Google, Microsoft, Facebook, Bank of America team to wipe out phishing

Can industry heavyweights Google, PayPal, Microsoft and AOL — along with 11 others in high-tech such as Facebook and LinkedIn, as well as the financial world’s Bank of America and Fidelity Investments — succeed in stopping phishing attacks right in their tracks? In uniting behind an effort called DMARC.org unveiled today, the group says it can through policy-based steps filter out spoofed email that attackers use for phishing.

“Whether you are an enterprise or offering a consumer service, you can apply this policy now,” says Brett McDowell, senior manager of customer security initiatives at PayPal, who is chairman of the organization DMARC, which stands for “Domain-based Message Authentication, Reporting and Conformance.” The DMARC.org site today published guidelines and the specification for its technology, which makes use of the well-known standards Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), two basic approaches widely used today for authenticating email.