Fifteen companies including Google, Facebook, Microsoft, Yahoo and others will be announcing on Monday a standard name DMARC.org that can be used across the Internet for blocking phishing e-mails. The stands DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance – a system for verifying that e-mails are coming from legitimate companies and not imposters trying to trick people into clicking a phishing link.
- Email Providers: AOL, Gmail, Hotmail, Yahoo! Mail
- Financial Institutions and Service Providers: Bank of America, Fidelity Investments, PayPal
- Social Media Properties: American Greetings, Facebook, LinkedIn
- Email Security Solutions Providers: Agari, Cloudmark, eCert, Return Path, Trusted Domain Project
DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate.
Google stated in its blog post, “We’ve been active in the leadership of the DMARC group for almost two years, and now that Gmail and several other large mail senders and providers — namely Facebook, LinkedIn, and PayPal — are actively using the DMARC specification, the road is paved for more members of the email ecosystem to start getting a handle on phishing. Our recent data indicates that roughly 15% of non-spam messages in Gmail are already coming from domains protected by DMARC, which means Gmail users like you don’t need to worry about spoofed messages from these senders. The phishing potential plummets when the system just works, and that’s what DMARC provides.”
DMARC policies are published in the public Domain Name System (DNS), and available to everyone. The standard is still in the development stage.
(Image Source: DMARC.org)