DMARC, short for Domain-based Message Authentication, Reporting and Compliance, is a new approach to help fight email phishing attacks.
DMARC.org has been established as a working group that includes 15 contributors including AOL, Bank of America, Google, Microsoft, Paypal and Yahoo to create an email authentication standard via SPF and DKIM.
According to the DMARC specification, the senders of emails can provide proof to indicate that their emails are protected by SPF and DKIM and include instructions what to do with the message if the authentication fails. For example, the message can be automatically deleted by the recipient system - or simply be rejected. The idea is that unauthenticated phishing mails will not reach their recipients. The specification has been developed by the group over the past 18 months.
DMARC.org intends to deploy its technology into field usage and collect data about its efficiency. Eventually, the DMARC specification is intended for submission to the IETF for standardization. DMARC.org representatives will provide details about the specification in a panel discussion at the 2012 RSA Conference on February 29.