Gmail And Yahoo Mail Users Now Protected Against eBay And PayPal Phishing Mails
The award for the longest title ever could go to this one. But it's good news actually. Both Email services are "supporting email authentication standards including DomainKeys and DomainKeys Identified Mail (DKIM) to verify senders and help identify forged messages" for a few years now but could not eliminate all phishing emails because of companies signing their mails only partly.
The filter was therefor not perfect which still meant that users were seeing phishing emails in their inbox and spam folders.
PayPal and eBay finally made the decision to sign all emails originating from their servers including the international versions which means that it is possible to eliminate PayPal and eBay phishing emails before they even reach the inbox or spam folder. The system was tested for a few weeks silently and only a few users did notice according to the official Gmail blog.
Now any email that claims to come from "paypal.com" or "ebay.com" (and their international versions) is authenticated by Gmail and -- here comes the important part -- rejected if it fails to verify as actually coming from PayPal or eBay. That's right: you won't even see the phishing message in your spam folder. Gmail just won't accept it at all. Conversely, if you get an message in Gmail where the "From" says "@paypal.com" or "@ebay.com," then you'll know it actually came from PayPal or eBay. It's email the way it should be.
Sounds like a dream come true and could pose an end to phishing if more companies, and mail providers, would jump on the bandwagon of signed emails. Companies that come to my mind first are financial companies and other online stores. I still would not blindly trust any email from PayPal or eBay that would arrive in my inbox but it definitely is a step in the right direction. The best way to handle it is to visit the websites manually and perform the eBay or PayPal login there.Advertisement