WebProNews

Tag: dMarc

  • Twitter Goes DMARC To Fight Phishing

    Twitter Goes DMARC To Fight Phishing

    Over a year ago, fifteen major companies joined forces to create DMARC, a “technical working group” to develop antiphishing standards. The companies were: Google, Facebook, LinkedIn AOL, Microsoft, Yahoo, PayPal (eBay), Bank of America, Fidelity Investments, American Greetings, Agari, Cloudmark, eCert, Return Path and Trusted Domain Project.

    Today, Twitter announced that it is using the DMARC technology with its emails, making it less likely that users will see any email pretneding to be from a Twitter.com address.

    “We send out lots of emails every day to our users letting them know what’s happening on Twitter. But there’s no shortage of bad actors sending emails that appear to come from a Twitter.com address in order to trick you into giving away key details about your Twitter account, or other personal information, commonly called ‘phishing’,” said Twitter Postmaster Josh Aberant.

    “Without getting too technical, DMARC solves a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols,” he said. “It builds on established authentication protocols (DKIM and SPF) to give email providers a way to block email from forged domains popping up in inboxes. And that in turn lessens the risk users face of mistakenly giving away personal information.”

    Twitter began using DMARC earlier this month. AOL, Gmail, Hotmail/Outlook and Yahoo Mail all take advantage of the technology.

  • DMARC: Major Web Players Join Forces On Antiphishing Standards

    Fifteen major companies have joined forces on a “technical working group” called DMARC to develop new standards to help reduce the threat of spam and phishing emails.

    DMARC stands for Domain-based Message Authentication, Reporting and Conformance.

    The companies involved include: Google, Facebook, LinkedIn AOL, Microsoft, Yahoo, PayPal (eBay), Bank of America, Fidelity Investments, American Greetings, Agari, Cloudmark, eCert, Return Path and Trusted Domain Project.

    In a post on Google’s Online Security Blog, product manager Adam Dawes writes:

    Industry groups come and go, and it’s not always easy to tell at the beginning which ones are actually going to generate good solutions. When the right contributors come together to solve real problems, though, real things happen. That’s why we’re particularly optimistic abouttoday’s announcement of DMARC.org, a passionate collection of companies focused on significantly cutting down on email phishing and other malicious mail.

    Building upon the work of previous mail authentication standards like SPF and DKIM, DMARC is responding to domain spoofing and other phishing methods by creating a standard protocol by which we’ll be able to measure and enforce the authenticity of emails. With DMARC, large email senders can ensure that the email they send is being recognized by mail providers like Gmail as legitimate, as well as set policies so that mail providers can reject messages that try to spoof the senders’ addresses.

    We’ve been active in the leadership of the DMARC group for almost two years, and now that Gmail and several other large mail senders and providers — namely Facebook, LinkedIn, and PayPal — are actively using the DMARC specification, the road is paved for more members of the email ecosystem to start getting a handle on phishing. Our recent data indicates that roughly 15% of non-spam messages in Gmail are already coming from domains protected by DMARC, which means Gmail users like you don’t need to worry about spoofed messages from these senders. The phishing potential plummets when the system just works, and that’s what DMARC provides.

    “Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole,” said Brett McDowell, Chair of DMARC.org and Senior Manager of Customer Security Initiatives at PayPal. “Industry cooperation – combined with technology and consumer education – is crucial to fight phishing.”

    “BITS has been committed to defining and improving email authentication standards and practices to meet the financial services industry’s needs. DMARC’s evolutionary approach is critical in assuring these needs are met for years to come,” said Paul Smocer, President of BITS, the technology policy division of The Financial Services Roundtable.

    DMARC is encouraging interested organizations to read the specification, join their mailing list and start testing and deploying standards, by learning the details at DMARC.org.