Share

Top 5 Stories

News

Agari expands use of DMARC email security standard through new program

27 February 2012

Based on the DMARC email authentication standard announced last month, Agari has launched a receiver program that enables mailbox providers to adopt DMARC and improve their customers’ email security.

Domain-based message authentication, reporting, and conformance (DMARC) is the technical standard developed by DMARC.org, a group of 15 email service and technology providers, to fight deceptive emails such as spam and phishing. DMARC.org members include Agari, American Greetings, AOL, Bank of America, Cloudmark, Comcast, Facebook, Fidelity Investments, Google, LinkedIn, Microsoft, PayPal, ReturnPath, TDP, and Yahoo.

“Email is a wonderful, magnificent thing that is used all the time, but it is completely insecure”, said Patrick Peterson, founder and chief executive officer of Agari. “It is clearly unacceptable to continue operating this way”, he told Infosecurity.

A contributing author of the DMARC specification, Agari processes more than 400 million DMARC messages daily across its Email Trust Fabric, Peterson related.

DMARC is a “truly integrated step forward in making [email insecurity] a thing of the past”, Peterson said. The DMARC member companies “agreed that this is the way we want to exchange information and these are the technical standards we are going to use to solve these problems”, he added.

DMARC allows senders to indicate that their emails are protected by the sender policy framework and/or DomainKeys identified mail and tells a receiver what to do if neither of those authentication methods passes. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.

“One of the critical things about DMARC is that it now provides a way for someone who owns a domain” to find out that their domain is being spoofed. DMARC gives domain owners visibility into what is happening on the internet regarding their domain, Peterson said.

DMARC also enables domain owners to publish a policy that tells email service providers that spam or phishing email is being sent from their domains and to block that email from being delivered, he added.

With the launch of Agari’s DMARC receiver program, mailbox providers can protect their customers from email phishing and spam in the same way as founding DMARC.org members.

The program equips mail providers with a streamlined process to adopt DMARC and protect customers through data validation and testing that enables mailbox providers to block, quarantine, or allow messages; benchmarking that allows mailbox providers to anonymously compare data results with that of their peers; and DMARC expertise from Agari.

The end result is a repeatable and scalable way for mailbox providers to work with email senders and protect their users from domain phishing, Agari explained.

This article is featured in:
Application Security  •  Internet and Network Security  •  IT Forensics

 

Comments

MattS says:

28 February 2012
Any website owner that run their own email servers can also participate. Setting up DMARC records are very easy, many companies are making DMARC record wizards, like http://www.unlocktheinbox.com/dmarcwizard.aspx

Once you add those records to DNS - the other members of the program will start restricting emails that don't pass the validation. It's awesome. I'm hope the get this finalized.

Note: The majority of comments posted are created by members of the public. The views expressed are theirs and unless specifically stated are not those Elsevier Ltd. We are not responsible for any content posted by members of the public or content of any third party sites that are accessible through this site. Any links to third party websites from this website do not amount to any endorsement of that site by the Elsevier Ltd and any use of that site by you is at your own risk. For further information, please refer to our Terms & Conditions.

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×