A report released by the Global Cyber Alliance in late October attempts to quantify the expenses avoided by the companies that they have helped to implement strict DMARC policies (quarantine or reject). The full report (available here) contains a wealth of information and quotes from GCA and industry partners, while the executive summary shares a […]
United Kingdom Leading The Way In Email Security
The United Kingdom may have the most forward looking policies and deployment plans of any major government. Last week Chancellor of the Exchequer Philip Hammond announced a £1.9 billion national cyber security strategy that includes a broad series of measures, and will continue a series of improvements in email security that the UK government has […]
Australian Government Agency Recommends DMARC, DKIM, and SPF
In July the Australian Signals Directorate, part of the Department of Defence, and the Australian Cyber Security Centre issued a report for IT professionals titled, Malicious Email Mitigation Strategies. The report recommends the most effective methods of protecting organizations from email-borne attacks, and includes deploying DKIM, DMARC, and SPF. Furthermore it recommends using DMARC with […]
Eleven Commercial Email Gateways Support DMARC
Businesses and other organizations can protect themselves from certain classes of phishing attacks on their employees by using DMARC to filter incoming email messages. But whether the company is large or small, they usually don’t have the expertise or resources to build their own filtering solution. That’s why commercial email gateways that support DMARC are […]
As Email Fraud Diversifies, DMARC Protects Employees and Consumers
Berkeley, California – February 16, 2016 – As DMARC enters its fifth year as an open standard, leading organizations increasingly rely on Domain-based Authentication, Reporting & Conformance (DMARC) to protect their customers from email fraud that impersonates their domains. In 2016, DMARC.org will continue to promote increased use of email authentication to protect consumers, and advocate the […]
Phishing Education on the Today Show
NBC morning television show The Today Show featured some basic, consumer-friendly tips on identifying and avoiding phishing scams on their November 16th show. Developed in partnership with security firm ESET, they also added an interactive quiz on their website. You can find both items by following this URL: http://www.today.com/money/test-your-phish-spotting-skills-fun-quiz-t55891 Hopefully this is something even security […]
Yahoo to Expand Use of Strict DMARC Policy
Last year AOL and Yahoo curtailed massive email-borne abuse of their customers by deploying strict DMARC policies on their marquee domains. Recently Yahoo announced that they would be extending that policy to more of their domains as soon as November.
Top Alexa Websites and Email Authentication, Part 1
The more popular a website is, the more likely the average consumer is to trust a fraudulent message that impersonates that website’s Internet domain. One might expect that the websites at the top of the list employ email authentication to protect against that possibility, but what about sites further down the list? This piece will […]
Bad Actors: Please Adopt Email Authentication
A recent Trend Micro blog post suggests that the bad actors behind a current ransomware campaign are using email authentication and DMARC to make their messages more effective. One online article citing the post even includes a headline that incorrectly suggests that DMARC somehow enables the malware to bypass filters – which it assuredly does […]
Kaspersky: Phishing attacks on PayPal down due to DMARC
On February 12th Kaspersky Labs published a report titled “Financial cyberthreats in 2014.” This report takes a broad view of malware and email-based attacks on financial institutions and/or their customers. It notes some broad trends, like an almost 6% decrease in phishing attacks against banks, and that the number of malware attacks involving Bitcoin mining […]