web analytics

DMARC a joint effort to combat email fraud and phishing

Email frauds and phishing has been a serious problem for email service and technology provider. It has also been a serious issue of security concern for Banking industry and Online Payment service providers. These security threats has directly degraded the belief  of a customer on internet and the services being provided through internet. It is a major concern which is common for email service provider, technology company and banking industry. To tackle this menace effectively fifteen major global companies has come and joined their efforts to tackle it through DMARC.ORG. DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.

The companies which are involved are Microsoft, PayPal, Yahoo. Google, AOL, Agari, American greetings, Facebook, Bank Of America, Comcast, Cloudmark, Fidelity, TDP, Linked-In.

DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate.

Last five year has seen an extraordinary increase in internet using population in every country of world. Social Media has been embraced by netizens in every country with both hands. Today Internet, email and social media has penetrated every business model in some or other way. email is one aspect which has undeniably become part of every business models and it has become a very easy target. DMARC is the first serious effort towards securing emails and increasing the faith of customers on Internet.

Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well known brand into an email gives it instant legitimacy with many users.

Users can’t tell a real message from a fake one, and large mailbox providers have to make very difficult (and frequently incorrect) choices about which messages to deliver and which ones might harm users. Senders remain largely unaware of problems with their authentication practices because there’s no scalable way for them to indicate they want feedback and where it should be sent. Those attempting new SPF and DKIM deployment proceed very slowly and cautiously because the lack of feedback also means they have no good way to monitor progress and debug problems.

DMARC addresses these issues, helping email senders and receivers work together to better secure emails, protecting users and brands from painfully costly abuse.

A DMARC policy allows a sender to show that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.

This step towards making internet environment secure through collaborative  effort is extremely important achievement and it will increase the brand value of internet and email both.

Major part of this post is directly taken from www.dmarc.org


You can be the first one to leave a comment.

Leave a Comment