Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Google, Microsoft and Facebook battle phishing with new specification

Internet giants out to banish bogus email

Article comments

Major Internet companies including Google, Microsoft, and Facebook have announced a new specification to streamline the way email providers work out whether messages are part of phishing attacks using spoofed domain addresses.

In testing for two years and called DMARC (Domain-based Message Authentication, Reporting & Conformance), the initiative is really an attempt to impose a single set of policies on the sometimes arbitrary way that way companies separate the good email from the bad.

Almost a decade after the industry last set out to solve the problem with DomainKeys Identified Mail (DKIM) and Microsoft’s Sender Policy Framework (SPF, later called Sender ID), DMARC’s arrival is an acceptance that these have not been enough - phishing attacks, in which criminals impersonate the domains of well-known companies in order to get users to click on malicious links, remain a major scourge.  

Conversely, large corporate such as banks are often unwilling to communicate by email at all lest it make consumers more likely to fall for phishing attacks.

Under DMARC, email hubs would use a protocol to communicate which email authentication technologies they were using, giving recipients a high degree of certainty as to an email's provenance.

This sounds obvious, but many of today’s bulk email providers apply security as islands cut off from their peers in which they secure outgoing email traffic without being able to trust what is incoming to their servers. Policies and algorithms for doing the latter vary.

Importantly, organisations whose domains are being impersonated as part of phishing attacks – that is to say almost every company of any size - never get to hear from their peers that this is happening.

By cementing trust between large email companies, DMARC hopes to slowly but surely drive spammers and phishing scammers away from their domains towards less convincing ones. It doesn’t mean, therefore, that phishing attacks will stop merely that they will be easier to spot both for anti-spam filters and recipients.

“Industry groups come and go, and it’s not always easy to tell at the beginning which ones are actually going to generate good solutions,” admitted Adam Dawes of Google, one company that has been trialling DMARC for some time.

“When the right contributors come together to solve real problems, though, real things happen. That’s why we’re particularly optimistic about today’s announcement of DMARC.org,” he said.

Google already endoreses the Domain assurance anti-phishing system from fellow DMARC member, Return Path, developed in parallel to the new specification as it emerged from a partnership between Google, Yahoo and PayPal five years ago.

A large part of DMARC's success will depend on spreading it beyond the core of large companies currently endorsing it. ISPs also need to come onboard, which will take time.

Other participants include Bank of America, PayPal, Yahoo, LinkedIn, Fidelity Investments, AOL, Agari and American Greetings as well as email security company CloudMark. Industry research group the Trusted Domain Project (TDP) completes the list.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *