DMARC – Controlling Spam and Phishers

Posted on February 14, 2012 by Stephanie Fischbach

DMARC – Defined

A group of large, influential organizations, including Google, Yahoo, Facebook, Microsoft, LinkedIn, Bank of America, ReturnPath Fidelity, among others have banded together to begin to solve an on-going issue related to email authentication.  They created a working group called DMARC (Domain based Message Authentication, Reporting and Conformance).  This group is tasked with helping to reduce abuse of email through phishing and spam by addressing issues related to email authentication protocols.

DMARC is tasked with standardizing how email receivers handle email authentication using the existing SPF and DKIM mechanisms.  The goal is to provide a consistent process that senders can rely on to receive authentication results for their messages.  Ultimately it is hoped that more senders will be encouraged to authenticate their outbound mail, making mail a more reliable communication tool for all email senders and receivers.

DMARC – It’s Importance

Spammers and phishers have become more emboldened to use email as a method to steal passwords, bank account information, credit card numbers and much more.  Email, especially a sophisticated spoof, is a very easy method to accomplish this theft.  Many email recipients are easily fooled by a well place logo of a trusted brand, giving the email, and its request, an instant legitimacy.

Users sometimes do not know a real message from a well-developed fake.  Email providers
have to sometimes decide, on their own, what is real and what is not.  This leads to good mails being blocked and bad emails getting through. Senders do not get much feedback on the status of their emails because there is no standard process for ISP’s to provide that feedback.  DMARC provides that framework, allowing email senders to monitor the process and make adjustments, as necessary, to block undesirable email before it is sent.  This protects email marketers, brands and email recipients from embarrassing and potentially destructive emails.

How Does it Work?

When a sender and receiver follow the DMARC policy, the send tells the receiver that their emails are protected by SPF and/or DKIM.  They also tell the receiver how to handle emails if neither of those methods are able to authenticate those emails: junk or reject.  This eliminates the guesswork on the receivers end on what is good or bad email.  DMARC also provides a framework for the receiver to provide feedback to the sender on the status f the email, allowing the sender to adjust their processes or evaluate their outgoing emails.

Have you been affected by DMARC and its goal of eliminating
spammers and phishers?

Stewart Friedman

Share

This entry was posted in B2B Marketing, Email Content, Privacy and Permission, Uncategorized and tagged , , , , , . Bookmark the permalink.

2 Responses to DMARC – Controlling Spam and Phishers

  1. wpfn says:
    February 14, 2012 at 10:21 pm

    I think this is a step in the right direction and hopefully over time it will reduce phishing substantially. I have already implemented it by going to http://www.unlocktheinbox.com/dmarcwizard.aspx to produce the correct TXT Record and published the policy. It’s pretty easy to setup and I like seeing the daily report.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>