Saturday , September 20 2014
Whatz Hot :-
Home / Internet / Latest Internet News / Google, Microsoft and others putting kibosh on phishing emails

Google, Microsoft and others putting kibosh on phishing emails

phishing 100024436 large Google, Microsoft and others putting kibosh on phishing emails

Google

A year after Google, Microsoft and other email heavyweights launched the DMARC program to filter out spoofed email that attackers use for phishing, they say an estimated 60 percent of the world’s email boxes are now safe.

“This empowers mailbox providers to take definitive actions on fraudulent mail,” says Trent Adams, senior adviser of ecosystem security at PayPal information risk management, part of DMARC supporter eBay. “This has shut down entire avenues that lead to widespread email fraud. It’s a lot like an inoculation.”

Message Of Google

Of the 325 million spoofed messages blocked during the last two months of 2012 via the DMARC process, 49 million were targeted for “highly phished domains, like PayPal and Facebook,” Adams says. Blocking those phishing messages before they hit email recipients “from a PayPal perspective, that protection is golden,” he says.

 

140783 phish logo thumb original2 Google, Microsoft and others putting kibosh on phishing emails

DMARC stands for “Domain-based Message Authentication, Reporting and Conformance,” and basically it’s a filtering process based on policies in which email managers implement the DMARC.org specification to check that email originated from where it was supposed to. DMARC supports standards that include Sender Policy Framework and DomainKeys Identified Mail, two basic approaches for authenticating mail.

 Support Of Google

The spoofed mail caught through DMARC can be blocked, quarantined and deleted. According to DMARC.org, the top 10 email senders which today publish a DMARC record to support this anti-spoofing process, are:

  • facebookmail.com
  • google.com
  • amazon.com
  • livingsocial.com
  • taggedmail.com
  • zyngamail.com
  • youtube.com
  • facebookappmail.com
  • new.itunes.com
  • ebay.com

Support for DMARC has been growing, with Mail.ru, the largest mailbox provider in Russia, for example, getting on board with it, points out Krish Vitaldevara, DMARC.org chair and Microsoft principal group program manager.

He says the experience with DMARC technology has been positive enough that Microsoft is thinking about implementing this functionality in some products, such as Exchange.

email scam 100017850 medium3 Google, Microsoft and others putting kibosh on phishing emails

Although an estimated 60 percent of email boxes today may be supported by DMARC, that leaves plenty that aren’t. (DRMARC.org points out that as of last April, the Radicati Group estimated there are 3.3 billion email accounts, expected to rise to over 4.3 billion by the end of 2016.)

Mike Adkins, messaging engineer at Facebook, says the DMARC.org group is hoping to win support for the technology from large telecom providers and ISPs. Comcast just indicated it would come on board, he says.

Have the bad guys started catching on to DMARC, though?

“We know that fraudsters are looking at DMARC,” says Adams, adding there have been some variations in attack patterns indicating they’re trying to get around it. But have they broken it? So far, it doesn’t appear so.

[ Source :- Pcworld ]

One comment

  1. Wavatar

    I want somebody that is aware of email, their headers & the origination. Here’s rapid from it: My boyfriend continues to be disloyal previously however i think he might be in internet marketing again. There exists a shared email account. I received an e-mail from someone. The e-mail was delivered to 2 addresses: our’s and the other unfamiliar current email address. The unfamiliar current email address had his birthdate around the finish. Being suspiscious, I attempted to log-in. I could not. I attempted the Yahoo password wizard. It recognized certainly one of his personal Yahoo emails because the alternate current email address because the response to certainly one of it’s “secret questions.” Therefore, whoever produced this current email address put his band current email address in because the alternate current email address if this was registered. I submitted a duplicate from the email to myself & erased the initial. Let me send a duplicate to a person to allow them to tell e anything that they’ll about this, where it originated from, etc. I already attempted the “Ip searches” but they’re confusing as hell. If anybody available might help me, please message me at [email protected]

    Thanks, Callie

Leave a Reply for your confusion