Gmail tries out antiphishing tools

Google's popular free Web-based e-mail service is testing phishing protection designed to alert members to potential e-mail fraud attacks.

When a Gmail user opens a suspected phishing message, the software displays a large red dialog box stating: "Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information." The service also provides a hyperlink to information on Gmail's help pages about e-mail fraud.

Related feature
Have you been phished?

Check here to see whether an e-mail that appears to be from your bank or an online merchant is actually an attempt to defraud you.

Phishing fraud schemes typically use e-mail messages that seem to come from a trusted service provider such as a bank or an online retailer. The messages contain links to Web sites that also seem to belong to those businesses, but that attempt to fool people into handing over sensitive information such as passwords and credit card numbers.

Gmail will also remove all live hyperlinks from suspect HTML-based e-mails to protect people's systems from potentially fraudulent Web sites. The addresses of the sites can still be accessed by examining the original code of the e-mail, a feature that Gmail provides.

Gmail has also provided a prominent "Report Spam" button to its users. Any messages reported as spam get sent to a separate folder and Google's antispam software is notified. The company's help pages say that "the more spam you mark, the better our system will get at weeding out those annoying messages."

In 2004, Google added a similar, but less obvious, button to its service, inviting users to "Report Phishing."

Google competitors Yahoo and Microsoft could not be reached for comment on whether their Web-based e-mail services offer phishing protection.

Google has made several moves to cut down dubious e-mail. In October last year, the company implemented DomainKeys on its e-mail servers. DomainKeys is a technology invented by Yahoo that tries to crosscheck e-mail messages to verify their origin. Yahoo itself only implemented the service on its own mail servers in November 2004.

The idea behind DomainKeys is to thwart e-mail spoofing or spam messages that appear to be from legitimate addresses but actually originate elsewhere.

DomainKeys attaches encrypted digital tags to each e-mail. Each e-mail is then compared with a publicly available database of legitimate addresses. If the tag and database entry do not match when the e-mail arrives, the e-mail does not make it into the recipient's in-box.

Alternatives to DomainKeys do exist. Microsoft (which owns Hotmail) is supporting its own e-mail authentication technology for Web-based e-mail: Sender ID. Yahoo and Microsoft have filed their technology specifications with the Internet Engineering Task Force as proposed Internet standards. The IETF is the body that defines standard Internet protocols such as TCP/IP.

Renai LeMay of ZDNet Australia reported from Sydney.

[bigyahu]

now *that's* helpful

Funny that this announcement came on the heels of Google's decision to up Gmail accounts to 2Gb. As even the GMail product manager admitted at the time, only a tiny % of customers actually need 2Gb. I'd suggest fewer than 10% need more than 100Mb.

But everybody gets Phished. Now it's time for Google to really get serious and add anti-viral scanning of email attachments. At the moment, that and international language versions of the email service are the main features that make Yahoo! Mail a better product.

[michael_siddha]

yo bigyahu

Anti-virus scanning will not help stop phishing. It may help a little but it will not prevent phisher emails from reaching your inbox.

[bigyahu]

now *that's* helpful

Funny that this announcement came on the heels of Yahoo!'s decision to up Yahoo! Mail accounts to 1Gb, and Google's decision to see Yahoo! and raise it another 1Gb to offer 2Gb to its Gmail users. As even the product manager admitted in an interview, only a tiny % of customers actually need 2Gb. Suspect fewer than 10% need more than 100Mb.

But everybody gets Phished. Now it's time for Google to really get serious and add anti-viral scanning of email attachments. Yahoo! Mail has offered Norton Anti-Virus scanning of email attachments for a couple of years now, and it is very, very good, stopping both incoming and outgoing viruses.

While we're requesting improvements in Google, que diriez-vous d'ajouter des versions internationales de langue à Gmail?

http://idiots.blogspot.com/2005/04/google-mail-vs-yahoo-mail-who-wins-and.html

hasnt this been around for a long time now?

I saw this msg 5 months ago or so!

[nickcharlton]

Hey Harish

Did you go to Umass CS?

MailScanner

MailScanner has been detecting phishing attempts for well over 6 months now. This really is nothing new.