The United Kingdom may have the most forward looking policies and deployment plans of any major government. Last week Chancellor of the Exchequer Philip Hammond announced a £1.9 billion national cyber security strategy that includes a broad series of measures, and will continue a series of improvements in email security that the UK government has […]
Introduction to ARC to be presented at M3AAWG 38 in Paris on Oct 26
Kurt Andersen (LinkedIn) and Steve Jones (DMARC.org) will be presenting an overview of the Authenticated Received Chain (ARC) protocol at the 38th Messaging, Malware, and Mobile Anti-Abuse Working Group meeting in Paris, France from 1-2PM local time on Wednesday, October 26th. The description of this session from the conference agenda reads: The new ARC specification […]
Zendesk moves to “p=reject”
Customer service and support platform provider Zendesk has employed DMARC to monitor email activity using their domains for several years. In September, Zendesk switched over 80,000 sub-domains that they use to support their customers to a “p=reject” DMARC policy. This prevents fraudulent email using these sub-domains from reaching consumers, and protects their customers’ and Zendesk’s […]
DMARC Q&A on Litmus Blog
A short time ago Bettina Specht of email marketing and software firm Litmus compiled questions her colleagues and their customers had about DMARC and email authentication. They cover the most common topics and concerns around preventing fraudulent email from affecting your brand and customers. The answers provided by DMARC.org staff have now been compiled into […]
Australian Government Agency Recommends DMARC, DKIM, and SPF
In July the Australian Signals Directorate, part of the Department of Defence, and the Australian Cyber Security Centre issued a report for IT professionals titled, Malicious Email Mitigation Strategies. The report recommends the most effective methods of protecting organizations from email-borne attacks, and includes deploying DKIM, DMARC, and SPF. Furthermore it recommends using DMARC with […]
Common Problems With DMARC Records
It’s very common for any organization’s first attempt at a DMARC record to get the syntax or content wrong in some respect. This post will share some of the missteps and oddities seen while reviewing a dataset of captured Domain Name System (DNS) queries provided by Farsight Security. To be clear, all of the records […]
How Many From: Addresses Are There?
When first exploring email authentication, even people with a technical background find that there’s a lot of niche terminology that has to be picked up. This post will try to explain the different terms used for addresses that are associated with email messages. How Is An Email Message Like A Postal Letter? When your postman […]
DMARC Required For UK Government Services By October 1st
Government Digital Service (GDS), part of the United Kingdom’s Cabinet Office, is requiring that other government departments adopt DMARC and HTTPS/HSTS to protect their online services by October 1st, 2016. This includes making the strongest DMARC policy (“p=reject”) the default for email services at that time. This will apply to all services operating under the service.gov.uk […]
Our Supporters Make DMARC All It Can Be
Philadelphia, Pennsylvania – June 15, 2016 – The need to overcome brand hijacking, phishing and fraud compelled many leading companies to participate in creating the DMARC standards. Since that time, many forward-looking companies have asked how they can become involved in promoting DMARC adoption so we can all enjoy protection worldwide. Responding to demand in […]
New Presentation Describing ARC Protocol Available
The Authenticated Received Chain, or ARC, protocol allows authentication results to be conveyed across indirect mailflows. This is intended to allow traditional services like mailing lists, content scanning, and alumni accounts that forward and/or alter messages to continue to operate in an environment where email authentication is increasingly required for timely delivery of messages, but […]