Leading email providers join hands to fight spam, phishing

January 31, 2012 08:52 am | Updated October 18, 2016 03:22 pm IST - Washington

A combo picture of the logos of Google, Yahoo, AOL and Facebook. File photo

A combo picture of the logos of Google, Yahoo, AOL and Facebook. File photo

World’s leading email providers including Google, Yahoo, AOL, Facebook and Microsoft have announced to join hands to collectively fight the increasing menace of email and phishing attacks.

Following 18 months of collaborative work, 15 email providers on Monday announced formation of DMARC.org (Domain-based Message Authentication, Reporting and Conformance) a technical working group to develop standards for reducing the threat of deceptive emails, such as spam and phishing.

Among other things, it will outline an enhanced vision for email authentication that can scale up to today’s Internet needs.

The group’s work includes a draft specification that helps create a feedback loop between legitimate email senders and receivers to make impersonation more difficult for phishers trying to send fraudulent email.

“Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole,” said Brett McDowell, chair of DMARC.org and Senior Manager of Customer Security Initiatives at PayPal.

“Industry cooperation -- combined with technology and consumer education -- is crucial to fight phishing,” McDowell said.

The DMARC specification addresses concerns that have traditionally hindered widespread deployment of an authenticated, trusted email ecosystem, the statement said.

“Today, email receivers lack a reliable way to know the extent to which an email sender uses standards like SPF and DKIM for authenticating their messages,” it said adding that as a result, providers must rely on complex and imperfect measurements to separate legitimate unauthenticated messages sent by the domain owner from fraudulent phishing messages sent by a scammer.

By introducing a standards-based framework, DMARC has defined a more comprehensive and integrated way for email senders to introduce email authentication technologies into their infrastructure, it said.

For example, a sender could set policies to easily request a provider to discard unauthenticated email in order to block phishing attacks.

The specification also creates a mechanism for email providers to send detailed reports back to email senders to help catch any gaps in the authentication system.

This feedback loop raises the trust level within the email ecosystem and makes it easier to detect and stop phishing attempts, it said.

“BITS has been committed to defining and improving email authentication standards and practices to meet the financial services industry’s needs.

“DMARC’s evolutionary approach is critical in assuring these needs are met for years to come,” said Paul Smocer, president of BITS, the technology policy division of The Financial Services Roundtable.

After gathering data and input from field usage of the technology, DMARC.org intends to submit its DMARC specification to the IETF for standardisation.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in

Comments

Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.