Some of the world's biggest Internet companies and financial services firms have developed a new approach to fighting e-mail spam that they hope will reduce online scams.
Facebook, Google Inc.
Fraudsters often pose as banks and other trusted firms in attempts to persuade email recipients to provide payment card numbers, bank account information and other personal data or click on links that infect computers with malicious software. The new approach calls for email providers and businesses to attack spammers by coordinating on a massive scale the use of two existing technologies for email authentication known by the acronyms SPF and DKIM, which have yet to be widely adopted.
Getting rid of the riff-raff email
PayPal is one company that currently uses SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) technology standards to fight email spoofing, but only through partnerships with Yahoo Inc
If Yahoo or Google get an email claiming to come from PayPal that is not properly authenticated with SPF or DKIM, the email is not delivered, he said. But, if fraudsters send spoofed PayPal e-mail to other email providers, it might get through. “What we need is an Internet standard that allows this level of protection to work at scale – without any discussion, without any partner agreements,” McDowell said. “That is what DMARC does.”
Other companies involved in the group include American Greetings Corp