eBay fight back against spoof emails

No primary category set

Rob Chesnut had some interesting news today, eBay are fighting back with new technology to step the tide of phishing emails. In a session at eBay Live! he confirmed that Domain Key Signatures are being introduced to all eBay emails. Domain Key Signatures allow ISPs to check that the email actually came from eBay, and if not it can be dumped before it hits the recipients email inbox.

Yahoo are going to start blocking unauthorised spoof emails from June this year, and other ISPs will follow suit in the near future.

In addition Rob emphasised that all eBayers (and in fact all Internet Users) should upgrade to the most recent browsers such as Internet Explorer version 7 and FireFox version 3 if they haven’t already.

There was an interesting explanation of how reporting spoof emails works. When it’s forwarded to [email protected] or [email protected] it hits a bank of computers which scan the email for URLs and check them against a database. If the URL has been seen before no further action is taken. If however it’s the very first instance of that URL within minutes a member of the Trust and Safety team will examine it, and if it’s a spoof further action is taken. The URL is entered into a global database that all banks and other institution subject to phishing can access. Then the ISP hosting the spoof website is contacted and normally the site is offline within about ten hours.

The database the URLs are entered into is important for every web user – if they try to access the URL in the latest browsers the browser will automatically check the database and warn the user with a red title bar that they’re on a known spoof site. This highly visual warning happens before the page loads so that the user can close their browser and type the URL of the site they intended to visit before entering any data such as user names and passwords.

The news is not unexpected, but it’s good to know Trust and Safety are proactively fighting spoof and phishing and interesting to know more about how the process works when you report a spoof email.

2 Responses

  1. Interesting investment in technology – the very sort of thing you think the banking sector would have set up! (unless they have?) Maybe an opportunity there for ebay/paypal to offer a commerical service if they dont already ?

  2. The banking sector use the same global database that eBay do for dumping known spoof site URLs into – that part is shared and is what powers the green/yellow/red address bar in the newest browsers 🙂


eBay Live UK to launch with Katherine Ryan and Amy Bannerman

eBay Live UK to launch with Katherine Ryan and Amy Bannerman

eBay 3PM Shield acquisition bolsters ability to identify fakes

eBay 3PM Shield acquisition bolsters ability to identify fakes


New eBay Best Offer Features announced at eBay Live


Whistl launches Posthub to focus on Advertising Mail


66% of products from online marketplaces failed safety tests

ChannelX Guide...

Featured in this article from the ChannelX Guide – companies that can help you grow and manage your business.


Take a look through a selection of the latest articles on ChannelX

Register for Newsletter

Receive 5 newsletters per week

Gain access to all research

Be notified of upcoming events and webinars