|Google, Microsoft and Others Team Up To Develop Anti-Phishing System|
Tech Giants Including Facebook, Google, Microsoft, Yahoo and Others
| 9:01 pm on Jan 30, 2012 (gmt 0)|
Google, Microsoft and Others Team Up To Develop Anti-Phishing System [washingtonpost.com]
|Google, Facebook and other big tech companies are jointly designing a system for combating email scams known as phishing. |
|To combat that, 15 major technology and financial companies have formed an organization to design a system for authenticating emails from legitimate senders and weeding out fakes. The new system is called DMARC — short for Domain-based Message Authentication, Reporting and Conformance. |
DMARC builds upon existing techniques used to combat spam.
| 10:01 pm on Jan 30, 2012 (gmt 0)|
Does it mean that we will have to register our web DN based emails addresses such as firstname.lastname@example.org used to reach a registered user, for example as the result of a cron job, so the user will know it comes from a reputable source and as such won't go directly in the garbage?
if so I can smell a coming fee for it!
| 10:53 pm on Jan 30, 2012 (gmt 0)|
The DMARC website is at: [dmarc.org...]
| 11:57 pm on Jan 30, 2012 (gmt 0)|
I have my own system, I only use my real name with a very select few people (no company other than my bank and not even Google knows it) and I can spot fake emails instantly because they are addressed to my internet name and not to me. I have other ways of knowing as well but...
If you give a different name for every application you use you will know exactly where the fake emails are placing you on radar (and which company is selling your name/info to these phishers/spammers).
Google aims to force me to use my real name everywhere but... no. I just don't see how blocking is going to match up with my current system. I hope they DO make it impossible to fake the sender email however, that would be a start, since I regularly get email offers that appear to be sent from me.
| 12:46 am on Jan 31, 2012 (gmt 0)|
I kind of do that, I have one for most social stuffs, but G gathering is making it tough to keep compartmentalized.
Long time I did not get any one forged with my name or something pertaining to me, actually over one year!
| 2:38 am on Jan 31, 2012 (gmt 0)|
The problem with this so-called solution is that any computer that gets hacked can have authentic email sent from the source so any botnet with lots of hacked PCs and servers can send authentic spam, just like they do now, big whoop, NEXT!
The only way you'll ever stop phishing, or spam in general for that matter, is to educate the idiots.
Anyone willing to buy pharmaceuticals from unsolicited spam, stuff that could be potentially deadly, and stuff it in their stupid mouths, obviously needs some education instead of more technology.
Fixing email alone doesn't stop phishing as it can be done via twitter, hacked domains, hacked ad servers, any number of methods including the cold calling on the telephone.
Stop wasting money on screwing up email protocols and spend it on good old PSA on TV, radio, email, start shoving the message in their faces and maybe they'll listen.
I'm thinking people that fall prey to phishing and spam should be required by law to take an anti-phishing class, kind of like traffic school for bad drivers, before they'll correct the financial loss the phishers caused the victim. I know that sounds a little silly but the victim wouldn't be a victim if they were better educated and more diligent about simple things like the URLs the phishers took them to visit.
Legislate a shrink-wrap test pre-installed on all new computers. The computer won't activate unless you can pass a computer literacy test that's built into the box which includes a section on phishing and spam. Then require a similar computer literacy test by all ISPs before activating any online access. Once again, when you sign up for an email account, beat the consumer over the head with another test about spam and phishing before being allowed to use that email account. Just to be safe, make everyone currently signed up for existing emails take the test to continue using those accounts. Eventually, people will get the idea they might not be annoyed with all these annoying online computer literacy tests if they pay attention and stop falling for phishing and spamming emails!
I'm thinking about every 6 months people should be reminded how to avoid phishing and be re-tested to continue using those accounts.
Stop the stupidity and you stop the spam when it's no longer profitable.
Unfortunately, greedy idiots will still think someone from Nigeria is really going to give them millions or those cheap ED pills from the Avian Guano Island Republic are perfectly safe.
Wait, they've tried educating people about those deadly cigarettes too, never mind.
Excuse me Sir, may I have another cup of technology please?
| 3:10 am on Jan 31, 2012 (gmt 0)|
Anyone care to put what I need to do in straight forward English?
As last year it took me a while to get my head around spf and implement that.
| 3:31 am on Jan 31, 2012 (gmt 0)|
Looks like a nice addition to SPF and DKIM. Just one more little thing that we need to do - and we already have far too much to do. I agree with @incrediBILL, stop stupidity and you stop the spam. Monitize e-mail (getting bulk mail to the inbox) and you'd also stop the spam. Anyone know what the conversion rate on spam is these days. 1 in 200k?
| 12:05 pm on Jan 31, 2012 (gmt 0)|
|Anyone know what the conversion rate on spam is these days. 1 in 200k? |
It varies a lot. It might be quite high if the email source is trusted.
| 1:40 pm on Jan 31, 2012 (gmt 0)|
|Anyone care to put what I need to do in straight forward English? |
That's an absolutely valid request!
| 4:34 pm on Jan 31, 2012 (gmt 0)|
I'm with incrediBill, they'll just make it so much harder for everyone to run their own email servers , and spammers will just find new ways. Like botnets.
Microsoft still can't come up with an idea how to block brute force dictionary attacks for what, 15+ years now in their OS? What do they know about email spam...
Below I think is a very good idea, though, why don't the big providers be required to send each user email every 6 months describing phishing, new techniques and how to protect yourself. That'll do this whole mess much more good IMHO.
|incrediBill: I'm thinking about every 6 months people should be reminded how to avoid phishing and be re-tested to continue using those accounts. |
| 3:24 am on Feb 7, 2012 (gmt 0)|
New ways? It looks like the old ways will largely continue to work.
I cannot understand what this will achieve that SPF does not, except notifying the sender about failures.
It also seems misleading to market this as "anti-phishing", its anti-spam in general.
| 6:41 am on Feb 7, 2012 (gmt 0)|
|It also seems misleading to market this as "anti-phishing", its anti-spam in general. |
Yes, it is anti-spam, but spam isn't sexy anymore and phishing has a negative financial impact on it's victims so phishing is the new spam.