15 companies join to launch anti-phishing group DMARC
Google, Facebook, LinkedIn, Return Path, Microsoft and Yahoo! are amongst the companies which yesterday launched anti-phishing group Domain-based Message Authentication, Reporting and Conformance (DMARC), with the aim of safeguard brands, ISPs and consumers from phishing and malicious email.
The group is led by Brett McDowell, senior manager of customer security initiatives at PayPal, one of the world’s most highly spoofed brands.
According to recent Return Path data, email senders continue to struggle with email authentication, leaving brands vulnerable to phishing attacks. A report from the Anti-Phishing Working Group (APWG) found that more than 300 brands are hijacked by phishers every month, eroding trust in the email channel across many sectors including financial services, payment services, gaming, retail, auctions and social networks.
The DMARC specification allows brands of all sizes to empower ISPs to take action on malicious and unauthenticated email appearing to come from that brand. Data on any questionable email streams are sent back to the brand or to an intermediary such as Return Path, enabling the auditing of email streams to determine proper authentication.
By creating this feedback loop between ISPs and brands, DMARC allows brands to create policy statements that instruct ISPs to block or quarantine messages that aren’t properly authenticated, providing the necessary framework to thwart phishing attempts and enabling widespread deployment of a trusted email ecosystem.
Matt Blumberg, CEO for Return Path, said: “Email has changed the way the world communicates. But many of the attributes that have made it great – it’s openness, it’s interoperability – have also made it vulnerable to malicious activity. The beauty of DMARC is that it attempts to address the security threats to the email ecosystem without impacting its utility as a communication channel.
“Return Path is proud to support the DMARC standard and we encourage companies to implement it as quickly as they can. Fast, widespread adoption of DMARC will make a significant dent in scammers ability to perpetuate crime through email.”
Other companies involved in the DMARC are: Facebook, Aol, Paypal, American Greetings, Bank of America, Agari, Fidelity, Cloudmark, Comcast and TDP.