San Jose, California – October 3, 2012 – DMARC.org, a technical working group that has been developing standards for reducing the threat of deceptive emails, such as spam and phishing, today announced that many of its members have deployed the enhanced protection capabilities of DMARC (Domain-based Message Authentication, Reporting, and Conformance). DMARC contains features that increase sender validation and improve operational feedback from receivers back to senders.
DMARC.org’s members include companies that run the world’s most popular email services: AOL, Google, Microsoft, Netease, and Yahoo!; financial institutions and service providers: Bank of America, Fidelity Investments, JPMorgan Chase & Co, PayPal; greeting cards: American Greetings; social media properties: Facebook, LinkedIn; and email security solutions providers: Agari, Cloudmark, Return Path and Trusted Domain Project.
The standard’s progress has begun to attract non-member adoption as well, with support extending to email-related products: Message Systems; financial institutions and service providers: ING Domestic Bank Nederland; Internet-based service providers: Constant Contact, Contactlab, dotMailer, E-ngine BV, Kitterman Technical Services, Message Bus, ScanMailX, and SendGrid.
“It is impressive to see how many participants in the email industry are cooperating on the use of this protection and reporting capability,” said J. Trent Adams, Chair of DMARC.org and Senior Policy Advisor for PayPal. “This level of collaboration with DMARC is needed to effectively defend against domain-spoofed email attacks.”
A recent Engineering Interoperability Workshop, held at Facebook headquarters, brought together 20 independent implementations of DMARC for testing to ensure that an email author’s address is likely to be legitimate and to improve the ability of a receiving organization to report back to the owner of the address’s domain.
“We were pleased to host the two-day DMARC Interoperability Workshop at our Menlo Park campus,” said Michael Adkins, Messaging Engineer for Facebook. “We were able to test, debug, and generally improve our DMARC implementation. Since we rely on open source tools, our testing helped to improve the email ecosystem as a whole.”
“It is through the support of events like this and the generous donations of our sponsors, that we’re able to provide free access to robust, open source DMARC tools to the community,” said Murray Kucherawy, Executive Director of the Trusted Domain Project. “We developed a number of libraries in support of the DMARC Interoperability Workshop that are being built into major implementations like those being deployed by Facebook.”
Other event participants such as representatives of Google and Cisco were able to work closely with their counter-parts at Yahoo!, Comcast and NetEase, as well as with solution providers like Agari, Return Path, SendGrid and Trustsphere. Agari CEO Patrick Peterson said: “Being able to easily identify potential problems, then quickly develop a solution and test again, was invaluable. Then being able to do so with a potential competitor, that just shows how collaborative this process has become.”
DMARC.org will capture the insights from the event into “best practices” documents to be published by liaison organizations such as the Messaging, Malware, and Mobile Anti-Abuse Working Group (M^3AAWG) and the Online Trust Alliance (OTA).
DMARC.org (Domain-based Message Authentication, Reporting and Conformance) is an unincorporated working group dedicated to developing Internet standards to reduce the threat of email phishing and to improve coordination between email providers and mail sender domain owners. The group is made up of many of the world’s leading email providers (AOL, Google, Microsoft, Netease, Yahoo! Mail), financial institutions and service providers (Bank of America, Fidelity Investments, JPMorgan Chase & Co, PayPal), greeting cards (American Greetings), social media properties (Facebook, LinkedIn) and email security solutions providers (Agari, Cloudmark, Return Path, Trusted Domain Project).
For more information, go to: www.dmarc.org.