We’ve all gotten those messages claiming to be from eBay or Bank of America and asking for our account information.
They come from the land of cyber crooks.
The problem with e-mail is that it’s an open system where anyone with your address can send you a message. PayPal wants to change that — for your own protection.
It has gathered fifteen leading email service providers and others to help it created a “trusted e-mail ecosystem.” It hopes to put an end to spam and e-mails that are trying to trick you into giving up your account information by pretending to be messages from a legit company. Faking messages like that is called phishing (pronounced “fishing”).
The group has formed DMARC.org, an acronym for the lovely technology specification name of Domain-based Message Authentication, Reporting and Conformance.
DMARC.org consists of heavy hitters including AOL, Google, Microsoft Hotmail, Yahoo Mail, Bank of America, Fidelity Investments, PayPal, American Greetings, Facebook, LinkedIn along with a few email security vendors (Agari, Cloudmark, eCert, Return Path, Trusted Domain Project).
This powerful group wants to adopt a technology plan that was first created by PayPal in 2007 and used with Yahoo and Gmail. That plan became a formal technical document released in October. Today the DMARC.org leaped to life with its founding members vowing support.
“Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole,” said Brett McDowell in a press release. McDowell is chair of DMARC.org and senior manager of Customer Security Initiatives at PayPal.
The DMARC plan stops phishing by validating that senders are who they say they are. This makes it harder for them to pretend to be your bank or another company. It also makes it easier to identify how fake e-mail sneaks past the providers’ spam blocking filters.
The group will eventually turn the document over to the international keeper of such Internet standards, the Internet Engineering Task Force (IETF).