You are here: Home / Microsoft / Battle vs. bogus email: Microsoft, Google, Facebook, others team up on new plan

Battle vs. bogus email: Microsoft, Google, Facebook, others team up on new plan

by 9 Comments

An unlikely alliance of online giants, including rival email services Microsoft Hotmail and Google Gmail, announced this morning that they’re working together on a new strategy to crack down on deceptive and fraudulent email messages.

The approach gives email services a new way of cooperating with email senders, such as web domain owners, to automatically double-check that messages going through the system are really coming from that sender, building on existing email authentication technologies.

It’s called DMARC, for Domain-based Message Authentication, Reporting & Conformance. Here’s a diagram from the group showing how it works …

It’s a new strategy in the battle against spam and phishing messages that try to trick users into buying illegitimate goods or downloading malware, among other things.

The system dates to 2007, when PayPal started working with Yahoo Mail and later Gmail to reduce fraudulent mail. Now the group is looking to spread the practice across the industry.

The 15 participants in the group are email providers AOL, Gmail, Hotmail, and Yahoo Mail; financial institutions and service providers Bank of America, Fidelity Investments and PayPal; online services American Greetings, Facebook and LinkedIn; and email security providers Agari, Cloudmark, eCert, Return Path, and the Trusted Domain Project.

  • Guest

    This looks like a good plan, but I’m afraid that the battle for email is already lost. These measures, strictly speaking, are optional; email providers can implement them at their own leisure.

    We recommend that our clients switch to more reliable messaging transports, such as Facebook and Twitter, that mandate higher levels of quality on message sending. Quite frankly there are too many scammers that have ruined email for the legitimate few.

    • Anonymous

      Nonsense. I rather doubt my bank will begin communicating with me via Facebook anytime soon.

      The whole point of this effort appears to be to “mandate a higher level of quality on message sending”. Technology can and should make it much easier to consumers (and email providers) to recognize the legitimacy of message senders.

      • Guest

        Your bank doesn’t communicate with you by email because email is not secure. The only email you get from your bank says, “Log in to your account to read your secure message.” Anything more could easily be lost to a hacker reading your unencrypted insecure mail.

        What if you didn’t have to log in to your bank account to see your bank mail? We already trust Facebook with our very identities. Communicating with my bank is well within the company’s competency spectrum.

        • Anonymous

          I don’t have an issue with your assertion that Facebook provides certain authentication or security benefits within its messaging system.

          What I disagre with is that the world will give up on the most open, platform-, company-, and government-agnostic messaging platform yet created for what is essentially a private service.

          Email will survive and evolve to better handle secure messaging requirements, outside of the control of a single corporate entity, no matter how benign.

          • Guest

            Ninety-five percent of the mail  I received on “the most open, platform-, company-, and government-agnostic messaging platform yet created” is spam. Junk, Stephen. Utter drivel. I’ve informed my ISP about it and all they can do is provide primitive filters that block some of the junk and some of the good mail. This is nonsense.

            By contrast, when I click on Facebook, I see a brilliant symphony in cerulean blue carefully tuned to my every whim. Certainly it is controlled by one company, but this company has earned the trust of nearly one billion of the most well-educated men in the world. Frankly, it rises above the tedium of email.

            Consider Apple’s iOS and Google Android. Apple iOS is completely controlled. You can’t install it on just any telephone. You can only install software that Apple has approved. By all accounts Android should be “the most open, platform-, company-, and government-agnostic messaging platform yet created” of operating systems, and yet it is essentially in a dead heat with a centrally-controlled platform. Billions of mobile phone users have chosen a platform that is centrally controlled because, in their words, it just works better.

            Stephen, I would strongly urge you to reconsider your devotion to “the most open, platform-, company-, and government-agnostic messaging platform yet created.” Email as we know it is a doomed technology. Curated messaging service provide a much more pleasurable experience.

        • http://eyejot.com/users/davidg davidgeller

          Simply not true. My statements from financial instituions contain a great deal of information, just nothing that could be stolen and used against me. Mint’s email contain detailed transactional information. Facebook won’t be a viable communications pathway until it ceases to be a walled garden. Twitter’s DM model is unlikely to be seriously considered as a competitor to email without it first supporting more robust payloads. 

        • http://eyejot.com/users/davidg davidgeller

          Simply not true. My statements from financial instituions contain a great deal of information, just nothing that could be stolen and used against me. Mint’s email contain detailed transactional information. Facebook won’t be a viable communications pathway until it ceases to be a walled garden. Twitter’s DM model is unlikely to be seriously considered as a competitor to email without it first supporting more robust payloads. 

          • Guest

            David, wouldn’t you prefer if your bank would disintermediate Mint? What I mean is, instead of you giving your login credentials to Intuit, your bank could simply send you robust meaningful information directly. I’ve specifically asked my bank to send me my bank statements as email attachments, and my bank has declined. Mint does what I want, but its use contravenes my bank’s admonishment not to give out my user ID and password.

            Banks have high standards of security that email quite frankly doesn’t provide. There are two ways to remedy this shortcoming: one is to simply ignore security in the interest of convenience (i.e. to use Mint) and the other is to use a more secure, robust, trustworthy communications medium (e.g. Facebook or the revised Twitter payloads you’ve discussed).

  • http://tvjames.blogspot.com/ TV James

    This is great.  From this explanation, it sounds like you could easily snap in an ESP as well.  Just need to get Comcast on board because if one of the people upstream from me can’t get the email in their comcast.net address then the email didn’t go out and I “have serious deliverability issues that must be resolved before any more emails go out.”