Three of the world's best-known email-service providers - Microsoft, Google and AOL - have backed plans designed to dramatically reduce phishing emails. Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity. The overarching ambition of the new working group formed by a number of leading companies is to stop the flow of phishing emails, which deceive recipients into believing they come from a credible source.
The firms, which also enjoy support from the likes of Bank of America and PayPal, hope to create a more secure environment, where computer users feel secure in the knowledge that none of their mail is a trick.
As a result, they have formed DMARC.org, a group of 15 companies that strive to promote a standard set of technologies, which they say will lead to more secure email.
PayPal, which has used the authentication technologies with Yahoo's email service since 2007 and Google's since 2008, is currently blocking around 200,000 fake emails per day. Google, meanwhile, is currently protecting 15 percent of the messages the company delivers to inboxes, according to Adam Dawes, a product manager at the search engine giant.
Michael Osterman, president of Osterman Research, which tracks the messaging industry, explained that the phishing problem is one the industry has been trying to resolve for years. Now, though, he said that there is a real chance that this ambition will finally be realised. "If you are a big bank or a retailer, you have a very strong interest in making sure people trust your messages," he told the Wall Street Journal.
However, Brett McDowell, chair of DMARC and a senior manager at PayPal, acknowledged that even if email can be authenticated, it won't bring about the end of email fraud. But it will mean that fraudsters will be forced to find new addresses before they are able to send more emails, he said.
It will not cost businesses an obscene amount of money to start using the standards, according to Mr. McDowell, though he explained that it will mean that they need to identify every server that sends email and also check that the technologies are in use.
With the working group having just launched, Mr. McDowell said that he hopes to see makers of security and email software adopt the DMARC software.