You are here: Home / Cybercrime / DMARC Preps To Fight Spam, Phishing
E-Mail Providers Unite To Fight Spam and Phishing
E-Mail Providers Unite To Fight Spam and Phishing
By Barry Levine / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus

Companies will soon have a new weapon in the ongoing war against phishing and spam. On Monday, a group of leading e-mail and technology companies announced a proposed new standard to make it more difficult for fraudulent and other unwanted e-mail to get through.

The companies have formed DMARC.org, a technical working group based in San Jose, California. DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, builds on a year-and-a-half of collaborative effort that has created a draft specification.

Authenticated Messages

Participating e-mail providers include AOL, Gmail, Hotmail, and Yahoo. Other members include Bank of America, Fidelity Investments, PayPal, Facebook, LinkedIn, Cloudmark, eCert, and Return Path.

The organization noted that e-mail systems currently lack a reliable way to tell if an e-mail sender uses standards like Sending Policy Framework, or SPF, and DomainKeys Identified Mail, or DKIM, to authenticate messages. As a result, the group noted that "complex and imperfect measures to separate legitimate unauthenticated messages" from fraudulent messages are currently used.

SPF and DKIM were created more than 10 years ago to help authenticate an e-mail sender's identity. But full implementation of those authentication technologies has been hampered by several factors. DMARC does not directly determine if an e-mail is fraudulent, but whether it aligns to the fraud detection configuration -- such as SPF or DKIM -- or not. It is designed to replace the ADSP, or Author Domain Signing Practices, an optional extension to DKIM.

Pioneered by PayPal

DMARC intends to provide a more comprehensive and integrated way to integrate authentication technologies into e-mail systems. Once data and input from the field has been gathered, DMARC.org will submit its revised spec to the Internet Engineering Task Force for acceptance as a standard.

Under DMARC's approach, a sender can show that their e-mails are protected by SPF or DKIM, and it informs the receiver the best way to proceed if neither of those authentication methods are validated. DMARC also offers a procedure for the e-mail receiver to inform the sender about whether messages passed or failed.

Many e-mail senders have complex e-mail systems, sometimes including third-party providers, and authentication processes in these frequently changing systems can be difficult to implement.

Some legitimate e-mail senders send messages that can be authenticated, as well as other e-mails that cannot be. Senders get poor feedback on what has been authenticated, plus many e-mail receivers are reluctant to reject unauthenticated messages because they may include legitimate messages. The solution, said DMARC, is systematically sharing information between receivers and senders.

The group said that PayPal pioneered this approach in 2007, working with Yahoo and Gmail, and the results were "extremely effective."

Spam, Phishing Costly

Charles King, an analyst with Pund-IT, said that spam and phishing e-mail, besides being annoying to users, can be "very costly" to e-mail service providers because of the huge volumes involved.

He said that businesses will likely be "open to this new approach," but the degree to which companies might benefit from increased efficiency depends "to some extent" on the degree to which they handle their own e-mail service, or whether they farm out some or all of it.

Read more on: E-Mail, Spam, Phishing, DMARC
Tell Us What You Think


Posted: 2012-01-30 @ 4:08pm PT
Great! I can't wait until someone can stop the madness. I hate spam and phishing and anything that people do to try and destroy the Internet.

Like Us on FacebookFollow Us on Twitter
Barium Ferrite Is The Future Of Tape: Barium Ferrite (BaFe) offers greater capacity, superior performance, and longer archival life compared to legacy metal particle (MP) tape. Click here to learn more.
Product Information and Resources for Technology You Can Use To Boost Your Business

Using Internet-connected devices without strong passwords is inherently risky, as illustrated by reports that a Russian Web site is showing live footage from thousands of people's webcams.

Doctor Who had K-9, the robot dog that accompanied him on adventures through space. Now, Mountain View has K5, a 5-foot-tall, 300-pound robot security guard patrolling in the Bay Area.

To better its customer service, Comcast is pulling out at least some of the stops. The cable giant has launched an app so you can track the cable guy in real time. It's designed to ease customer frustration.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.