Microsoft, Facebook, Google, Others Join Forces to Fight Phishing
DMARC, short for Domain-based Message Authentication, Reporting and Compliance, is a new approach to help fight email phishing attacks.
DMARC.org has been established as a working group that includes 15 contributors including AOL, Bank of America, Google, Microsoft, Paypal and Yahoo to create an email authentication standard via SPF and DKIM.
According to the DMARC specification, the senders of emails can provide proof to indicate that their emails are protected by SPF and DKIM and include instructions what to do with the message if the authentication fails. For example, the message can be automatically deleted by the recipient system - or simply be rejected. The idea is that unauthenticated phishing mails will not reach their recipients. The specification has been developed by the group over the past 18 months.
DMARC.org intends to deploy its technology into field usage and collect data about its efficiency. Eventually, the DMARC specification is intended for submission to the IETF for standardization. DMARC.org representatives will provide details about the specification in a panel discussion at the 2012 RSA Conference on February 29.
- These Suspenders Are Designed to Improve Posture
- Microsoft Confirms No New Xbox in 2012
- Apple Sued Over Accelerometer and Bubble Level
- Verizon Shared Data Plans Coming Soon?
- Reminder: President Obama Speaks on Google+ Today
- Mozilla Pitches New Developer Language Rust
- 2012 Buick LaCrosse eAssist: The Guide To Future Hybrids?
- A Wireless Carrier's Challenges in Managing Data Demand
- Gmail Logo Was a Rush Job With Two Totally Different Fonts
- Chrome Surpasses 30 Percent Market Share For The First Time
- Report: Facebook Filing $5B IPO on Wednesday
- Piracy Isn't Such a Bad Thing, Says Maker of Angry Birds
- British Nationals Refused Entry to U.S. Over Twitter Tweets
- Ford to Make Car Interior Using a Tropical Flower
- Samsung Galaxy S III to Hit March 13?
- Galaxy Note Will Be Available Feb. 19, Preorders Feb. 5
- PlayStation Boss Kazuo Hirai to Become Sony Corp President
- Carpathia Hosting Denies Having Any Megaupload Files
- Pirate Bay Appeal Rejected, Jail Sentences and Fines Final
I'm pleased to see this. No more emails about winning "gold dust"!
I'm pleased to see this. No more emails about winning "gold dust"!
Or about sharing large funds from a Nigerian prince.
I'm pleased to see this. No more emails about winning "gold dust"!Or about Viagra pills that I don't need.
Or about Viagra pills that I don't need.
Or about Viagra pills that I don't need.
Don't forget how you won the lottery
If you win the Lottery you do not need Viagra to get a chick.
You just became a dream date.
Loads of money and no marital requests :-)
Or about Viagra pills that I don't need.
SPEAK FOR YOURSELF! lol
but seriously...pen!s enlargement is a wish ... ./cryyyyy
The next thing they should all join forces for is to do away with free email accounts. Make a 1 time registration fee of a nominal amount like $5 or $10. This way the bots that spammers use to create thousands of [name free email provider] email accounts will either rendered useless or the process will be prohibitively expensive. Even if each address is able to send 10 or 15 emails before it gets closed down.
"the senders of emails can provide proof to indicate that their emails are protected by SPF and DKIM and include instructions what to do with the message if the authentication fails. For example, the message can be automatically deleted by the recipient system - or simply be rejected."
This is the part that I'm having trouble with.
What "proof", how efficient this "proof" be?
Can they just add the "proof" anyway?
Are there any limits on this "proofs"?
Or they would simply find an exploit and it would be the same or worse.
Don't get me wrong I agree with everyone here so far....
But I would like to see more details about this.
Or about that penis enlargement i also don't need.
But...but..where am I going to get my viagra and vicodin from, now? What bank will I store my money in without my bank of Nigeria?? And What about F#ckBook?? This makes me a sad panda.
/sarcasm
This wouldn't help with spam (despite the picture) or generic scams, just phishing. So we'd still get the Nigerian princes, the "male medicine", the R0lllllex and the rest. The only stuff you wouldn't get is stuff telling you to log in to [insert bank/store/social network].
TBH, this will only be half successful. SPF and DKIM lets them do this stuff already (and worrying only *some* banks do it) if and only if the receiving server checks the records *and* the sender marks a hard fail rather than a soft fail (which says "I don't think it is legit, but don't ditch it just in case"). What it will miss out on is bankofarnerica.com and the like - you can still phish with an almost-but-not-quite-identical domain name (and even have a legitimate SSL certificate for it).
Instead of new authentication methods, they should invest in educating people about phishing.
Spammers will ALWAYS find a way to work around the filters, but some people will NEVER learn that that £500,000,000 Lottery prize is a scam.
The best way to stop spamming is cutting down its results.
it's about time...i am not surprised if these companies were the main ones that started it all....this is google and microsoft we are talking about
SPEAK FOR YOURSELF! lolbut seriously...pen!s enlargement is a wish ... ./cryyyyy
Use a blade and duct tape