DKIM Blocks eBay Phishers at Yahoo

Similar methods to follow with other webmail providers.

Get It Try It

'As CISO I'm paid to be paranoid', writes Michael Barrett. 'Security on the Internet is a classic arms race and the criminals are always looking for ways to get around everything we do to protect you.' But for now classic PayPal/eBay phishing attacks through Yahoo accounts may be a thing of the past.

'There are about half a dozen large Internet service providers around the world which between them operate nearly 50% of the world's mail addresses', writes Barrett. 'We're working with all of them to implement similar technology to what we announced with Yahoo.'

Welcome News

'This is welcome news as PayPal and eBay were the #1 and #2 most phished companies in September', comments Brian Krebs. The volunteer anti-phish group PhishTank uncovered 3649 PayPal scams and 3509 distinct eBay spoof sites in the past month alone.

How It Works

The DomainKeys system (DKIM) adds the header 'DomainKey-Signature' to outgoing mail with a digital signature of the outgoing message. The default implementation uses SHA-1 encoded with base64 as the digest and RSA as the public key scheme.

The receiving servers then use the originating domain name, a _domainkey string, and a selector from the header to perform a DNS query. The data returned by the DNS server includes the domain's public key. The servers then decrypt the MD and compare it with their own MD for the message. A match proves the message originated where the sender address claims it came from.

The patent to DomainKeys #6986049 is assigned to Yahoo; Yahoo have released DomainKeys under both a royalty free nonexclusive licence and a GPL 2.0.

See Also
Security Fix: A Notable Step in the Fight Against Phishing
The PayPal Blog: Yahoo!, PayPal and eBay Fight Phishing Together