Yahoo! Mail is now Domain-based Message Authentication, Reporting and Conformance (DMARC) compliant. "Every day Yahoo! sees hundreds of millions of forged emails pretending to come from trusted institutions. These abusive emails range from annoying spam, to phishing attacks, to potential malware that can take over your computer. Whether it's downright nasty or just unpleasant, that's all email you don't want," posted Ajay Gopalkrishna, Sr. Product Manager, Yahoo! Mail.
To combat this abuse, Yahoo! helped create the Domain-based Message Authentication, Reporting and Conformance (DMARC), a specification spearheaded by major technology providers and email senders to collectively fight spam and phishing. "We're pleased to announce that we have successfully completed the work required to support DMARC and will be rolling it out globally this week," Gopalkrishna said.
"DMARC builds upon DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF), existing email validation standards that use cryptography to prove the identity of the sender domain by using the Domain Name System (DNS)."
"With the addition of DMARC, emails have to prove that they are coming from a trusted sender. Non-verifiable emails will never reach a recipient's inbox. As a result, DMARC eliminates an email user's exposure to potentially fraudulent and harmful messages," he said.
"For Yahoo! Mail users, it means less email in your inbox from a non-verifiable source. For example, if you receive an email claiming that it is from your bank, the applicable DMARC policies require the email to prove that is indeed from your bank in order to be delivered to your mailbox. If the incoming email cannot be verified, Yahoo! Mail will not deliver the email to your mailbox," explains Gopalkrishna.
"For senders, it means you can protect your recipients and the reputation of your domain. You can tell Yahoo! how to handle non-verifiable emails, either keep it out of the inbox, or deliver to bulk. Yahoo! can also provide you with a report on emails from your domain that could not be verified."