Tech companies' new system fights email phishing scams

Select an option below to continue reading this premium story.

Already a Honolulu Star-Advertiser subscriber? Log in now to continue reading.

Get unlimited access

From as low as $12.95 /mo.

Subscribe Now

NEW YORK » Google, Facebook and other big tech companies are jointly designing a system for combating email scams known as phishing.

Such scams try to trick people into giving away passwords and other personal information by sending emails that look as if they come from a legitimate bank, retailer or other business. When Bank of America customers see emails that appear to come from the bank, they might click on a link that takes them to a fake site mimicking the real Bank of America’s. There they might enter personal details, which scam artists can capture and use for fraud.

To combat that, 15 major technology and financial companies have formed an organization to design a system for authenticating emails from legitimate senders and weeding out fakes. The new system is called DMARC — short for Domain-based Message Authentication, Reporting and Conformance.

SAFER EMAIL
Big tech firms and other businesses are banding together to create a system to fight email scams called phishing.

What is phishing:
Emails are sent that look like they are from a legitimate bank, retailer or other business to try to get people to give away personal information and passwords.

The group’s founders:
>> Email providers: Microsoft Corp., Yahoo Inc., AOL Inc., Google Inc.
>> Financial service providers: Bank of America Corp., Fidelity Investments, eBay Inc.’s PayPal
>> Online service companies: Facebook, LinkedIn Corp., American Greetings Corp.
>> Security companies: Agari, Cloudmark, eCert, Return Path, Trusted Domain Project

Don't miss out on what's happening!

Stay in touch with breaking news, as it happens, conveniently in your email inbox. It's FREE!

By clicking to sign up, you agree to Star-Advertiser's and Google's Terms of Service and Privacy Policy. This form is protected by reCAPTCHA.

DMARC builds upon existing techniques used to combat spam. Those techniques are designed to verify that an email actually came from the sender in question. The problem is there are multiple approaches for doing that and no standard way of dealing with emails believed to be fake.

The new system addresses that by asking email senders and the companies that provide email services to share information about the email messages they send and receive. In addition to authenticating their legitimate emails using the existing systems, companies can receive alerts from email providers every time their domain name is used in a fake message. They can then ask the email providers to move such messages to a spam folder or block them outright.

According to Google, about 15 percent of nonspam messages in Gmail come from domains that are protected by DMARC. This means Gmail users "don’t need to worry about spoofed messages from these senders," Adam Dawes, a product manager at Google, said in a blog post.

"With DMARC, large email senders can ensure that the email they send is being recognized by mail providers like Gmail as legitimate, as well as set policies so that mail providers can reject messages that try to spoof the senders’ addresses," Dawes wrote.

Work on DMARC started about 18 months ago. Beginning Monday, other companies can sign up with the organization, whether they send emails or provide email services. For email users, the group hopes DMARC will mean fewer fraudulent messages and scams reaching their in-box.

Tech companies’ new system fights email phishing scams

Don't miss out on what's happening!