HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Computing / DMARC Preps To Fight Spam, Phishing
The way to block DDoS.
Neustar offers numerous options for blocking DDoS attacks.
Download the e-book now!
E-Mail Providers Unite To Fight Spam and Phishing
E-Mail Providers Unite To Fight Spam and Phishing
By Barry Levine / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
30
2012



Companies will soon have a new weapon in the ongoing war against phishing and spam. On Monday, a group of leading e-mail and technology companies announced a proposed new standard to make it more difficult for fraudulent and other unwanted e-mail to get through.

The companies have formed DMARC.org, a technical working group based in San Jose, California. DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, builds on a year-and-a-half of collaborative effort that has created a draft specification.

Authenticated Messages

Participating e-mail providers include AOL, Gmail, Hotmail, and Yahoo. Other members include Bank of America, Fidelity Investments, PayPal, Facebook, LinkedIn, Cloudmark, eCert, and Return Path.

The organization noted that e-mail systems currently lack a reliable way to tell if an e-mail sender uses standards like Sending Policy Framework, or SPF, and DomainKeys Identified Mail, or DKIM, to authenticate messages. As a result, the group noted that "complex and imperfect measures to separate legitimate unauthenticated messages" from fraudulent messages are currently used.

SPF and DKIM were created more than 10 years ago to help authenticate an e-mail sender's identity. But full implementation of those authentication technologies has been hampered by several factors. DMARC does not directly determine if an e-mail is fraudulent, but whether it aligns to the fraud detection configuration -- such as SPF or DKIM -- or not. It is designed to replace the ADSP, or Author Domain Signing Practices, an optional extension to DKIM.

Pioneered by PayPal

DMARC intends to provide a more comprehensive and integrated way to integrate authentication technologies into e-mail systems. Once data and input from the field has been gathered, DMARC.org will submit its revised spec to the Internet Engineering Task Force for acceptance as a standard.

Under DMARC's approach, a sender can show that their e-mails are protected by SPF or DKIM, and it informs the receiver the best way to proceed if neither of those authentication methods are validated. DMARC also offers a procedure for the e-mail receiver to inform the sender about whether messages passed or failed.

Many e-mail senders have complex e-mail systems, sometimes including third-party providers, and authentication processes in these frequently changing systems can be difficult to implement.

Some legitimate e-mail senders send messages that can be authenticated, as well as other e-mails that cannot be. Senders get poor feedback on what has been authenticated, plus many e-mail receivers are reluctant to reject unauthenticated messages because they may include legitimate messages. The solution, said DMARC, is systematically sharing information between receivers and senders.

The group said that PayPal pioneered this approach in 2007, working with Yahoo and Gmail, and the results were "extremely effective."

Spam, Phishing Costly

Charles King, an analyst with Pund-IT, said that spam and phishing e-mail, besides being annoying to users, can be "very costly" to e-mail service providers because of the huge volumes involved.

He said that businesses will likely be "open to this new approach," but the degree to which companies might benefit from increased efficiency depends "to some extent" on the degree to which they handle their own e-mail service, or whether they farm out some or all of it.

Read more on: E-Mail, Spam, Phishing, DMARC
Tell Us What You Think
Comment:

Name:

Stan:
Posted: 2012-01-30 @ 4:08pm PT
Great! I can't wait until someone can stop the madness. I hate spam and phishing and anything that people do to try and destroy the Internet.

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Learn the vulnerabilities your website likely faces: Discover why it probably can't handle a large DDoS attack. Plus, learn how Neustar is an AWS Technology Partner offering the solutions and expertise to keep your site safe. Defend your Internet presence. Download the e-book now!
MORE IN COMPUTING
Product Information and Resources for Technology You Can Use To Boost Your Business

ENTERPRISE HARDWARE SPOTLIGHT
Contrite. That best describes Lenovo after the Superfish fiasco and subsequent Lizard Squad attack on its Web site. The PC maker vows to ban bloatware like Superfish, and lead with "cleaner, safer PCs."
NEWSFACTOR.COM
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2015 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.