Symantec’s June 2015 Intelligence Report includes some eye-catching numbers, and predictably generated a lot of quick press coverage. But how reliable is that figure? Unfortunately the publicly-available report is light on details and methodology, and doesn’t provide message volumes. Do other sources agree with their assessment?
“Email Authentication Basics” Slide Deck Now Available
A new presentation explaining the basics of how email authentication works is available from DMARC.org. The concepts and common usage of SPF, DKIM, and DMARC are all covered in this introductory slide deck, which is made available under the Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA). You can download the 1.9MB PDF file clicking […]
Paper on DMARC and privacy laws in Germany and the EU
eco, the largest Internet industry association in Europe, released a paper in late March addressing DMARC and the data privacy laws of the EU. The short answer is that mailbox providers should feel free to implement DMARC filtering and send aggregate reports to domain owners, even under the very stringent data privacy laws of Germany. […]
New Site Checks for DMARC, DKIM, SPF, TLS, DNSSEC, and IPv6
An initiative organized by the Dutch government, industry organizations, and the Internet Society is offering a website where users can see if their email provider is using a range of modern Internet standards: IPv6, DNSSEC, TLS, DKIM, DMARC, and SPF. Use this link in English or this link in Dutch to access the site, which […]
Spike in Number of DMARC Reports in Mid-April
On April 15-16th multiple sources reported seeing an increase in the number of DMARC reports generated or received. Between two and three and a half times as many reports per day were observed, depending on the source. There was some hope there would be a public announcement during the RSA Conference in San Francisco last […]
Email Authentication and Messaging Operations
Effective email authentication requires an organization to have clear control of its messaging operations, and it can take a lot of work to get there if you don’t already have it. But many don’t realize that deploying DMARC – before or while you’re deploying DKIM and SPF – can offer a valuable external view of […]
Top Alexa Websites and Email Authentication, Part 1
The more popular a website is, the more likely the average consumer is to trust a fraudulent message that impersonates that website’s Internet domain. One might expect that the websites at the top of the list employ email authentication to protect against that possibility, but what about sites further down the list? This piece will […]
Phishing Solved, DMARC Adopters Bored (April Fools!)
Dateline: April 1, 2015; Berkeley, California – Today major mailbox providers and email senders expressed their frustration that nobody is phishing their customers and domains. The universal adoption of email authentication technologies such as SPF, DKIM, and DMARC, and the sudden elimination of spam, has caused criminals to abandon this once-popular activity. “I guess I […]
Bad Actors: Please Adopt Email Authentication
A recent Trend Micro blog post suggests that the bad actors behind a current ransomware campaign are using email authentication and DMARC to make their messages more effective. One online article citing the post even includes a headline that incorrectly suggests that DMARC somehow enables the malware to bypass filters – which it assuredly does […]
DMARC is a Proven Tool in the Fight Against Fraudulent Email
San Francisco, California – February 18, 2015 – Since it was introduced to the public in 2012, the Domain-based Message Authentication, Reporting, & Conformance (DMARC) specification has proven its value in combating fraudulent email. Email is an essential channel of communication but to be effective, the recipient must trust that it comes from the identified […]