OTA Endorses Domain-Based Message Authentication (DMARC)

Thursday, February 02, 2012

Headlines

69dafe8b58066478aea48f3d0f384820

Leading email service and technology providers and organizations including the Online Trust Alliance (OTA) announced the formation of DMARC.org, a working group focused on developing standards for reducing the threat of deceptive emails.

The group's work includes a draft specification that helps create a feedback loop between legitimate email senders and receivers to make impersonation more difficult for phishers trying to send fraudulent email. 

DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms.  

"Since 2004, OTA has been on the forefront of advancing best practices to restore trust in email and to protect consumers from harm. We are excited about the promise of DMARC and how it builds on these efforts enhancing brand, business and consumer protection." - Craig Spiezle, Executive Director & President Online Trust Alliance.

What is DMARC?

  • A multi-stakeholder effort to help provide domain owners enhanced brand security & integrity of the email channel.

  • Builds on lessons learned and the needs of brand owners and receiving networks.

  • Helps to address key deployment issues for of SPF and DKIM

  • Response to the need for a scalable and effective policy mechanisms

  • Builds on lessons learned from Author Domain Signing Practices (ADSP)

  •  Helps to combat phishing by tying visible Mail User Agent (MUA) “from” to DKIM or SPF authenticated domain

Business & Technical Value:

Domain Owners & Email Senders Receive:

  • Enhanced brand protection

  • Ability to communicate to receiving networks and ISPs what to do with illegitimate email

  • Feedback loop to improve and monitor their authentication infrastructure

  • Visibility on both the abuse of their domain and to optimize authentication across all domains and subdomains

Receiving Networks & ISPs receive:

  • Clarity for handling of un-authenticated & failing email

  • A uniform and scalable way to determine email legitimacy

  • Freedom to act on email with confidence – no more guessing

  • Scalable methods to provide feedback to Domain Owners

End Users:

  • Greater confidence of the email channel

  • Significant reduction in risk of phishing from DMARC domains

DMARC Tools

To learn more, OTA is hosting a DMARC overview webinar on Wed February 15th.

Source:  https://otalliance.org/resources/authentication/dmarc.html

Possibly Related Articles:
5038
SPAM
Email Phishing SPAM SPF Authentication Enterprise Security Headlines OTA Online Trust Alliance Craig Spiezle DMARC Domain-Based Message Authentication DKIM
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.