A year after Google, Microsoft and other e-mail heavyweights launched the DMARC programme to filter out spoofed e-mail that attackers use for phishing, they say an estimated 60% of the world’s inboxes are now safe.
"This empowers mailbox providers to take definitive actions on fraudulent mail," says Trent Adams, senior adviser of ecosystem security at PayPal information risk management, part of DMARC supporter eBay. "This has shut down entire avenues that lead to widespread e-mail fraud. It’s a lot like an inoculation."
Of the 325 million spoofed messages blocked during the last two months of 2012 via the DMARC (domain-based message authentication, reporting and conformance) process, 49 million were targeted for domains like PayPal and Facebook. From the perspective of a high profile e-commerce brand, Adams said blocking such messages before they hit e-mail recipients, "is golden".
DMARC is basically a filtering process based on policies in which e-mail managers implement the DMARC.org specification to check that e-mail originated from where it was supposed to. DMARC supports standards that include Sender Policy Framework and DomainKeys Identified Mail, two basic approaches for authenticating mail.
The spoofed mail caught through DMARC can be blocked, quarantined and deleted. According to DMARC.org, the top 10 e-mail senders which today publish a DMARC record to support this anti-spoofing process, are:
facebookmail.com
google.com
amazon.com
livingsocial.com
taggedmail.com
zyngamail.com
youtube.com
facebookappmail.com
new.itunes.com
ebay.com
Support for DMARC has been growing, with Mail.ru, the largest mailbox provider in Russia, for example, getting on board with it, points out Krish Vitaldevara, DMARC.org chair and Microsoft principal group program manager.
He says the experience with DMARC technology has been positive enough that Microsoft is thinking about implementing this functionality in some products, such as Exchange.
Although an estimated 60% of e-mail boxes today may be supported by DMARC, that leaves plenty that aren’t. (DRMARC.org points out that as of last April, the Radicati Group estimated there are 3.3 billion e-mail accounts, expected to rise to over 4.3 billion by the end of 2016.)
Mike Adkins, messaging engineer at Facebook, says the DMARC.org group is hoping to win support for the technology from large telecom providers and ISPs. Comcast just indicated it would come on board, he says.
Have the bad guys started catching on to DMARC, though?
"We know that fraudsters are looking at DMARC," says Adams, adding there have been some variations in attack patterns indicating they’re trying to get around it. But have they broken it? So far, it doesn’t appear so.
IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers