DMARC anti-phishing effort raises question about typo scammers

Will the law of unintended consequences make an appearance here?

There's essentially nothing but goodness in this latest anti-phishing effort  -- called DMARC -- by the likes of Google, Microsoft, Yahoo, Paypal and Bank of America. The idea is to increase public confidence in email received from household-name domains and others by preventing spoofed email from reaching customers at all.

However, one story I read made the point that DMARC is focused on protecting the integrity of legitimate domains and not designed to address phishing that depends on fooling people through hard-to-spot misspellings.

Which raises this question in my mind: Once we convince the online masses that they really can trust email that arrives from paypal.com or bankofamerica.com, won't they also be more likely to fall prey to email that arrives from paypall.com or bankofamerrica.com?

Welcome regulars and passersby. Here are a few more recent buzzblog items. And, if you’d like to receive Buzzblog via e-mail newsletter, here’s where to sign up. You can follow me on Twitter here and on Google+ here.

Insider Shootout: Best security tools for small business
Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies