Top email service providers are teaming up to slash phishing emails that attempt to trick recipients into thinking they are coming from a legitimate source.
Companies like Facebook, Google, Yahoo, PayPal, Windows Live Mail Google Inc and 13 other companies?are preparing a project named DMARC.org (Domain-based Message Authentication, Reporting and Conformance) which will use a feedback loop between both legitimate email sender and receiver.
Brett McDowell, Chair of DMARC.org and senior manager of customer security initiative at PayPal said: ?Email phishing defrauds millions of people and companies every year, resulting in loss of consumer confidence in email and Internet as a whole. Industry cooperation combines with technology and consumer education is crucial to fight phishing.?
According to the DMARC analysis, email phishing has created a widespread problem that has resulted to confusion between email users and providers. However, presently there are two options available: SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) which could also be implemented.
Meanwhile, DMARC is trying to integrate authentication more completely into their infrastructure. The group suggests, ?A sender could set policies to easily request a provider to discard unauthenticated email in order to block phishing attacks.?
Email service users of Yahoo, Google, AOL, Microsoft and other companies are having a bad time because of regular phishing emails in their inbox. Many email users do not have any idea about what exactly phishing is?
Phishing attack is actually when a hacker impersonates a trustworthy institute, say a bank through the website or email message in order to get victims to hand over personal information such as passwords or credit card numbers. It is actually designed to steal money and usually executed by cybercriminals.
Many mail users get a threat that their email account would be closed down, if an immediate reply to the message is not given. It also contains influential website links asking your number, address, password etc.
Cybercriminals may also convince you to install malicious software that can really access your personal information by hacking. Phishing emails usually contain spelling mistakes, threats of blocking the account, popular company name and links of the company.
Apparently, the new policy framework done by companies will be more difficult for phishing attack by allowing the end user to identify the mail from sender.
SAFER MAIL AUTHENTICATION
The statement released by DMARC group states: ?Today email receivers lack a reliable way to know the extent to which an email sender uses standards like SPF and DKIM for authenticating their message.? It also added providers must rely on complex measurements to separate legitimate unauthenticated messages sent by the domain owner from fraudulent phishing mail sent by scammer.
There are list of email providers, social media firms, financial institutes that are taking part in slashing phishing email. AOL, Gmail, Hotmail, Yahoo Mail, Bank of America, Fidelity Investments, PayPal, Microsoft, Facebook, LinkedIn and such other major companies are involved in this project.
Overall, 15 companies will be announcing this project which will ask them to authenticate their legitimate communications with customers.?DMARC.org is also planning to submit the specification to Internet Engineering Task Force to standardise the system for better results.
Sources: WSJ, Times of India, CNET, Slashgear, Microsoft.com