Slashdot Mirror

← Back to Stories (view on slashdot.org)

Domain Key Identified Mail vs Phishing

Posted by ryuzaki0 on from the fifty-six-thousand-spam-in-the-last-thirty-days dept.

alphadogg writes "Some of the Internet's most powerful companies — including Yahoo, Google, PayPal and AOL — are brandishing a new weapon in the ongoing battle against e-mail fraud. DKIM is an emerging e-mail authentication standard developed by the IETF. DKIM, which stands for DomainKeys Identified Mail, allows an organization to cryptographically sign outgoing e-mail to verify that it sent the message. DKIM addresses one of the Internet's biggest threats: e-mail fraud. As much as 80% of e-mail that purports to be from leading brands, banks and ISPs is spoofed, according to a report released in late January by the Authentication and Online Trust Alliance (AOTA)."

1 of 180 comments (clear)

  1. Counter-measure by The+MAZZTer · · Score: 4, Interesting

    From: fraud-dept@interbankcorp.com
    To: joe.smith@someplace.somewhere
    Reply-To: fraud-dept.interbankcorp.com@freewebmailplace.bleh

    Hello, we at InterBankCorp have been having a problem with other people accessing your account, and transferring funds out of it. We are working to rectify this problem, and all we need from you is your username, password, and pin number to confirm that you are the legitimate holder of the account.

    You may note that this e-mail is not signed digitally, as we assured you all our communications with you would be. We are having problems with our e-mail servers, rest assured this message is legitimate as it contains our official logo. Our e-mail problems will be resolved shortly and we will go back to using digital signing to verify our authenticity with you.

    Thank you again for helping us resolve this problem with your account.