This article is from the source 'bbc' and was first published or seen on . It will not be checked again for changes.
You can find the current article at its original source at http://news.bbc.co.uk/go/rss/-/1/hi/technology/7027451.stm
The article has changed 3 times. There is an RSS feed of changes available.
| Version 1 | Version 2 |
|---|---|
| Battle to beat fake Ebay e-mails | Battle to beat fake Ebay e-mails |
| (about 21 hours later) | |
| Fake Ebay and Paypal e-mails which are used to con users out of money are being targeted by a secure mail system. | Fake Ebay and Paypal e-mails which are used to con users out of money are being targeted by a secure mail system. |
| The online auction site and web pay service are working with Yahoo to use the firm's anti-phishing technology. | The online auction site and web pay service are working with Yahoo to use the firm's anti-phishing technology. |
| The firms are supporting the emerging standard known as domain keys, which block fake e-mails by validating the sender with a digital signature. | The firms are supporting the emerging standard known as domain keys, which block fake e-mails by validating the sender with a digital signature. |
| Spammers hide their identity by using a false, or spoofed, address in the millions of messages they send out. | Spammers hide their identity by using a false, or spoofed, address in the millions of messages they send out. |
| The technology, called the DomainKeys Identified Mail (DKIM), will be available to millions of Yahoo Mail users worldwide in the coming weeks. | The technology, called the DomainKeys Identified Mail (DKIM), will be available to millions of Yahoo Mail users worldwide in the coming weeks. |
| "It is a big step forward for consumers in defence against the bad guys," John Kremer, vice president of Yahoo Mail, told Reuters news agency. | "It is a big step forward for consumers in defence against the bad guys," John Kremer, vice president of Yahoo Mail, told Reuters news agency. |
| Targeted companies | Targeted companies |
| According to security analysts Trend Micro, eBay and its popular payment service Paypal are the two most targeted companies for phishing e-mails in the last months. | According to security analysts Trend Micro, eBay and its popular payment service Paypal are the two most targeted companies for phishing e-mails in the last months. |
| E-mail analysts MessageLabs reports that one in every 173 e-mails sent around the world each day contains some form of phishing attacks. | E-mail analysts MessageLabs reports that one in every 173 e-mails sent around the world each day contains some form of phishing attacks. |
| Two years ago if you asked companies whether they were using e-mail authentication, most people wouldn't have cared Chenxi Wang, Forrester Anatomy of a spam How to spot a phish | Two years ago if you asked companies whether they were using e-mail authentication, most people wouldn't have cared Chenxi Wang, Forrester Anatomy of a spam How to spot a phish |
| "Our message to both businesses and consumers is: beware of unexpected or strange-looking e-mails regardless of their sender and never open attachments or links contained in these email messages", said David Sancho, of TrendLabs at Trend Micro. | "Our message to both businesses and consumers is: beware of unexpected or strange-looking e-mails regardless of their sender and never open attachments or links contained in these email messages", said David Sancho, of TrendLabs at Trend Micro. |
| A recent YouGov poll, conducted on behalf of USwitch.com, reported that 35% of 2,500 people surveyed in the UK said they received more than 10 spam e-mails every day. | A recent YouGov poll, conducted on behalf of USwitch.com, reported that 35% of 2,500 people surveyed in the UK said they received more than 10 spam e-mails every day. |
| Yahoo's system is designed to automatically detect potential phishing attacks without relying on the consumer to intervene. | Yahoo's system is designed to automatically detect potential phishing attacks without relying on the consumer to intervene. |
| Encrypted signatures | Encrypted signatures |
| "If the consumer doesn't receive an e-mail in their inbox then it is very hard for the phisher to victimise them," Michael Barrett, PayPal's chief information security officer. | "If the consumer doesn't receive an e-mail in their inbox then it is very hard for the phisher to victimise them," Michael Barrett, PayPal's chief information security officer. |
| DKIM uses encrypted digital signatures to prove a message's origin. | DKIM uses encrypted digital signatures to prove a message's origin. |
| Although 90 to 99% of e-mail comes from senders known to the recipient, establishing the identity of a sender remains a key consideration in the protection against spam. | Although 90 to 99% of e-mail comes from senders known to the recipient, establishing the identity of a sender remains a key consideration in the protection against spam. |
| Spammers get away with sending spoofed e-mails because mail servers only check if a domain mentioned in these spoofed addresses - such as @madeupmailname.com - is known to be used by spammers. | Spammers get away with sending spoofed e-mails because mail servers only check if a domain mentioned in these spoofed addresses - such as @madeupmailname.com - is known to be used by spammers. |
| DKIM lets honest e-mail senders prove they sent a message by encrypting a two-part signature, or key, in a selected part of the mail. | DKIM lets honest e-mail senders prove they sent a message by encrypting a two-part signature, or key, in a selected part of the mail. |
| The e-mail provider, such as Yahoo, puts an encrypted private key into the e-mail when it is sent. | The e-mail provider, such as Yahoo, puts an encrypted private key into the e-mail when it is sent. |
| It is linked to a public key held by the internet's domain name system - the phonebook of the internet. | It is linked to a public key held by the internet's domain name system - the phonebook of the internet. |
| The mail server which receives the e-mail checks to ensure that the private and public keys match, proving that the message has come from a genuine sender. | The mail server which receives the e-mail checks to ensure that the private and public keys match, proving that the message has come from a genuine sender. |
| 'Coming around' | 'Coming around' |
| But in order for the technology to work, both the sender and recipient need their mail services to be signed up to DKIM. | But in order for the technology to work, both the sender and recipient need their mail services to be signed up to DKIM. |
| The technology was developed by Yahoo and is backed by AOL, Google, IBM, Sendmail and Verisign. | |
| A second standard, called Sender Policy Framework (SPF), is backed by Microsoft, Amazon and eBay, which supports both forms of protection. | |
| Digitally signed e-mails are expected to become the norm in the coming years. | Digitally signed e-mails are expected to become the norm in the coming years. |
| Chenxi Wang, a security analyst with Forrester Research, told Reuters: "Two years ago if you asked companies whether they were using e-mail authentication, most people wouldn't have cared. | Chenxi Wang, a security analyst with Forrester Research, told Reuters: "Two years ago if you asked companies whether they were using e-mail authentication, most people wouldn't have cared. |
| "The industry is slowly coming around," Mr Wang said. | "The industry is slowly coming around," Mr Wang said. |
| "EBay and PayPal are some of the first to actively block unauthenticated e-mails." | "EBay and PayPal are some of the first to actively block unauthenticated e-mails." |