In technology years, email is a really old technology. One drawback to the way email works is that it wasn’t designed to filter out spam and fishing emails. There’s just no inherent way to prove that the sender of email is really who they say they are. There have been systems put in place on top of the basic email infrastructure to help do that, but they aren’t universally adopted and they aren’t foolproof, sometimes catching innocent email in their filters, while spam and fishing emails still get through.
Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well known brand into an email gives it instant legitimacy with many users. Termed “phishing,” this practice tempts recipients to click on links that can expose them to malware and compromise security and private data.
This week, a consortium of big names that are leading email senders – Google, Yahoo, AOL, Facebook, PayPal, Bank of America and Microsoft, among others – announced that they are signing on to an email authentication standard that should boost the universal adoption of authentication standards, hopefully reducing the number of fishing emails arriving in our inboxes. Termed, DMARC, (Domain-based Message Authentication, Reporting & Conformance) the standard is a way to make it easier for email senders and receivers to determine whether or not a given message is legitimately from the sender, and what to do if it isn’t. This makes it easier to identify spam and phishing messages, and keep them out of peoples’ inboxes.
“Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole,” said Brett McDowell, Chair of DMARC.org and Senior Manager of Customer Security Initiatives at PayPal. “Industry cooperation – combined with technology and consumer education – is crucial to fight phishing.”
What does this mean to you? Well, once adopted and implemented, DMARC should make it easier for their mailbox provider (e.g. AOL, Comcast, Hotmail, GMail, Yahoo) to keep spam and phishing messages from ever reaching your inbox.