Tech giants team up for better spam fix

PUBLISHED : Tuesday, 31 January, 2012, 12:00am
UPDATED : Tuesday, 31 January, 2012, 12:00am


E-mail and social media giants Facebook, Google, Microsoft and Yahoo have teamed up in a new global alliance that aims to significantly reduce the threat of fraudulent electronic messages, such as 'phishing' and 'spam', which litter the internet.

The four companies joined 11 other firms in the technical working group named - short for Domain-based Message Authentication, Reporting and Conformance - that has developed and aims to promote widespread adoption of an official internet standard based on existing technologies to combat deceptive e-mail.

'E-mail phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in e-mail and the internet as a whole,' said DMARC chairman Brett McDowell, the senior manager of customer security initiatives at online payments service PayPal.

'Industry co-operation - combined with technology and consumer education - is crucial to fight phishing,' McDowell said.

Security software provider Symantec called phishing an online con game and the so-called phishers nothing more than tech-savvy con artists and identity thieves.

A phishing message typically includes at least one link to a fake web site, designed to mimic that of a legitimate business and trick the recipient into divulging sensitive data, such as bank and credit card accounts.

Spam, the electronic version of junk mail, involves sending unwanted messages, often unsolicited advertising, to a large number of recipients. So-called spammers also deliver viruses, spyware and targeted phishing attacks.

'Google fights phishing and e-mail fraud at tremendous scale every day,' said Adam Dawes, a product manager at Google, which operates the free Gmail service and social networking platform Google+.

Dr Liu Wenyin, an assistant professor and renowned anti-phishing scientist at City University, pointed out that internet search engines, online messaging and chat platforms were increasingly being used for phishing activities.

'By establishing a comprehensive e-mail authentication standard, can attract more organisations, such as financial services providers, to use that technology and make it easier to detect and stop phishing e-mails,' Liu said.

The proposed DMARC specification also creates a mechanism for e-mail providers, such as Google and Yahoo, to send reports back to e-mail senders to help catch any gaps in the authentication system. It will be sent for approval to the online standards body, the Internet Engineering Task Force, after more testing.

E-mail security systems provider Agari, another founding member of DMARC, said the 'brand hijacking' problem that phishing had created cost affected companies in the United States an estimated US$15 billion in losses over the past five years.

Other members include AOL, Bank of America, PayPal, Fidelity Investments, LinkedIn, American Greetings, Cloudmark, Return Path and the Trusted Domain Project.