Gmail’s New Approach to Protecting Readers Against Phishing
Spoofing and phishing are on the rise. According to the RSA, more than 260 million emails were sent to consumers every day. A 2010 Symantec report shows more than 95 billion phishing emails were projected to be sent. Of these fraudulent messages, a significant percent of spoofing is for mailbox providers.
Authentication is one of the key tools we have in the fight against phishing and spoofing, however by itself, authentication just isn’t enough. There’s a need for multiple initiatives and products to make sure that your brand and your audience is safe. That’s why we created Domain Assurance – an additional way to protect your brand before it gets phished or spoofed.
Another weapon in the fight against these malicious security attacks is a proactive indicator within the webmail or desktop user interface. Gmail recently released a new warning message for emails that could be harmful. Now, when a sender is claiming to be from another Gmail account, but Gmail couldn’t authenticate that account, it is displaying an error message warning the receiver that “This message may not have been sent by: firstname.lastname@example.org” and provides a link to report the possible phishing attack.
This is the first time we’ve seen a “negative” indicator if there is no authentication at all. This is a little different from Hotmail’s “positive” indicator approach, which has been a trust mark next to selected messages that have passed authentication (“selected” means Hotmail is only doing this for a few hand picked, highly fished brands). What is neat about the Gmail approach is that it solves a problem with more “positive” approaches – if an ISP shows a trust mark next to every message that passes authentication, the mailbox starts to get very clutteredIf you are only showing a negative indicator for domains that you know use authentication a large portion (approaching 100%) of the time, the inbox will be less crowded.
It’s great to see the evolving way that webmail providers are joining the fight to educate consumers and email recipients to the expensive and dangerous emails that may be lurking in their inboxes and what they can do to not only stop it, but be aware of the larger problem.
About George Bilbrey
George Bilbrey is the founder of the industry’s first deliverability service provider, Assurance Systems, which merged with Return Path in 2003. He is a recognized expert on the subjects of email reputation and deliverability and is active in many industry organizations, including the Messaging Anti-Abuse Working Group (MAAWG) and the Online Trust Alliance (OTA). In his role as president of Return Path George is the driving force behind the ongoing innovation of our products and services. Prior to Return Path, George served as Director of Product Management at Worldprints.com and as a partner in the telecommunications group at Mercer Management Consulting. He holds a B.A. in economics from Duke University, and an MBA from the Kenan-Flagler School of Business, University of North Carolina.