Sign in with
Sign up | Sign in

Microsoft, Facebook, Google, Others Join Forces to Fight Phishing

By - Source: DMARC | B 14 comments

DMARC, short for Domain-based Message Authentication, Reporting and Compliance, is a new approach to help fight email phishing attacks.

DMARC.org has been established as a working group that includes 15 contributors including AOL, Bank of America, Google, Microsoft, Paypal and Yahoo to create an email authentication standard via SPF and DKIM.

According to the DMARC specification, the senders of emails can provide proof to indicate that their emails are protected by SPF and DKIM and include instructions what to do with the message if the authentication fails. For example, the message can be automatically deleted by the recipient system - or simply be rejected. The idea is that unauthenticated phishing mails will not reach their recipients. The specification has been developed by the group over the past 18 months.

DMARC.org intends to deploy its technology into field usage and collect data about its efficiency. Eventually, the DMARC specification is intended for submission to the IETF for standardization. DMARC.org representatives will provide details about the specification in a panel discussion at the 2012 RSA Conference on February 29.

Discuss
Display all 14 comments.
This thread is closed for comments
  • 6 Hide
    silver565 , January 31, 2012 5:41 PM
    I'm pleased to see this. No more emails about winning "gold dust"!
  • 4 Hide
    sseyler , January 31, 2012 5:42 PM
    silver565I'm pleased to see this. No more emails about winning "gold dust"!


    Or about sharing large funds from a Nigerian prince.
  • 7 Hide
    danwat1234 , January 31, 2012 5:47 PM
    silver565I'm pleased to see this. No more emails about winning "gold dust"!Or about Viagra pills that I don't need.

    Or about Viagra pills that I don't need.
  • 4 Hide
    silver565 , January 31, 2012 5:52 PM
    danwat1234Or about Viagra pills that I don't need.


    Don't forget how you won the lottery
  • 2 Hide
    freggo , January 31, 2012 6:10 PM
    If you win the Lottery you do not need Viagra to get a chick.
    You just became a dream date.
    Loads of money and no marital requests :-)
  • 2 Hide
    Kryan , January 31, 2012 8:12 PM
    danwat1234Or about Viagra pills that I don't need.

    SPEAK FOR YOURSELF! lol

    but seriously...pen!s enlargement is a wish ... ./cryyyyy
  • -2 Hide
    ithurtswhenipee , January 31, 2012 8:52 PM
    The next thing they should all join forces for is to do away with free email accounts. Make a 1 time registration fee of a nominal amount like $5 or $10. This way the bots that spammers use to create thousands of [name free email provider] email accounts will either rendered useless or the process will be prohibitively expensive. Even if each address is able to send 10 or 15 emails before it gets closed down.
  • 0 Hide
    drwho1 , January 31, 2012 10:06 PM
    "the senders of emails can provide proof to indicate that their emails are protected by SPF and DKIM and include instructions what to do with the message if the authentication fails. For example, the message can be automatically deleted by the recipient system - or simply be rejected."

    This is the part that I'm having trouble with.

    What "proof", how efficient this "proof" be?
    Can they just add the "proof" anyway?
    Are there any limits on this "proofs"?

    Or they would simply find an exploit and it would be the same or worse.

    Don't get me wrong I agree with everyone here so far....
    But I would like to see more details about this.
  • 0 Hide
    dormantreign , January 31, 2012 11:46 PM
    Or about that penis enlargement i also don't need.
  • 0 Hide
    JOSHSKORN , February 1, 2012 3:43 AM
    But...but..where am I going to get my viagra and vicodin from, now? What bank will I store my money in without my bank of Nigeria?? And What about F#ckBook?? This makes me a sad panda.

    /sarcasm
  • 0 Hide
    ibboard , February 1, 2012 7:07 AM
    This wouldn't help with spam (despite the picture) or generic scams, just phishing. So we'd still get the Nigerian princes, the "male medicine", the R0lllllex and the rest. The only stuff you wouldn't get is stuff telling you to log in to [insert bank/store/social network].

    TBH, this will only be half successful. SPF and DKIM lets them do this stuff already (and worrying only *some* banks do it) if and only if the receiving server checks the records *and* the sender marks a hard fail rather than a soft fail (which says "I don't think it is legit, but don't ditch it just in case"). What it will miss out on is bankofarnerica.com and the like - you can still phish with an almost-but-not-quite-identical domain name (and even have a legitimate SSL certificate for it).
  • 0 Hide
    mrmaia , February 1, 2012 8:20 AM
    Instead of new authentication methods, they should invest in educating people about phishing.

    Spammers will ALWAYS find a way to work around the filters, but some people will NEVER learn that that £500,000,000 Lottery prize is a scam.

    The best way to stop spamming is cutting down its results.
  • 0 Hide
    nebun , February 1, 2012 11:17 AM
    it's about time...i am not surprised if these companies were the main ones that started it all....this is google and microsoft we are talking about
  • 0 Hide
    hardcore_gamer , February 1, 2012 11:39 AM
    KryanSPEAK FOR YOURSELF! lolbut seriously...pen!s enlargement is a wish ... ./cryyyyy


    Use a blade and duct tape ;) .
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter