Antiphishing standard in the works from Google, Facebook, others

Google, Facebook, Microsoft, Yahoo, PayPal and others are working together on a standard that can be used across the Internet for blocking phishing e-mails.

The 15 companies will be announcing on Monday DMARC.org, which stands for Domain-based Message Authentication, Reporting, and Conformance--a system for verifying that e-mails are coming from legitimate companies and not imposters trying to trick people into clicking a phishing link. Basically, the system offers a common way for companies to authenticate their legitimate communications with customers.

Also in the DMARC working group are AOL, Bank of America, Fidelity Investments, American Greetings, LinkedIn, and e-mail security providers Agari, Cloudmark, eCert, Return Path, and Trusted Domain Project.

Google, Microsoft, Yahoo, AOL, and Agari announced in November that they were doing this authentication coordination for Facebook, YouSendIt, and a few dozen other e-commerce companies and social networks. Now the effort is being expanded to include more participants. The antiphishing collaboration has been going on for 18 months between various partners, DMARC members said.

"About 15 percent of all e-mail in the Gmail in-boxes comes from these organizations that have published these DMARC records," said Adam Dawes, a Gmail product manager. "That means that these records can not be domain spoofed."

DMARC.org plans to submit the DMARC specification to the Internet Engineering Task Force for standardization.