ABC News
July 8, 2008 11:03 AM PDT

Gmail now blocking fake eBay, PayPal e-mails

Posted by Elinor Mills
  • Font size
  • Print

Google on Tuesday said it is now using an e-mail authentication technology to keep phishers from luring Gmail users to fake eBay and PayPal Web pages in order to steal usernames and passwords.

The technology, DomainKeys, uses cryptography to verify the domain of the sender of an e-mail. It allows e-mail providers to validate the domain from which an e-mail originates, and it enables easier detection of phishing attempts by helping identify abusive domains.

Last October, Yahoo announced that it was protecting Yahoo Mail users with eBay and PayPal accounts from phishing attempts using the same technology.

The DomainKeys technology is covered by a patent assigned to Yahoo. The company released it under a dual-license scheme that allows the companies to use it royalty-free under the GNU General Public License (GPL 2.0), which enabled the Internet Engineering Task Force to approve it as a proposed Internet standard.

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Topics:

Security,

Web 2.0,

Google

Tags:

Google,

Gmail,

phishing,

security,

eBay,

PayPal

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Was InfoWorld's CTO of the Year award a year late?
VMWare VI4 renamed to vSphere
Red Hat's new support product demonstrates subscription value
Teen listens to iPod during brain tumor removal
NASA, Google Maps track Southern California wildfires
Sprint first to offer HTC Touch Pro
Flipping out: RIM BlackBerry Pearl Flip 8220 debuts
Sprint HTC Touch Diamond outed early
Add a Comment (Log in or register) 15 comments
by kyle5434 July 8, 2008 12:08 PM PDT
Kudos to Yahoo for releasing it under the GPL .
Reply to this comment
by Zero187 July 8, 2008 12:44 PM PDT
thank god
Reply to this comment
by humanssssss July 8, 2008 1:39 PM PDT
Phishers are doing a disservice to the commerce Internet. They need to be educated about voluntary exchange. It is not voluntary when people are going to a website expecting some other owner than the one stated in the email plus the malice intent of the site owner to trick users in believing the owner is the stated site. These websites should be taken down.
Reply to this comment
by pmchefalo July 14, 2008 6:18 PM PDT
What a humanitarian!
by JennyHow July 8, 2008 6:01 PM PDT
This is really a good move. Glad Gmail did it!
Reply to this comment
by garlota July 8, 2008 6:11 PM PDT
@humanssssss: Is that a serious comment? If it is, then it sounds very naive. First, phishers do not need to be educated. They know perfectly well what they are doing. They are attempting to steal money from people regardless of the consequences. They know perfectly well their activities ruin trust in online commerce, and that it is not at all "voluntary." No education. Also, there is not a single person on this planet that doesn't agree these websites should be taken down (except for the phishers themselves, and perhaps some malcontents that already distrust the internet and are happy to see its vulnerabilities exposed). The problem is that there is no single authority that has control over the internet that can do so. What authority there is on the internet is highly fragmented across thousands (if not millions) of private and public concerns all over the planet, falling under hundreds of different national (and thousands of local) jurisdictions. Usually, individual ISPs will take down such sites, but the phisphers just move on to another one or simply high-jack computers belonging to clueless users so they aren't answerable to any one at all.
Reply to this comment
by TogetherinParis July 8, 2008 9:18 PM PDT
Yahoo chokes with spam.
Reply to this comment
by nycborg July 9, 2008 5:28 AM PDT
Thank you Google!
Reply to this comment
by Urbane.Tiger July 9, 2008 6:04 AM PDT
I couldn't get a response from any instantiation of PayPal for 72 hrs last week - not from their web server, their payments gateway nor their mail server - wonder if it was Gargle testing DomainKeys, if so then it would seem to be the ultimate DoSser.
Reply to this comment
by imoracle July 9, 2008 7:41 AM PDT
Nice post, well I recieved an email yesterday itself asking me to update my card information as it has been deactivated and finally realized its a phishing site.

Read more and see the screen shots of the same here:

http://abhinavsingh.com/blog/2008/07/fake-email-from-paypal-cloned-sites/
Reply to this comment
by Seaspray0 July 9, 2008 2:50 PM PDT
Darn! Before I can help that nice Nigerian Prince export his money, I'm going to have to update my paypal account with this email I just got. But now google won't let me!
Reply to this comment
by JanTallent July 12, 2008 10:03 AM PDT
I agree with the kudos for gmail doing this and wonder why other companies have not or do not. I have spent most of the past 9 years working to help newbies avoid the scams and schemes and tricks but sure cannot reach enough of them and I feel ALL email programs can do this!
Just MHO.
Reply to this comment
by laugh-er July 14, 2008 7:00 PM PDT
I await to see the day when all SMTP/POP servers adapt this kind of technology as the standard. Then I can reduce my multi-layered Spam filtering to just one and finally see the filters list shrink.
Reply to this comment
by ajaypathak July 23, 2008 9:47 PM PDT
that's a old news
read here the complete story
http://readerszone.com/google/new-security-features-introduced-in-gmail.html
Reply to this comment
by davi010 August 12, 2008 6:12 AM PDT
Google has taken the initiative to do it!! I'm glad. Congratulations!
--------------------------
Kate
Washington Treatment Centers
Reply to this comment
advertisement

In the news now

Yahoo's Decker strong contender for CEO

Sources say the president of the embattled Internet search pioneer has been through two rounds of interviews with the board.


Gadget extravaganza in Las Vegas

CES 2009 is in full swing. Highlights so far include Palm's WebOS and Pre device, Microsoft's Windows 7 beta, and much more.


About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

News Blog topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
Site map
Latest news
Business tech
Green tech
Wireless
Security
Popular topics
Apple iPhone
Apple iPod
CES
Cell phones
Dell
GPS
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
Corrections
Customer Help Center
RSS
CNET Widgets
About CNET