It happens so often in IT that it’s a cliché. Somebody comments to senior management about a complex, long-term project you’re involved in, saying: “That’s easy, I could do that in an afternoon. What’s taking your people so long?” Or you’ve spent weeks on careful research, building the business case, explaining the cost-benefit trade-offs, and […]
Global Mailbox Providers Deploying DMARC to Protect Users
Berkeley, California – October 19, 2015 – The Domain-based Message Authentication, Reporting, & Conformance (DMARC) specification has proven its value in combating fraudulent email since its introduction three and a half years ago. Thousands of companies use it to prevent billions of messages fraudulently using their Internet domains from reaching inboxes, thereby protecting their customers and employees […]
M3AAWG Conference in Atlanta to Feature DMARC Training
At the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) conference in Atlanta on Monday, October 18th, DMARC.org will provide a training session on DMARC and email authentication. Barry Jones of ACS Technologies will present a representative case of how to use DMARC and email authentication to protect users from relentless phishing attacks and other […]
Yahoo to Expand Use of Strict DMARC Policy
Last year AOL and Yahoo curtailed massive email-borne abuse of their customers by deploying strict DMARC policies on their marquee domains. Recently Yahoo announced that they would be extending that policy to more of their domains as soon as November.
North American ISPs Using DMARC to Protect Inbox
The biggest global mailbox providers – AOL, Google*, Hotmail/Microsoft, NetEase, Yahoo – have been using DMARC to filter out fraudulent email sent to their users from the beginning. But readers have told us that some major North American ISPs are also using DMARC to protect their customers. We like to recognize these ISPs for using […]
Receiving DMARC Reports Outside Your Domain
There are good reasons why one domain might want to have the DMARC reports about its traffic sent to a mailbox in a different domain. However DMARC.org has recently received several aggregate reports for a few seemingly random domains with no connection to DMARC.org – which is potentially a form of abuse itself, and one […]
“Email Authentication Basics” Slide Deck Now Available
A new presentation explaining the basics of how email authentication works is available from DMARC.org. The concepts and common usage of SPF, DKIM, and DMARC are all covered in this introductory slide deck, which is made available under the Creative Commons Attribution-ShareAlike 4.0 International License (CC BY-SA). You can download the 1.9MB PDF file clicking […]
Paper on DMARC and privacy laws in Germany and the EU
eco, the largest Internet industry association in Europe, released a paper in late March addressing DMARC and the data privacy laws of the EU. The short answer is that mailbox providers should feel free to implement DMARC filtering and send aggregate reports to domain owners, even under the very stringent data privacy laws of Germany. […]
New Site Checks for DMARC, DKIM, SPF, TLS, DNSSEC, and IPv6
An initiative organized by the Dutch government, industry organizations, and the Internet Society is offering a website where users can see if their email provider is using a range of modern Internet standards: IPv6, DNSSEC, TLS, DKIM, DMARC, and SPF. Use this link in English or this link in Dutch to access the site, which […]
Spike in Number of DMARC Reports in Mid-April
On April 15-16th multiple sources reported seeing an increase in the number of DMARC reports generated or received. Between two and three and a half times as many reports per day were observed, depending on the source. There was some hope there would be a public announcement during the RSA Conference in San Francisco last […]