Email phishing is costing regular people and companies millions of dollars each year, if not more — one of the most popular methods that scammers employ is something called “domain spoofing.” With this technique, someone sends a message that seems legitimate when you look at the “From” line even though it’s actually a fake. In order to collectively fight the e-mail spamming, “fifteen leading email service and technology providers today January 30 announced of combating e-mail phishing through “DMARC.org.”
DMARC (or Domain-based Message Authentication, Reporting & Conformance) is a technical working group that has been developing standards for reducing the threat of deceptive emails, such as spam and phishing. The group’s work includes a draft specification that helps create a feedback loop between legitimate email senders and receivers to make impersonation more difficult for phishers trying to send fraudulent email.
“DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC,” stated DMARC.
“Building upon the work of previous mail authentication standards like SPF and DKIM, DMARC is responding to domain spoofing and other phishing methods by creating a standard protocol by which we’ll be able to measure and enforce the authenticity of emails. With DMARC, large email senders can ensure that the email they send is being recognized by mail providers like Gmail as legitimate, as well as set policies so that mail providers can reject messages that try to spoof the senders’ addresses,” stated Adam Dawes, in a Gmail blog post.
Dawes writes further the Google is activly participating with DMARC group for almost two years, and their recent data indicates that roughly 15% of non-spam messages in Gmail are already coming from domains protected by DMARC.
Other than Gmail, several other large mail senders and providers — namely Facebook, LinkedIn, and PayPal — are actively using the DMARC specification.
If you’re a large email sender and you want to try out the DMARC specification, you can learn more at the DMARC website.