Microsoft, Google, and Yahoo! this week announced their support of a new email-security initiative called DMARC that they say will lessen the impact of so-called "phishing" attacks. The firms are joining various financial services companies to promote a set of technologies offered by the initiative that authenticates the origins of individual email messages.
DMARC stands for Domain-based Message Authentication, Reporting and Conformance,
according to a website established for the specifications.
"DMARC standardizes how email receivers perform email authentication using well-known mechanisms," the site notes. "This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo!, and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate."
In the Official Gmail Blog, Google's Adam Dawes wrote this week that DMARC addresses one of the biggest online threats, called phishing. "Google and other companies have been talking about how we can move beyond the solutions we've developed individually over the years to make a real difference for the whole email industry," he writes. "DMARC.org [is] a passionate collection of companies focused on significantly cutting down on email phishing and other malicious mail."
Previous to DMARC, technology firms had created their own email-security solutions. Microsoft, for example, backs the Sender Policy Framework (SPF), which attempts to prevent email spoofing that sits at the heart of most phishing attacks. And Google and other firms implement a technology called DomainKeys Identified Mail (DKIM), which uses digital signatures to validate email senders. DMARC builds on these and other technologies to create a solution on which many companies can agree and partner.
And there are some heavy hitters backing this initiative. In addition to Microsoft, Google, and Yahoo!, other involved tech firms include AOL, Facebook, and LinkedIn, as well as email-security solution providers such as Agari, Cloudmark, eCert, Return Path, and Trusted Domain Project. In the financial sector, Bank of America, Fidelity Investments, and PayPal have all signed on as well.