On behalf of Port25 and it’s representation of enterprise senders worldwide we’re thrilled with this report from DMARC.org. DMARC’s rapid adoption among the most demanding senders certainly builds on present-day email authentication standards. In the last decade, Port25 has taken a leadership role in standardizing email authentication, such as DomianKeys, SFP, Sender ID and DKIM. DMARC’s release today should be considered a milestone for email authentication practices and represents further, the rabid movement towards protecting consumer inboxes and brands against phishing. Below is an excerpt of today’s release:
–On the sender side, DMARC is seeing wide acceptance, especially by very high-volume mailers. Data provided by DMARC member companies shows that 10 of 20 domains with the highest sending volumes are now implementing DMARC, including many companies beyond the original DMARC.org consortium. The implementation of DMARC by mailbox providers and mail senders is having a measurable impact on consumers – with more than 325 million messages rejected in November and December 2012 alone, by mailbox providers because they failed the DMARC authentication check.
“Despite being one of the world’s largest email senders, we only require a handful of individuals to maintain all of Facebook’s email security efforts thanks to DMARC,” said Michael Adkins, Messaging Engineer, Facebook. “DMARC’s powerful controls protect over 85% of our users from fraudulent email that claims to be from Facebook, and that’s after just one year. Add in the visibility and insight provided by DMARC’s reporting features and a very small team can have a huge impact on phishing.”
DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance, builds on previous email authentication advancements, SPF and DKIM, with strong protection of the author’s address (From field) and creating a feedback loop from receivers back to legitimate email senders. This makes impersonation of the author’s address difficult for phishers who are trying to send fraudulent email. Brands can use DMARC to easily notify email providers how to recognize and manage fraudulent mail, while also providing a means by which the receiver can report on fraudulent messages to the owner of the spoofed domain. Messages that pass DMARC validation will continue to be evaluated by the mailbox provider to determine ultimate placement of the message according to its spam-detection filters. Read the full release here:––