Top Tech News HOME LATEST NEWS NEWSLETTERS SEARCH Search
  LATEST NEWS FOR THURSDAY MARCH 23

Close Search Box
Top Tech News
DATA SECURITY
Can E-Mail Authentication Stop Phishing?
Posted October 5, 2007
Can E-Mail Authentication Stop Phishing?
Next Story
EARLIER
Symantec Warns of Clever New Hacks
THIS STORY
Can E-Mail Authentication Stop Phishing?
Next Story
LATER
Microsoft's Patch Tuesday Plugs Holes in Vista, IE
YOU ARE HERE:   HOME arrow DATA SECURITY arrow THIS STORY
NEWS OPS

By Jennifer LeClaire. Updated October 5, 2007 12:43PM

SHARE

ALSO SEE

What do you get when Yahoo, eBay, and PayPal join forces against malware? A collaborative effort to help protect consumers against fraudulent e-mails and dangerous scams commonly called phishing attacks.

A movement got underway on Thursday that gives eBay and PayPal customers who use Yahoo Mail an upper hand against fraudsters by blocking fake e-mails that claim to be coming from these popular online properties.

Michael Barrett, chief information security officer at PayPal, called it an aggressive move and a significant step in the fight to protect consumers against e-mail-based crimes. "While there is clearly no silver bullet for solving the problems of phishing and identity theft," he said, "[the] announcement is great news for our customers who rely on Yahoo Mail."

The Domain Keys Equation

Yahoo's Domain Keys technology is designed to verify the authenticity of e-mail messages, allowing ISPs to determine whether messages are real and should be delivered to a customer's inbox. Yahoo developed Domain Keys, which uses cryptographic keys, to address the widespread issue of e-mail forgery.

Essentially, the Domain Keys technology allows e-mail providers to validate an e-mail's originating domain, making use of blacklists and whitelists more effective. It also makes phishing attacks easier to detect by helping to identify abusive domains. In May 2007, the Internet Engineering Task Force approved Domain Keys as a proposed Internet standard.

Domain Keys is seeing terrific industry adoption, in part due to the widespread consensus about its potential as an Internet standard, according to Nicki Dugan, Yahoo's blog editor.

"About 40 percent of the e-mail we deliver on Yahoo Mail is signed with Domain Keys," Dugan wrote in a recent blob. "And we hope [this] news gets the attention of information security officers at some of the more obvious phishing targets so we can help protect even more consumers from the havoc these scams wreak."

Toward Mutual Authentication

Andrew Braunberg, a research director for the Enterprise Software and Security group at Current Analysis, said Domain Keys is a good approach to authentication as it flows in the same vein of the movement in other markets, especially financial services, toward risk-based authentication.

But Braunberg said companies have to consider the level of authentication that is appropriate to the communication. "There is always some overhead associated with any security technology," he said. "There's always a trade-off between productivity and security, or access and security."

Braunberg pointed out that you don't want to make people jump through six hoops every time they want to open Outlook. "It doesn't make sense," he said. "It's got to be a more rationalized, prioritized approach to defining security requirements. That's where the market is moving."

While the Domain Keys method might sound like an ideal solution to the problem of phishing and spam, because it works automatically in the background so that users never see the e-mail that is identified as fraudulent, it is of limited usefulness unless a majority of e-mail providers back it.

Tell Us What You Think
Comment:

Name:

MORE IN DATA SECURITY

Next Article >

INSIDE TOP TECH NEWS NETWORK SITES SERVICES BENEFITS