Spam and phishing are growing problems: DMARC has the answer

Companies involved include email providers AOL, Gmail, Hotmail and Yahoo; financial institutions such as Bank of America and Paypal; and social media companies American Greetings, Facebook and LinkedIn. “Email phishing defrauds millions of people and companies every year,” says Paypal’s Brett McDowell, Chair of, “resulting in a loss of consumer confidence in email and the internet as a whole. Industry cooperation – combined with technology and consumer education – is crucial to fight phishing."

Domain spoofing is one of the most-used techniques employed by spammers and spoofers. This involves forging the email header so that the message appears to come from a legitimate and trusted company, often a bank. DMARC’s purpose is to bring together leading technology companies and build on the existing anti-spam technologies (Sender Policy Framework and Domain Keys Identified Mail) to provide a global and unified response to spam and phishing. "What we need is an Internet standard that allows this level of protection to work at scale - without any discussion, without any partner agreements," McDowell said. "That is what DMARC does."

DMARC fits into companies’ existing authentication processes, and works by testing messages against what should be expected from the sender. If the message and the expectations do not align, then DMARC provides guidance on what should be done. It is currently being field-tested. Using the experience and data gathered, the organization intends to submit the specification to the IETF for standardization.

What’s Hot on Infosecurity Magazine?