We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Google, Microsoft and Facebook join forces to fight phishing scams

DMARC standard creates feedback loop for emails providers

Google, Microsoft and Facebook are among 15 web firms joining forces to fight spam and phishing scams.

DMARC.org is a technical working group comprised of the tech giants along with payment providers such as PayPal and the Bank of America that has been developing standards for reducing the threat of deceptive emails, particularly those that use domain spoofing to trick web users in believing the message is from a reputable source.

The group, which has been working behind the scenes for 18 months, has announced a draft specification that creates a 'feedback loop' which allows receiving email servers to alert email providers if message don't contain the right-level of authentication, and could even see these messages being automatically discarded.

The system builds upon existing specifications and hopes to ensure the widespread deployment of an authenticated, trusted email ecosystem

"Email phishing defrauds millions of people and companies every year, resulting in a loss of consumer confidence in email and the Internet as a whole," said Brett McDowell, Chair of DMARC.org and Senior Manager of Customer Security Initiatives at PayPal.

"Industry cooperation - combined with technology and consumer education - is crucial to fight phishing."

Google said it was "particularly optimistic" about DMARC as it was created by "a passionate collection of companies focused on significantly cutting down on email phishing and other malicious mail".

"When the right contributors come together to solve real problems, though, real things happen," Adam Dawes, Product Manager for Gmail, said in a blog.

"With DMARC, large email senders can ensure that the email they send is being recognized by mail providers like Gmail as legitimate, as well as set policies so that mail providers can reject messages that try to spoof the senders' addresses."

Google added that 15 percent of non-spam messages in Gmail are already coming from domains protected by DMARC, ensuring Gmail users don't need to worry about spoofed messages from these senders.

"The phishing potential plummets when the system just works, and that's what DMARC provides."

DMARC.org plans to submit its specification to the IETF for standardisation.


IDG UK Sites

Nexus 6 vs Samsung Galaxy Note 4 comparison: What's the best Android phablet?

IDG UK Sites

The iPhone is doomed. Doomed to be marginally less successful than a very successful thing.

IDG UK Sites

How to prototype native mobile apps without writing code

IDG UK Sites

How to prepare for and update to OS X Yosemite: Get your Mac ready to download & install Apple's...