15 companies including Google, Facebook, Microsoft, Yahoo, and PayPal have joined forces to try and combat phishing scams via email. The partnership has created a new anti-phishing standard called Domain-based Message Authentication, Reporting, and Conformance (DMARC.org).
The new standard has been created to provide a system for verifying emails are originating from legitimate companies and not impostors trying to trick Internet users into clicking a phishing link. This initiative aims to provide companies with a legitimate way to communicate with their customers, ensuring that the emails they receive are authentic and trustworthy.
How DMARC Works
The new DMARC standard has been built to fit into an organization’s existing inbound email authentication process. The way it works is to help email receivers determine if the purported message “aligns” with what the receiver knows about the sender. Essentially, DMARC leverages existing email authentication techniques, such as SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail), to provide a more robust and comprehensive solution.
When an email is received, DMARC checks if the email’s domain aligns with the domain specified in the SPF and DKIM records. If the alignment is correct, the email is considered legitimate. If not, the email is flagged as potentially fraudulent. This process helps to significantly reduce the chances of phishing emails reaching the inboxes of unsuspecting users.
Adam Dawes, a Gmail product manager, explains: “About 15 percent of all e-mail in the Gmail inboxes comes from these organizations that have published these DMARC records,” – “That means that these records cannot be domain spoofed.” This statement highlights the effectiveness of DMARC in preventing domain spoofing, a common tactic used in phishing attacks.
Industry-Wide Collaboration
The DMARC initiative is not limited to just a few tech giants. Other large companies within the new DMARC.org partnership include AOL, Bank of America, Fidelity Investments, American Greetings, LinkedIn, and email security providers Agari, Cloudmark, eCert, Return Path, and Trusted Domain Project. This wide-ranging collaboration underscores the importance of a unified approach to combating phishing and email fraud.
For example, financial institutions like Bank of America and Fidelity Investments are particularly vulnerable to phishing attacks due to the sensitive nature of the information they handle. By adopting DMARC, these institutions can better protect their customers from fraudulent emails that attempt to steal personal and financial information.
Similarly, social media platforms like LinkedIn are also prime targets for phishing attacks. By implementing DMARC, LinkedIn can ensure that its users are not duped by fake emails that appear to come from the platform, thereby enhancing user trust and security.
Email security providers such as Agari and Cloudmark play a crucial role in the DMARC ecosystem by offering tools and services that help organizations implement and manage DMARC policies effectively. These providers offer solutions that can analyze email traffic, generate reports, and provide actionable insights to improve email security.
For more information on the new standard, jump over to the DMARC.org website.
Source: DMARC
The creation of the DMARC standard represents a significant step forward in the fight against phishing and email fraud. By bringing together some of the largest and most influential companies in the tech and financial sectors, DMARC aims to create a safer and more secure email ecosystem. As more organizations adopt this standard, the effectiveness of phishing attacks will continue to diminish, making the internet a safer place for everyone.
Latest Geeky Gadgets Deals
Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.