back to article Yahoo! Teams! With! eBay! And! PayPal! To! End! Phishing!

Yahoo! has teamed with eBay and PayPal to save you from phishing scams. If you use Yahoo! Mail. And the scams involve eBay or PayPal. Yesterday, the three companies announced that, over the next several weeks, Yahoo! Mail users worldwide "will begin receiving fewer fake e-mails claiming to be sent by eBay and PayPal." You see, …

COMMENTS

This topic is closed for new posts.
  1. foxyshadis

    I'm confused

    Why would yahoo sit on its thumbs so long over the issue? I've been using DomainKeys and SPF for over a year to block the brunt of the phishing hitting my company. Ebay must be pretty royally pissed after spending effort to implement it, when Yahoo's done nothing to block it despite all the initial hype.

    Having two competing anti-phishing proposed standards is kind of lame, though.

  2. Tom Silver badge

    Simple solution

    No HTML email. None. Only plain text. Can't disguise anything in plain text. No pictures, no nothing. It is very obvious.

    Why this isn't obvious to everyone is beyond me. If you can't put the URL's in plain text then you can't obliterate the URL and disguise it somehow.

    Thankfully El Reg sends plain text emails.

  3. Andrew Heenan

    About Bl**dy time too!

    I'm glad that somethings being done - but it's shame they use it for self promotion. It's too important for that.

    Time that ALL the players got together and agreed a way forward. That's the only way it'll work!

    I don't mind 2,3 even four standards, so long as they don't work against each other.

    But one is better!

  4. adnim Silver badge

    Just stop it

    All on-line shopping and banking. In fact stop any and all e-commerce. simple. I couldn't give a fig if this happened within the next 5 minutes, even though it means I would have to find another job.

    Seriously, revise the email standards and allow only plain text. Any and every email containing html should get deleted at the very first relay the email hits.

    Although this would help, there is always the issue of attachments to contend with. I wonder how users, without thought, just open and run attachments regardless of source.

    Which "joe sixpack" or Radio One listener could resist an attachment such as: (Current Female/Male Flavour of the month) gets her tits/his cock out.exe. I know I can't. I've even removed my anti virus software because it stopped me running them for some reason.

  5. Graham Marsden

    Where's the icon for...

    ... Enough! With! The! Fricking! Exclamation! Marks! Already!

  6. Andy Barber

    @ Bl**dy time too!

    At least one the biggest email shifters is getting in the act.

    Just because a company (Yahoo!) has developed a technology to actually tackle spam, why knock it before it's been implemented?

  7. Dillon Pyron
    Thumb Down

    Yes, SPF

    SPF has some issues, but minor, except for a few people. But incredibly workable. If more ISPs used it, the world would be a nicer place. Yes, spammers could register their own domains and set up their own MX records, but I wouldn't get an email from hsbc.co.uk (just saw that one in my junk file about 10 minutes ago).

    My spam processor, part of Eudora, does a pretty good job. But something like SPF would be even better. And if I could get ISPs to actually do something about zombies on their network, things would get even better.

  8. Anonymous Coward
    Anonymous Coward

    WTF? Mollycoddling in the extreme

    Whatever happened to caveat lector? There are laws against fraud of course, and rightfully so, but the burden of protecting oneself from scam artists ultimately falls to the individual.

    To try to find a technical solution to the problem of basic human gullibility is, frankly, dumb. Before email, there were still direct mail schemes, telephone scams, and direct con games.

    The problem has nothing to do with IT, technology, HTML in emails, URL construction, or SPF records. The problem is that as long as there's a tiny percentage of extremely gullible people, fraud will continue to be profitable, and criminals will continue to perpetrate it.

    Repeat after me once more, class: "If something seems to good to be true, it's not. If someone tries to scare you into giving them money, you shouldn't. Don't let yourself be tricked, and no one will trick you."

  9. Nick Leverton

    Yahoo spam

    Considering the amount of spam I get which is sent from authenticated Yahoo webmail accounts, or sometimes even authenticated Yahoo SMTP accounts, I feel they at least could do much to clean up their mail sending act.

    I already run Domainkeys checks on Yahoo, Ebay and Paypal (and others) and receive little forgery spam as a result - only spam sent from Yahoo's users which has received the slight scoring boost I give Yahoo Domainkeys mail.

  10. Ken Hagan Gold badge

    Keep! the! Exclamation! Marks! Coming! ...

    ...for as long as Yahoo are jerks enough to insist upon them. Punctuation is optional in English. Ask any lawyer.

  11. Anonymous Coward
    Anonymous Coward

    @graham

    A while back, we all voted on '!' and the pro! exclamation! mark! party! won!

    They! will! never! stop!

  12. Tom
    Thumb Down

    Crap Joke

    The whole exclamation mark joke was pretty weak in the first place, but by now it's just got tedious.

    Thank you.

  13. Anonymous Coward
    Anonymous Coward

    Liability?

    So they have now publicly claimed they will prevent phishing attacks (see your headline for what the punters will actually hear; no matter the subtle implementation details...) - so will their users feel safer? And more inclined to think that the login email from eBay/PayPal is legit?

  14. Anonymous Coward
    Dead Vulture

    Worse than the exclamation marks

    Where have these silly 'comment icon' pictures come from and why?

  15. Mark Roome

    Anon

    I love the way the anonymous postings have gone from Anon to Anoymous to Anonymous Vulture to Anonymous Coward .....

    whats next?

  16. Marcus Bointon
    Gates Halo

    Plain text doesn't fix it

    Because plain text does unicode, and is thus susceptible to unicode phishing attacks: http://www2006.org/programme/files/xhtml/p63/pp063-fu-xhtml.html

    SPF still rules.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019