Email Authentication Bites Into Phishing Problem
Email Deliverability - Justin Premick - October 5th, 2007 - Permalink“Awesome!”
Not especially eloquent, but the first word that leapt from my mouth when I read about Yahoo! blocking PayPal & eBay phishers using DomainKeys.
Just the other day we blogged about phishing and a great game from CMU that teaches people how to recognize phishing sites.
Now. according to Yahoo’s Yodel Anecdotal blog, whenever you get an email that looks like it’s coming from eBay or PayPal:
“[…]if the email’s originating domain ain’t really eBay.com or PayPal.com, it ain’t going through.”
Hopefully this greatly reduces the success of phishing attacks on their users, and induces other ISPs and common phishing targets to pick up on Yahoo’s and eBay/PayPal’s lead.
What’s DomainKeys?
DomainKeys is one type of email authentication — one of many methods that ISPs and responsible mailers use to get requested, legitimate email delivered while keeping spam out of inboxes.
You can learn more about DomainKeys directly at Yahoo’s site, or by checking out our own overview of email authentication.
As a responsible member of the email marketing community, AWeber authenticates all of our users’ email campaigns.
This entry was posted on Friday, October 5th, 2007 at 11:15 am and is filed under Email Deliverability. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a comment response, trackback from your own site, or permalink.
October 6th, 2007 at 6:03 pm
Thanks so much for this post. I learn so much from you guys!
I had never received a Phishing email until yesterday and reported it to PayPal immediately. They confirmed it was a Phishing Email.
Also, a scam that members of my company are familar with and I’m sure other companies are too, filled out my online form today.
They claim they are interested in ordering huge amounts of product and a check is in the mail… like you’re really going to send it!
It’s pretty obvious that they’re not the real deal! But I’m sure there are those that would think it is.
Anyway, thanks again for all your information you share with us.
October 8th, 2007 at 2:49 am
I was aware that Yahoo! had email authentication when mail was sent from other Yahoo email accounts. Not that this helped much, it only verified that the cousin of the Nigerian Oil Minister’s cry for help to transfer $20 million was made from a Yahoo account.
The authentication of PayPal and eBay is certainly much better news, hope others will follow. I am still getting at least 10 email each to either ‘verify my PayPal account’ or telling me that I’m an ‘eBay power seller’ but now all of them go straight to the spam bin.
October 10th, 2007 at 11:16 pm
I am very happy to learn that PayPal and Ebay are joing Yahoo in the fight against phishing. It is really disconcerting to learn of all the fraud and scams on the internet, but I suppose it is logical there is always somebody waiting to take advantage of or take what you have,
I too, appreciate the information and tips you share with us and will make or second a motion that you keep up the good work.
October 18th, 2007 at 4:45 am
I appreciate the fact that you are endeavoring to engage these e-mail authentication technologies. However, some of them require that the sending domain create some DNS records (if I understand correctly). We have not created any of these records for our domain.
For example, you have a list of sending IP addresses corresponding to your servers. Should those be represented as authorized sending IPs for my domain?
October 18th, 2007 at 7:41 am
David,
Setting up authentication records (SPF at the least) for your domain is a good idea… but you don’t need to include AWeber’s IPs in your record.
We’re set up in such a way that while your email address/name appear in the "from" line of your messages, the messages themselves are sent from us on your behalf (if you look at the full/detailed headers for a message sent from your account you’ll see a few lines in there that identify the message as being sent from us). That way, the email authentication we’ve implemented covers all of our users’ newsletters & autoresponders.
If you’re interested, check out our Knowledge Base for more on email authentication.