In July the Australian Signals Directorate, part of the Department of Defence, and the Australian Cyber Security Centre issued a report for IT professionals titled, Malicious Email Mitigation Strategies. The report recommends the most effective methods of protecting organizations from email-borne attacks, and includes deploying DKIM, DMARC, and SPF. Furthermore it recommends using DMARC with […]
DMARC Required For UK Government Services By October 1st
Government Digital Service (GDS), part of the United Kingdom’s Cabinet Office, is requiring that other government departments adopt DMARC and HTTPS/HSTS to protect their online services by October 1st, 2016. This includes making the strongest DMARC policy (“p=reject”) the default for email services at that time. This will apply to all services operating under the service.gov.uk […]
Eleven Commercial Email Gateways Support DMARC
Businesses and other organizations can protect themselves from certain classes of phishing attacks on their employees by using DMARC to filter incoming email messages. But whether the company is large or small, they usually don’t have the expertise or resources to build their own filtering solution. That’s why commercial email gateways that support DMARC are […]
Best Authentication Practices for Email Senders
Product managers and engineers from some of the world’s largest mailbox providers recently got together to explain coming changes in email authentication at an industry conference. While we can’t share all that was said, we did get permission to share their combined best practice recommendations, which will work as well for a small business as […]
Two ARC Implementations Tested At Interoperability Event
From arc-spec.org: On February 19th representatives from AOL (NYSE:VZ) and Google (NASDAQ:GOOG) successfully tested the first two implementations of the ARC protocol at an interoperability event. LinkedIn (NYSE:LNKD) hosted the in-person, all-day event at their San Francisco offices and facilitated the testing. Also participating were representatives from Cloudmark, Comcast (NASDAQ:CMCSA), DMARC.org, the Trusted Domain Project, […]
How Can I Tell Who is Using DMARC?
Often when people first hear about DMARC, their immediate reaction is, “That’s great! Who’s using it?” That’s a good question, because DMARC can only prevent fraudulent email from reaching inboxes when both senders and receivers have implemented it. Checking Senders For convenience, we’ve collected a sample of notable organizations or domains that have published DMARC […]
Instructional DMARC videos from Dmarcian
DMARC report processor Dmarcian.com has made a series of videos about DMARC and email authentication available on their website. There is no charge to view the nine videos, which are based on presentations Dmarcian has developed and offered over the past several years. You can find all nine videos here: https://space.dmarcian.com/videos-on-all-things-dmarc
“DMARC is easy!” “DMARC is hard!” Which is it?
It happens so often in IT that it’s a cliché. Somebody comments to senior management about a complex, long-term project you’re involved in, saying: “That’s easy, I could do that in an afternoon. What’s taking your people so long?” Or you’ve spent weeks on careful research, building the business case, explaining the cost-benefit trade-offs, and […]
Global Mailbox Providers Deploying DMARC to Protect Users
Berkeley, California – October 19, 2015 – The Domain-based Message Authentication, Reporting, & Conformance (DMARC) specification has proven its value in combating fraudulent email since its introduction three and a half years ago. Thousands of companies use it to prevent billions of messages fraudulently using their Internet domains from reaching inboxes, thereby protecting their customers and employees […]
M3AAWG Conference in Atlanta to Feature DMARC Training
At the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) conference in Atlanta on Monday, October 18th, DMARC.org will provide a training session on DMARC and email authentication. Barry Jones of ACS Technologies will present a representative case of how to use DMARC and email authentication to protect users from relentless phishing attacks and other […]