DomainKeys Offers Phishing Solution - DomainKeys Mounts its White Steed (or is that my router?)
(Page 4 of 4 )
That is where DomainKeys comes into play. DomainKeys is a product that is owned by, and used in, Yahoo's web-based mail. The system that protects against imitations posing as one of the big boys has been in use for a couple of years now by Yahoo, but is growing in popularity as another web-based email giant, Gmail, has taken to using the DomainKeys technology to spare their end users the pain of being scammed by these phishers.
The method used by the DomainKeys technology works like this:
1. Sites register their DNSes (Domain Name Servers) with the DomainKeys system. Emails will need to be sent from that registered server.
2. The DomainKeys system adds an extra header to the email that identifies the sender's DNS to verify where the message is coming from.
3. The email is verified by the web-based system (Yahoo! Mail or Gmail) which checks to make sure it is using the correct header to be from where it says it's from. If it doesn't have the right header, it goes to the spam box.
Yahoo! has been pushing for this to become a web-based email anti-phishing standard since the inception of the DomainKeys technology several years ago, but it was slow to start. Now with a second large web-based mailer on the board with this technology, it is once again on the road to becoming the standard for email security.
Which brings up the following question: when it becomes the standard, won't a new generation of crackers just find a new way around the new security precautions? Of course, some will, but the idea with email, or any online security really, is to make it as hard as possible for as many people as possible to break your system and scam your users.
So, in the end, DomainKeys is a great way of protecting email from phishing scams for now, and it will most likely become a web security standard in time. When it does, it may eventually be thwarted, as all things in the world of technology security almost always are. The odds are that it will take a while for the standard to be cracked, however, so don't discount it for now. Just keep an eye out for reports of fakes, and never, ever click a link in one of those emails; always type the name or URL of the site into a fresh tab or window, depending on your own personal preference.
*You didn't really think I would give you a play-by-play of how to scam people, did you? If you did then you came to the wrong place. This author only supports the responsible, conscious and constructive use of the online world. Partly because I hate the scammers and partly because I really hate to get sued by major companies.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
