Google on Tuesday said it is now using an e-mail authentication technology to keep phishers from luring Gmail users to fake eBay and PayPal Web pages in order to steal usernames and passwords.
The technology, DomainKeys, uses cryptography to verify the domain of the sender of an e-mail. It allows e-mail providers to validate the domain from which an e-mail originates, and it enables easier detection of phishing attempts by helping identify abusive domains.
Last October, Yahoo announced that it was protecting Yahoo Mail users with eBay and PayPal accounts from phishing attempts using the same technology.
The DomainKeys technology is covered by a patent assigned to Yahoo. The company released it under a dual-license scheme that allows the companies to use it royalty-free under the GNU General Public License (GPL 2.0), which enabled the Internet Engineering Task Force to approve it as a proposed Internet standard.
LimitNone, a small software development company, is seeking nearly $1 billion in damages in a lawsuit that accuses Google of reneging on a partnership with the small company and misappropriating its trade secrets for its Google Apps online service.
Specifically, the suit concerns LimitNone software called gMove designed to let people move e-mail, contacts, and calendar information stored in Microsoft Outlook to Google's online service. Google initially helped LimitNone develop, promote, and sell the product, assuring LimitNone it wouldn't offer a competing product, but then reversed course by giving away its own tool, Google E-mail Uploader, to premier-level Google Apps customers, the lawsuit said.
"With gMove priced at $19 per copy and Google's prediction that there were potentially 50 million users, Google deprived LimitNone of a $950 million opportunity by offering Google's competitive product for free as a part of its 'premier' Google Apps package," the lawsuit, filed Monday in Cook County Circuit Court in Illinois.
Google didn't immediately comment for this story.
LimitNone had shared confidential technical and sales forecast details with Google, the lawsuit said.
"Without Google's knowledge and use of the gMove trade secrets and confidential information, Google would not have been able to solve its longstanding Microsoft Outlook to Gmail conversion problem," the lawsuit said. "At a minimum, Google's access to the internal workings of gMove allowed it to gain a significant head start on designing the inner workings for a competing application."
Google's product "copied gMove's look, feel, functionality, and distribution model, including several unique and proprietary operations," the suit said.
And in May 2008, Google changed its user interface, breaking gMove compatibility and forcing the company to provide customer refunds.
The complaint alleges Google misappropriated trade secrets from LimitNone and violated fraud law by inducing LimitNone to share confidential information Google used to develop its competing product.
Yahoo Mail, the top provider of Web-based e-mail, is letting users sign up with the ymail.com and rocketmail.com domains in an attempt to attract new users and keep existing ones loyal.
The move is geared to help people find a better e-mail address, said John Kremer, vice president of Yahoo Mail. "We want users to get the exact e-mail account they want so they stay with us for life," he said.
Because "yourname@yahoo.com" is likely taken by now, a lot of people must resort to unpleasant and hard-to-remember addresses such as "yourname1988@yahoo.com." Yahoo wants to give people a new chance with a name they like.
Yahoo headquarters in Sunnyvale, Calif.
(Credit: Stephen Shankland/CNET News.com)The rocketmail name dates back to Yahoo's $92 million acquisition in 1997 of Four11, a company that offered the free RocketMail service.
"It's a great brand," Kremer said. "Those who have no memory of our service in the late 1990s indicated they like it, and those who indicated they want to be retro like it for the fact that it's associated with Yahoo.com since the beginning."
Maybe it's retro for Yahoo, too, which is under fire from shareholders after a bruising takeover attempt by Microsoft. Probably plenty of employees enjoy thinking nostalgically about the company's dot-com glory days. But the company is trying to move forward, too, with Mail one major part of the company's Yahoo Open Strategy (YOS) strategy.
Open mail
Through YOS, Yahoo is trying to make its online services a foundation for third-party applications. For mail, that means letting other applications appear on the Mail "canvas," Kremer said.
In this area, Kremer said, Yahoo was inspired by technology the Yahoo got through its acquisition of online e-mail specialist Zimbra in 2007.
"Zimbra was a pioneer in opening up Web services within the Zimbra application. They have open applications within their space that are used all over the place," he said.
There are now "no walls" between Yahoo Mail and Zimbra engineers, he added, though the business units are separate. "They share a lot of what they do. You'll see in very short order products on our site built on their technology, and vice versa," Kremer said.
The Internet company revamped its Yahoo Mail interface beginning three years ago, calling the update the "all-new Yahoo Mail" for well over a year now. The new interface is based on technology from Yahoo's 2004 acquisition of Oddpost.com.
The "all-new" badge will be removed "pretty soon," Kremer added.
Rolling Thunder
Yahoo plans a "rolling thunder of announcements" around Yahoo Mail in the next six to eight months, he added. Some significant changes will include as a "smarter inbox," work to make Yahoo Mail fit better in today's world of social networking, and the opening of the mail platform, he added.
It's a good thing, because there are plenty of competitors--not just traditional Web mail outfits such as Microsoft Hotmail, AOL, and up-and-coming Google Gmail, but also social sites such as Facebook and MySpace. Yahoo considers the full spectrum of competition, though.
"What we believe here at Yahoo is all communication is eventually coming together," Kremer said. "You don't need to bounce out to a separate social communications site or a different social event site when most of those tools are really just communications. If it's built on the same address book and calendar information, you can see them coming together in a single, more productive, smarter inbox."
It's tough to stay on top of Google, but I thought I'd draw some attention to some developments involving the search powerhouse.
Google Street View now blurs all over, not just in Manhattan.
(Credit: Google)• More Street View with more privacy: One year into Google's launch of the Google Maps feature to show a driver's-eye view of the world, Google added 37 new cities, including Atlanta, Buffalo, N.Y., Ann Arbor, Mich., Fresno, Calif., and Cincinnati. It effectively doubles the coverage of Street View, engineer Jiajun Zhu said in a Google LatLong blog posting.
In addition, Street View face-blurring technology that first was tried with Manhattan imagery now is deployed all over, Google said.
• WordPress snafu: Google blocked e-mail sent to Gmail from WordPress.com on Wednesday, including notifications that blogs at the site had been updated. "A handful of third-party sites had problems sending email to Gmail users. We resolved the issue within a half hour of discovering it," Google said in a statement.
• Updated Trends. Google added two new abilities to make its Google Trends service more useful as a tool to monitor what's popular in searches and the chatter of news and blogs. First is a quantitative element that more precisely compares different search terms--for example Windows XP vs. Windows Vista; the chart is now calibrated so the relative popularity can be judged. Second is the ability to export Trends results as a data file.
• Journalism on YouTube: The Google video-sharing site now is able to call specific attention to journalistic efforts by creating a new "reporter" channel, according to the YouTube blog.
• PDF support in Docs: The Google Operating System blog has uncovered some evidence that points to support of Portable Document Format within Google Docs, the online applications suite. That makes sense given how widely used it is and that it's an openly documented and now standard format.
• Bypass Flash. On search results, Google now lets users bypass Web pages' Flash introductions--the kind of whiz-bang animations that rarely are worth watching more than once. Google search results now can let users, in effect, click the "skip intro" button on such sites if they want, Google Blogoscoped reported.
• Members of Google's mobile device team discuss how its Google Maps for Mobile service (think GPS Lite) works. The technology lets some phones figure out their rough location based on proximity to cell phone towers. It's available through Gears for Windows Mobile, and Google is adding support for geolocation in general to the new 0.4 version of Gears under development now.
Update 5:35 p.m. PDT: I added more details and a comment that Gmail should finally exit its beta-testing phase "soon."
MOUNTAIN VIEW, Calif.--Google will invite users to try new features the company is considering adding to its Gmail service, the company said Thursday.
At 6 p.m. PDT Thursday, users will be able to select from 13 new features in a "labs" tab in the Gmail settings page, said Keith Coleman, a Gmail product manager, in a meeting with reporters here.
The 'labs' tab in Gmail settings now has experimental options for users.
(Credit: Google)"The idea is you can do whatever you want, get it out to tens of millions of people, and get feedback," Coleman said. And popular features will be incorporated into Gmail proper.
Among the new features that are possible:
• A quick-link tool that lets people bookmark specific Gmail messages.
• Superstars, which lets people select custom stars to label mail.
• The "e-mail addict" tool that lets people lock themselves out of their e-mail account for 15 minutes.
• A fixed-width font option to view a message within a font whose characters are the same width--handy for some formatting challenges.
• Mouse gestures that let users take actions based on mouse movements.
• Custom keyboard shortcuts.
• Signature tweaks that let people automatically add a signature file above quoted text in an e-mail reply.
• "Muzzle," which conserves buddy-list screen real estate by hiding status messages.
For now at least, only Google engineers can add features. "Any engineer can code a labs feature," Coleman said. "Once the code is written and mostly working, it'll get into the next product build that goes to users" through the labs feature.
Eventually, though, the company is interested in opening the system up to outsiders if it can find a way to integrate outside code.
"We'd like to get to a point where more people can build on this. That would require something with a different level of interface," Coleman said. "We're interested in making it possible of users and us to iterate on the product faster, so it's something we're interested in."
The openness of Gmail contrasts with the arguably greater openness of Yahoo's Zimbra, which is an open-source project. However, just because a project can be modified doesn't mean those modifications will appear in the version of Zimbra that Yahoo or another company offers as a service.
Google is trying to be open-minded with the feature additions for now.
"There are some things in here we think are probably bad ideas," Coleman said, pointing specifically to a snake game that's one of the 13 features that's amusing but probably not a great idea for mainstream deployment. "It's something we would never do."
The code behind the new features has been vetted at a basic level, but not otherwise heavily tested or screened.
If Gmail is so great, how come it's been in beta testing for four years now?
"We have really high standards," Coleman said. "There are a few things we want to do before we take it out of beta, but we expect to do it soon."
A "serious security flaw" in Gmail turns Google's e-mail service into a spamming machine, according to a recent security report.
INSERT, the Information Security Research Team, has created a proof of concept that exploits the "trust hierarchy" that exists between mail service providers. By exploiting a flaw in the way Google forwards messages, a spammer can send thousands of bulk e-mails through Google's SMTP service, bypassing Google's 500-address bulk e-mail limit and identity fraud protections.
The report notes that with the rising volume of spam, e-mail providers have turned to whitelists and blacklists to help root out IP addresses of known spammers. Because Gmail falls into the trusted-whitelist category, messages are allowed "carte blanche" to bypass spam filtering.
INSERT's report notes that no extraordinary Internet expertise is necessary to exploit the flaw:
In this regard, this document presents a vulnerability report and a proof-of-concept attack that demonstrate how anyone with no special Internet access privileges other than being able to connect to SMTP (TCP port 25) and HTTP (TCP port 80) servers is able to exploit a single Gmail account in order to be granted nearly unrestricted access to Google's massive whitelisted SMTP relay infrastructure.
Google has offered no official comment on the report.
This isn't the first Google tool to appeal to spammers. In April, my colleague Elinor Mills reported that spammers were now using Google Calendar.
Before I became a marketing wonk I was a knowledgeable technologist, which is probably why I've never once enjoyed any e-mail system that I have used or implemented. Over the last 15 years, I have tried pretty much everything, from Pine to Zimbra, to MS Exchange to Lotus Notes and several different IMAP and POP options. Every time it's the same thing--the system works within reason but is never great. And there is always something that bites you in the rear.
I first started outsourcing e-mail to managed providers in 2003 when I worked for a CEO who demanded MS Exchange and we only had Linux boxes. It was never great and it was too expensive to boot. But the offerings have gotten much better and at this point I can't see a small- or medium-sized business running its own mail server. It's just not necessary.
Here are my fundamental hopes for e-mail:
- Reliable delivery of mail (dare to dream)
- Reliable delivery of mail on mobile devices (Blackberry and iPhone)
- Shared calendaring with administrator abilities (i.e. admin access)
- Backup and recovery
- Reliable SPAM prevention
- Sync across multiple computers and devices
A problem this week hampered some Gmail users trying to use their PayPal accounts.
The problem caused Gmail to reject some legitimate PayPal service e-mails, Google confirmed in a statement Friday. The problem, reported Tuesday, prevented people from using Gmail to receive confirmation e-mails, set up new accounts, or reset passwords for eBay's online payment system.
The problem "affected a very limited number of users," Google said. "We worked quickly to fix the problem, and we apologize for any inconvenience this issue may have caused." The company encourages those with technical difficulties to report them to the Gmail Help Center.
Many Gmail users had problems with the Google e-mail service's ability to communicate with e-mail software Wednesday.
Numerous people on a Gmail Help forum reported problems tapping into Gmail with IMAP (Internet Message Access Protocol) technology, which lets people with desktop e-mail software such as Thunderbird or Microsoft Entourage to do so.
Google acknowledged the problem but said it's fixed. "Gmail users had difficulty accessing some features in Gmail for about a half hour today. The issue is now resolved," the company said in a statement Wednesday.
"We take issues like this very seriously, and we encourage anyone who is having technical difficulty of any kind with Gmail to contact the Gmail Support team through the Gmail Help Center."
The glitch came at an inopportune time. Google is trying to encourage not just individuals but also companies to use its online services; Google Apps, of which Gmail is a component, features prominently in a Google alliance with Salesforce.com.
"A huge, if not number one selling point for moving one of our companies over to Google Apps was Google's robust network!" complained one user. "Now that we have migrated over, it seems we are abused children who do not deserve an explanation for why the service we pay for is taken offline. Perhaps it is time to find a new e-mail host."
I can't help but notice that after all these years, Gmail still technically is in beta testing, a strong signal that people should be cautious about relying on it.
(Via David Berlind.)
The first application I open and the last one I close each workday is Gmail.
Even though I use the service's labels and filters to sort my mail, I often found myself scrolling through the 600-plus messages in my Gmail in-box to find the one I need.
Then I discovered Gmail's search operators, and my scrolling days were over.
For instance, when I need to find the message from Ellen with the agenda attached, I type from:ellen filename:doc. If I need to find the message I sent my brother Larry about the NCAA basketball tournament pool we entered, I type to:larry subject:ncaa. And to locate the e-mail from one of my editors (for whom I've created a label) about my blog posts for the last two months, I enter label:editor (february OR march).
You'll find some of these same search parameters when you click "Show search options" to the right of the Gmail search box, but operators are faster, plus they give you more flexibility. For example, you can use the date range drop-down menu in the Search options box, or just enter after:2008/04/04 before:2008/04/07 to search mail that arrived last weekend.
Gmail's Search options box provides options for narrowing your e-mail searches, but they're not as fast as using the service's search operators.
(Credit: Google)
Get your Gmail work done faster via keyboard shortcuts
I'm a keyboard shortcut fan from way back, so it's embarrassing to admit that I didn't realize I could use the time-saving wonders in Gmail until I had been using the service for more than a year. To activate the shortcuts, click Settings and select "Keyboard shortcuts on" under the General tab.
Now when you want to compose a new message, type C, or Shift-C to open a blank message in a new window. Type a slash (/) to put the cursor in the search field, # to move the selected message to the Trash folder, ! to report it as spam, K to select the previous message in your in-box, and J to move to the next one.
When you're in "Conversation" mode, type R to reply to the selected message (Shift-R opens a new window for the reply), A to reply to all, and F to forward the message. Remembering these options can be a challenge, so type ? to view a list of keyboard shortcut options (and Esc to close the list).
Tomorrow: Get more out of Mozilla Thunderbird's search options.
