eBay and PayPal are two of the most popular targets of phishing scams on the Internet. There’s no doubt that most of you have received a fraudulent email regarding a PayPal or eBay account that you may or may not even have, asking for you to verify your information. These emails look like they’re legit, but they’re really not. Many people stay away from using eBay simply for security reasons which is why officials over at the auction site have to be as proactive as possible about keeping their users safe. With the help of Yahoo, eBay is hoping to stop the fraudsters in their tracks and keep the phishing emails that they send out of the inboxes of Yahoo Mail users.
The technology that stops the fraudsters is called DomainKeys and it was developed by Yahoo and implemented today. DomainKeys checks to see that the person sending the mail is really who they say they are. According to the Yahoo blog, DomainKeys uses cryptography to verify the domain of the sender. “In overly simplified terms, if the email’s originating domain ain’t really eBay.com or PayPal.com, it ain’t going through” says Nicki Dugan, Yahoo’s Blog Editor. Yahoo’s system won’t even deliver a message to the inbox which means the consumer doesn’t even have the chance of being victimized. Yahoo says that the technology will be “rolled out globally over the next several weeks to all Yahoo! Mail users.”
While DomainKeys sounds great, there is one potential problem, and that is if the software isn’t 100% fool-proof. Should someone be trying to send a legitimate email and DomainKeys picks it up as a scam, it won’t even get delivered. It’s completely blocked and the user will never receive it, not even in their spam folder. While this could certainly cause a problem, the benefits of DomainKeys far out-weight any of the downsides. Phishing is a real problem that needs to be dealt with and according to Reuters, “Despite the industry disagreements, an underlying consensus is emerging among software vendors, Internet service providers and corporate Web sites that digital email signing in one form or another is the best shot to combat phishing.”