Published in News
New spec supposed to spear phishing
by Nick Farrell on01 February 2012
Microsoft and Google agree on DMARC
A new email authentication framework called DMARC could make spoofed domains in messages a thing of the past.
Email providers AOL, Google, Microsoft, and Yahoo have signed up to a new standard which they think could make it easier to verify the authenticity of email messages. The standard, which will be run by the DMARC.org, aims to make email more trustworthy and phishing more difficult.
The new standard dictates rules about how email senders should authenticate messages, and communicate their authentication practices, and how message recipients can discover and implement sender policies. It has taken the DMARC.org group 18 months to produce and a Google spokesman said that it is a proposed mechanism by which senders and receivers can work together to fight phishing.
At the moment email senders can easily make their messages appear to come from someone else's Internet domain. DMARC is supposed to enhance existing specifications such as SPF and DKIM. It offers a way to formalise and automate message authentication processes and reporting so that security scales.