Archive for: February 1st, 2012

DMARC launched: standardizes email authentication

The DMARC.org (Domain-based Message Authentication, Reporting and Conformance) website launched two days ago with an official press release stating that fifteen of the biggest email and technology providers have teamed up to combat the threat of deceptive email through standardization of email authentication. This includes the correct use of SPF records and DKIM.

A quote from the press release:

The DMARC specification addresses concerns that have traditionally hindered widespread deployment of an authenticated, trusted email ecosystem. Today, email receivers lack a reliable way to know the extent to which an email sender uses standards like SPF and DKIM for authenticating their messages. As a result, providers must rely on complex and imperfect measurements to separate legitimate unauthenticated messages sent by the domain owner from fraudulent phishing messages sent by a scammer.

Which companies are involved?

All of the big webmail providers are involved: AOL, Gmail, Hotmail, Yahoo! Mail (they together account for about 1,5 billion email addresses), financial institutions and service providers (Bank of America, Fidelity Investments, PayPal), social media properties (American Greetings, Facebook, LinkedIn) and email security solutions providers (Agari, Cloudmark, eCert, Return Path, Trusted Domain Project).

Read more