World’s biggest Internet companies and financial services firms have developed a new strategy to fight email spam that they hope will reduce online scams. Facebook, Google and Microsoft Corp have teamed up with financial firms Bank of America Corp, Fidelity Investments and PayPal to create a set of industry standards for preventing criminals from sending out spam emails that appear to come from corporate email addresses.
These days it has become common for fraudsters to pose as banks and other trusted firms in attempts to persuade email recipients to provide payment card numbers, bank account information and other personal data. At times, users are forced to click on links that infect computers with malicious software. The new strategy will have email providers and businesses attacking spammers by coordinating on a massive scale. Two existing technologies for email authentication known by the acronyms SPF and DKIM will be adopted for the purpose.
Currently PayPal is using SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) technology standards to fight email spoofing, but only through partnerships with Yahoo and Google. The group that developed the new standard goes by the name DMARC.org, which stands for Domain-based Message Authentication, Reporting and Conformance.
Once the new system has been fully implemented, if Yahoo or Gmail get an email claiming it came from Paypal, but it is not properly authenticated with SPF or DKIM, the email will not get delivered. But if fraudsters send spoofed PayPal email to other email providers, it might get through. Other companies involved in the strategy to stop spam include, American Greetings Corp (AM.N), LinkedIn Corp (LNKD.N) and Yahoo as well as privately held Agari, Cloudmark, eCert, Return Path and the Trusted Domain Project.