When a Gmail user opens a suspected phishing message, the software displays a large red dialog box stating: "Warning: This message may not be from whom it claims to be. Beware of following any links in it or of providing the sender with any personal information." The service also provides a hyperlink to information on Gmail's help pages about e-mail fraud.
Gmail will also remove all live hyperlinks from suspect HTML-based e-mails to protect users from potentially fraudulent Web sites. The addresses of the sites can still be accessed by examining the original code of the e-mail, a feature that Gmail provides.
Gmail has also provided a prominent 'Report Spam' button to its users. Any messages reported as spam get sent to a separate folder and Google's anti-spam software is notified. The company's help pages boast that "the more spam you mark, the better our system will get at weeding out those annoying messages".
In 2004, Google added a similar but less obvious button to its service, inviting users to 'Report Phishing'.
Google competitors Yahoo and Microsoft could not be reached for comment on whether their Web-based e-mail services offered users phishing protection.
Google has made several moves to cut down dubious e-mail. In October last year the company implemented DomainKeys on its e-mail servers. DomainKeys is a technology invented by Yahoo that tries to cross-check e-mail messages to verify their origin. Yahoo itself only implemented the service on its own mail servers in November 2004.
The idea behind DomainKeys is to thwart e-mail spoofing; or in other words, spam messages that appear to be from legitimate addresses but actually originate somewhere else.
DomainKeys attaches encrypted digital tags to each e-mail. Each e-mail is then compared to a publicly-available database of legitimate addresses. If the tag and database entry do not match when the e-mail arrives, the e-mail does not make it into a the receiver's inbox.
Alternatives to DomainKeys do exist; Webmail competitors America Online and Microsoft (which owns Hotmail) are pushing their own e-mail authentication technologies: Sender Policy Framework and Sender ID respectively. Yahoo and Microsoft have filed with the Internet Engineering Task Force (IETF) for their technologies to become Internet standards. The IETF is the body that defines standard Internet protocols such as TCP/IP.
This has been there for a few months already.