Google Mail automatically discards eBay and PayPal phishing emails
Google will no longer forward eBay and PayPal phishing emails to recipients using its Google Mail service – indeed they won't even make it into the spam folder. According to a blog entry by Gmail spam guru Brad Taylor, in future emails from paypal.com, ebay.com and their national counterparts will only be delivered to users' inboxes if they are digitally signed using the Domain Keys Identified Mail (DKIM) standard. The protocol provides for simple signing of outgoing email using a key which is valid for the relevant domain and can be queried by the recipient via the domain and matched with the incoming email.
Users finding email apparently from eBay or PayPal in their inboxes can thus in future be sure that it isn't a phishing attempt. Users will of course still have to be on their guard against other phishing tricks, such as entering the sender as 'poypal.com'. According to Taylor, eBay and PayPal have worked hard on the solution of signing absolutely all their email with domain keys. Google has apparently been carrying out successful tests on the method for some weeks, with no problems or complaints encountered, indeed few users have even noticed the change. Google is hoping to set a good example for others. The team behind DKIM is also hoping that other companies will follow suit. Uptake at present remains slight.
- Fighting phishing with eBay and PayPal, Blog entry from Brad Taylor
- Developers hope for wider use of the DKIM anti-spam protocol, news from heise Online