Yahoo! has teamed with eBay and PayPal to save you from phishing scams. If you use Yahoo! Mail. And the scams involve eBay or PayPal.
Yesterday, the three companies announced that, over the next several weeks, Yahoo! Mail users worldwide "will begin receiving fewer fake e-mails claiming to be sent by eBay and PayPal." You see, Yahoo! is rolling out a new email authentication system that uses the company's very own DomainKeys technology to block such messages.
"By reducing the risk of phishing scams," said vice president of Yahoo! Mail John Kremer, "Yahoo! Mail now offers a much safer Web mail service for eBay and PayPal users."
Presumably, Yahoo! Mail is also offering a much safer Web mail service for extremely gullible people who succumb to eBay or PayPal phishing scams even though they don't use eBay or PayPal.
According to a spokeswoman for eBay and its PayPal subsidiary, the two companies have included DomainKey signatures on all outbound email since the end of 2006. So, if Yahoo! identifies a message that purports to come from the eBay or PayPal domain and it doesn't include the proper signature, the message will be blocked.
Of course, this doesn't stop eBay or PayPal scams that claim to originate from other domains. "If I try to get something through that says it's from PayPal, I'll put money down - a million to one - that it will now get stopped by Yahoo!," says Patrick Peterson, vice president of technology at email monitoring vendor IronPort. "But people can always send a PayPal phishing email from abcd.com."
IronPort's parent company, Cisco, is another big-name backer of DomainKey authentication. The technology was originally developed by Yahoo!, and in May 2007, a revised version - known as DomainKeys Identified Mail (DKIM) - was approved by the Internet Engineering Task Force as a "proposed Internet standard".
Currently, Yahoo!, eBay, and PayPal are using the original DomainKey technology dreamed up at Yahoo!, but they'll soon switch to DKIM. Our eBay and PayPal spokeswoman said DKIM technology will be in place "over the next few months".
She also said that all eBay and PayPal messages are signed with Microsoft's Sender ID signatures, an alternative to DomainKeys. eBay and PayPal hope to extend their anti-phishing efforts well beyond Yahoo! Mail.
"There are about half a dozen large internet service providers around the world which between them operate nearly fifty per cent of the world’s email addresses," wrote PayPal chief information security officer Michael Barrett, on the company's its official blog. "We’re working with all of them to implement similar technology to what we announced with Yahoo!" ®