visiting a counterfeit Web site are also people who are ready to learn their lesson about “phishing” ...

Recommended for you

Yelp to pay US fine for child privacy violation

1 hour ago

Online ratings operator Yelp agreed to pay $450,000 to settle US charges that it illegally collected data on children, in violation of privacy laws, officials said Wednesday.

A Closer Look: Your (online) life after death

23 hours ago

Sure, you have a lot to do today—laundry, bills, dinner—but it's never too early to start planning for your digital afterlife, the fate of your numerous online accounts once you shed this mortal coil.

Web filter lifts block on gay sites

23 hours ago

A popular online safe-search filter is ending its practice of blocking links to mainstream gay and lesbian advocacy groups for users hoping to avoid obscene sites.

Protecting infrastructure with smarter CPS

Sep 16, 2014

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

User comments : 6

Adjust slider to filter visible comments by rank

Display comments: newest first

btb101
1 / 5 (3) Jan 30, 2012
phishers rely on one thing. the stupidity of people. if anyone is stupid enough to believe that an email asking for their data is legitimate then they really deserve all they get.
i have no sympathy for the idiots. any website can be made to look like the real deal, but in truth, there will always be signs to spot.
URL addresses for one thing. how could .../stupid/paypal-login/gotyou,html ever be the real paypal.
what people really need is education, tell them what to look for.
and for everyone who ever won a lottery they never entered but just need to give a small handling fee to obtain their riches, get real.. use your brain and always ask (if you really must) for any fee to be paid from the winnings..
that usually stops them.
my favourite way of shutting them up is saying i will be able to collect in person. just need the address ...
never do get a reply from that one..
GeToChKn
5 / 5 (2) Jan 30, 2012
At this point, every bank has said, we will never ask you for your info in an email, so when people reply to an email with their info, it's on the user. Don't do it. Simple enough. Put your mouse over a link. If the link underneath looks like xggfdtyys.com/~users/gafdsfe/paypal.html don't click on it. You know paypal's site is paypal.com not xggfdtyys.com so why click on it.
Noumenon
2.3 / 5 (3) Jan 30, 2012
So you're saying that widowed Nigerian princess lied to me!
Noumenon
1 / 5 (2) Jan 30, 2012
It's about time that some tech giants attempted to stop this.

Now, next should be the USPS spam mail. The left wing environmentalist should be up in arms at the amount of paper and energy this wastes, as 99% of people simply throw out this USPS delivered spam snail-mail,.. but they support out dated government entities over private industries, so must be confused about what to do.
Squirrel
5 / 5 (2) Jan 30, 2012
The above comments lack compassion: phishers catch people out because even the best of us go through unpleasant separations, job sacking, car accidents, sudden diagnosis of cancer and a multitude of other highly distressing--and disorientating periods. A smart email when we are just keeping our heads above water can fool anyone--we are very vulnerable when under stress--and perfect targets for those offering what in better times we know immediately is a trick.
Noumenon
2.3 / 5 (3) Jan 30, 2012
The above comments lack compassion: phishers catch people out because even the best of us go through unpleasant separations, job sacking, car accidents, sudden diagnosis of cancer and a multitude of other highly distressing--and disorientating periods. A smart email when we are just keeping our heads above water can fool anyone--we are very vulnerable when under stress--and perfect targets for those offering what in better times we know immediately is a trick.


Which one did you fall for?

Actually, I agree with you, not everyone is technologically alert, and when one receives an email that appears like your bank, I wouldn't call people 'idiots' for clicking on them.