Google to use Return Path anti-phishing system

Battles brand spoofing spam

Google has joined Yahoo, software site Tucows and filtering firm Cloudmark in signing up to use Return Path's now formally launched Domain Assurance service which the company claims will turn the screw on phishing and brand-hijacking spam.

The service is based on the observation that while the modern email delivery depends on authentication schemes such as Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), companies have little way of monitoring this across a multitude of domains this in order to spot problems.

In some cases, ISPs might block legitimate email because it has not authenticated properly or not block it because of uncertainty over its status. Into this gap jump spammers looking to use well-known brands - for instance those claiming to be from banks - to send plausible-looking phishing spam.

Enterprises subscribing to Domain Assurance audit their authentication by submitting email server IP addresses and domains to an audit list, which is then checked against failure statistics supplied by ISPs, including now Google.

The companies can view this data using a dashboard, spotting email from their domains which is not being properly authenticated, possibly by a marketing partner, as well as get insight into spoofing problems.

With an audit complete, they can pass back a request to ISPs to block all email that cannot authenticate safe in the knowledge that are not harming their own activities. They also have a clearer idea of which domains need to be taken down.

ISPs such as Google and Yahoo gain from the system even though they do not pay to use it because in the long run their servers and users will, in theory, receive fewer fraudulent emails.

"Currently companies can only react to a phishing attack, Domain Assurance changes the game by blocking phishing emails before they get delivered to the customer mailbox," said Return Path's president, George Bilbrey.

A key issue for the service is scale - the more customers, the better the blocking that can be carried out by ISPs. But it also needs large ISPs because there are what provides data on authentication problems and spoofing. The company currently claims that around 2,500 enterprises use the service.

In fact elements of the service has existed for some years and the formal launch of Domain assurance reflects its confidence that it has now reached a critical mass to offer more integrated services.

Join the CSO newsletter!

Error: Please check your email address.

Tags YahooGoogleAssuranceCloudmarksecuritySME

More about CloudmarkGoogleTucowsYahoo

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by John E Dunn

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place