Tech firms Yahoo!, Google, Microsoft and AOL have joined with Bank of America and Fidelity Investments and others to create DMARC.org, which is an acronym for Domain-based Message Authentication, Reporting and Conformance, the Los Angeles Times reported Monday.
The group said, "E-mail is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply insert the logo of a well known brand into an e-mail gives it instant legitimacy with many users."
"What they're trying to accomplish now is to eliminate them from your spam folder. The fact is, there's a sucker born every minute. A non-sophisticated user will be a target until all phishing e-mails are eliminated," said McAfee consultant Robert Siciliano.
"These bad guys are like ants. They're very consistent and find their way through," he said.
However, he said, "It's coordinated efforts like this that could actually solve this problem."
In an online posting, DMARC said social Web sites were partly to blame for the problem. "With the rise of the social Internet and the ubiquity of e-commerce, spammers and phishers have a tremendous financial incentive to compromise user accounts, enabling theft of passwords, bank accounts, credit cards and more," the group said.
The problem can be viewed as one of validating or authenticating e-mails. DMARC makes use of SPF and DKIM, two screening methods already in use.
The trick is to make sure an email that is labeled as coming from a certain source is actually from that source.
To be 100 percent sure, it is advised that users do not click on a URL that is provided in an e-mail. Instead, go directly to the company's Web site and find the link needed to get a specific Web page, Siciliano said.