<p>World's leading email providers including Google, Yahoo, AOL, Facebook and Microsoft have announced to join hands to collectively fight the increasing menace of email and phishing attacks.<br /><br /></p>.<p>Following 18 months of collaborative work, 15 email providers yesterday announced formation of DMARC.org (Domain-based Message Authentication, Reporting and Conformance) a technical working group to develop standards for reducing the threat of deceptive emails, such as spam and phishing.<br /><br />Among other things, it will outline an enhanced vision for email authentication that can scale up to today's Internet needs.<br /><br />The group's work includes a draft specification that helps create a feedback loop between legitimate email senders and receivers to make impersonation more difficult for phishers trying to send fraudulent email.<br /><br />"Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole," said Brett McDowell, chair of DMARC.org and Senior Manager of Customer Security Initiatives at PayPal.<br /><br />"Industry cooperation - combined with technology and consumer education - is crucial to fight phishing," McDowell said.<br /><br />The DMARC specification addresses concerns that have traditionally hindered widespread deployment of an authenticated, trusted email ecosystem, the statement said.<br /><br />"Today, email receivers lack a reliable way to know the extent to which an email sender uses standards like SPF and DKIM for authenticating their messages," it said adding that as a result, providers must rely on complex and imperfect measurements to separate legitimate unauthenticated messages sent by the domain owner from fraudulent phishing messages sent by a scammer. By introducing a standards-based framework, DMARC has defined a more comprehensive and integrated way for email senders to introduce email authentication technologies into their infrastructure, it said.<br /><br />For example, a sender could set policies to easily request a provider to discard unauthenticated email in order to block phishing attacks.<br /><br />The specification also creates a mechanism for email providers to send detailed reports back to email senders to help catch any gaps in the authentication system.<br /><br />This feedback loop raises the trust level within the email ecosystem and makes it easier to detect and stop phishing attempts, it said.<br /><br />"BITS has been committed to defining and improving email authentication standards and practices to meet the financial services industry's needs.<br /><br />"DMARC's evolutionary approach is critical in assuring these needs are met for years to come," said Paul Smocer, president of BITS, the technology policy division of The Financial Services Roundtable.<br /><br />After gathering data and input from field usage of the technology, DMARC.org intends to submit its DMARC specification to the IETF for standardisation.</p>
<p>World's leading email providers including Google, Yahoo, AOL, Facebook and Microsoft have announced to join hands to collectively fight the increasing menace of email and phishing attacks.<br /><br /></p>.<p>Following 18 months of collaborative work, 15 email providers yesterday announced formation of DMARC.org (Domain-based Message Authentication, Reporting and Conformance) a technical working group to develop standards for reducing the threat of deceptive emails, such as spam and phishing.<br /><br />Among other things, it will outline an enhanced vision for email authentication that can scale up to today's Internet needs.<br /><br />The group's work includes a draft specification that helps create a feedback loop between legitimate email senders and receivers to make impersonation more difficult for phishers trying to send fraudulent email.<br /><br />"Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole," said Brett McDowell, chair of DMARC.org and Senior Manager of Customer Security Initiatives at PayPal.<br /><br />"Industry cooperation - combined with technology and consumer education - is crucial to fight phishing," McDowell said.<br /><br />The DMARC specification addresses concerns that have traditionally hindered widespread deployment of an authenticated, trusted email ecosystem, the statement said.<br /><br />"Today, email receivers lack a reliable way to know the extent to which an email sender uses standards like SPF and DKIM for authenticating their messages," it said adding that as a result, providers must rely on complex and imperfect measurements to separate legitimate unauthenticated messages sent by the domain owner from fraudulent phishing messages sent by a scammer. By introducing a standards-based framework, DMARC has defined a more comprehensive and integrated way for email senders to introduce email authentication technologies into their infrastructure, it said.<br /><br />For example, a sender could set policies to easily request a provider to discard unauthenticated email in order to block phishing attacks.<br /><br />The specification also creates a mechanism for email providers to send detailed reports back to email senders to help catch any gaps in the authentication system.<br /><br />This feedback loop raises the trust level within the email ecosystem and makes it easier to detect and stop phishing attempts, it said.<br /><br />"BITS has been committed to defining and improving email authentication standards and practices to meet the financial services industry's needs.<br /><br />"DMARC's evolutionary approach is critical in assuring these needs are met for years to come," said Paul Smocer, president of BITS, the technology policy division of The Financial Services Roundtable.<br /><br />After gathering data and input from field usage of the technology, DMARC.org intends to submit its DMARC specification to the IETF for standardisation.</p>