Yahoo is working with auction leader eBay Inc and its PayPal payments unit to block fake e-mails to users purporting to be from eBay and PayPal, hoping to spur on an industry that has been slow to fight the scourge of so-called phishing attacks.
EBay and PayPal have upgraded their computer systems to support an emerging technology standard known as DomainKeys invented by Yahoo that authenticates e-mail senders are who they say they are, allowing Yahoo to block fake e-mails.
The technology upgrade will be made available to Yahoo Mail users worldwide over the next several weeks, the company said.
Along with banks and pharmaceutical makers, eBay and PayPal are among the brands most targeted by phishers seeking to trick consumers into divulging personal information such as credit card or password data in order to commit financial fraud.
Over the past decade, phishing has been clogging the inboxes of e-mail users worldwide with ever more sophisticated attempts to fool users into clicking on fraudulent sites or giving up personal financial details to commit fraud.
A PayPal official said Yahoo's system provides a way of automatically detecting potential phishing attacks without relying on the consumer to do anything new.
"If the consumer doesn't receive an email in their inbox then it is very hard for the phisher to victimize them," Michael Barrett, PayPal's chief information security officer.
Two camps have emerged among technology providers seeking to develop a coherent approach to identifying e-mail senders.
One backed by Yahoo and Cisco Systems along with AOL, Google ,IBM , Sendmail and VeriSign is the DomainKeys Identified Mail (DKIM) technology, which allows e-mail providers to identify the Web domain from which a sender has sent e-mail.
A second standard known as Sender Policy Network (SPF) has been led by Microsoft, which offers its own version of SPF known as Sender ID. SPF-based protections are used by Amazon, AOL, GoDaddy and eBay, which supports both DKIM and SPF.
So far, most customers have installed sender authentication inside their e-mail systems as a monitoring tool but do not block e-mail for fear of false positives -- mistakenly treating legitimate customer e-mail messages as phishing attempts.