Leading Companies Banding Together to Fight Phishing

Agree to use standard email authentication specification to make it harder on phishers

2 min read
Leading Companies Banding Together to Fight Phishing

Today begins a coordinated effort by fifteen of the leading email service and technology providers including AOL, Bank of America, Facebook, Google, LinkedIn, Fidelity Investments, Microsoft,PayPal and Yahoo to reduce phishing emails and spam.

According to a press release by DMARC.org (DMARC stands for Domain-based Message Authentication, Reporting & Conformance), this group of companies and others has been working on developing an email authentication technical framework standard based on the Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) standards for the past 18 months.

The press release states that:

"The DMARC specification addresses concerns that have traditionally hindered widespread deployment of an authenticated, trusted email ecosystem. Today, email receivers lack a reliable way to know the extent to which an email sender uses standards like SPF and DKIM for authenticating their messages. As a result, providers must rely on complex and imperfect measurements to separate legitimate unauthenticated messages sent by the domain owner from fraudulent phishing messages sent by a scammer."

"By introducing a standards-based framework, DMARC has defined a more comprehensive and integrated way for email senders to introduce email authentication technologies into their infrastructure. For example, a sender could set policies to easily request a provider to discard unauthenticated email in order to block phishing attacks. The specification also creates a mechanism for email providers to send detailed reports back to email senders to help catch any gaps in the authentication system. This feedback loop raises the trust level within the email ecosystem and makes it easier to detect and stop phishing attempts."

According to a story in the Wall Street Journal, PayPal has been using email authentication technologies since 2007, and is now blocking some 200 000 phishing-type emails a day.

By using the DMARC standard, a company could send an email to a customer with a link embedded within it, and the customer could actually trust that clicking on the link won't send them to some malware site. Currently, companies—especially banks such as Bank of America —tell customers that they don't send emails with such embedded links, and to never click on them.

The press release goes on to say that DMARC intends to send its authentication framework standard to Internet Engineering Task Force (IETF) for standardization after further field testing.  

DMARC.org obviously hopes that other email senders will sign up to the standard, which will make it increasingly hard for phishers and spammers to operate. However, it will take a while before a critical mass is reached, and it may take some time for email recipients to begin trusting links in company emails even if the DMARC standard takes off. I, for one, will still be highly suspicious of any email I get from a company telling me to click on a link, DMARC standard or not.

The WSJ story also points out that even if every email sender were to follow the standard, it won't totally eliminate email fraud. However, "it will mean that scammers [will] need to find new addresses with which to launch their attacks. Instead of crafting an email that looks like it comes from paypal.com, for instance, it would need to come from 'paypalpayments.com' or some other fake site."

Forcing spammers and phishers in that direction will also make it easier for search engines to detect them as well. However, I suspect what will also happen is that spammers and phishers will start using the good old-fashion telephone more to try to find victims.

The Conversation (0)

Metamaterials Could Solve One of 6G’s Big Problems

There’s plenty of bandwidth available if we use reconfigurable intelligent surfaces

12 min read
An illustration depicting cellphone users at street level in a city, with wireless signals reaching them via reflecting surfaces.

Ground level in a typical urban canyon, shielded by tall buildings, will be inaccessible to some 6G frequencies. Deft placement of reconfigurable intelligent surfaces [yellow] will enable the signals to pervade these areas.

Chris Philpot

For all the tumultuous revolution in wireless technology over the past several decades, there have been a couple of constants. One is the overcrowding of radio bands, and the other is the move to escape that congestion by exploiting higher and higher frequencies. And today, as engineers roll out 5G and plan for 6G wireless, they find themselves at a crossroads: After years of designing superefficient transmitters and receivers, and of compensating for the signal losses at the end points of a radio channel, they’re beginning to realize that they are approaching the practical limits of transmitter and receiver efficiency. From now on, to get high performance as we go to higher frequencies, we will need to engineer the wireless channel itself. But how can we possibly engineer and control a wireless environment, which is determined by a host of factors, many of them random and therefore unpredictable?

Perhaps the most promising solution, right now, is to use reconfigurable intelligent surfaces. These are planar structures typically ranging in size from about 100 square centimeters to about 5 square meters or more, depending on the frequency and other factors. These surfaces use advanced substances called metamaterials to reflect and refract electromagnetic waves. Thin two-dimensional metamaterials, known as metasurfaces, can be designed to sense the local electromagnetic environment and tune the wave’s key properties, such as its amplitude, phase, and polarization, as the wave is reflected or refracted by the surface. So as the waves fall on such a surface, it can alter the incident waves’ direction so as to strengthen the channel. In fact, these metasurfaces can be programmed to make these changes dynamically, reconfiguring the signal in real time in response to changes in the wireless channel. Think of reconfigurable intelligent surfaces as the next evolution of the repeater concept.

Keep Reading ↓Show less