Fifteen major companies including Google, Facebook, Microsoft, PayPal, and Yahoo have joined hands on DMARC (Domain-based Message Authentication, Reporting, and Conformance) to develop new antiphishing standards to help reduce the threat of spam and phishing emails.
The companies involved include: Google, Facebook, LinkedIn AOL, Microsoft, Yahoo, PayPal (eBay), Bank of America, Fidelity Investments, American Greetings, Agari, Cloudmark, eCert, Return Path and Trusted Domain Project.
DMARC builds on systems such as DKIM and SPF (which allow domain owners to vouch for mail sent in their name, but don’t specify what to do with messages that fail the test), allowing domain owners to ask receiving mail servers to discard mail that fails authentication tests. That will make it less likely that scam messages impersonating sites such as PayPal will appear in your inbox. The system will be able to verify for users whether potential phishing emails have actually been sent by legitimate companies, and not by those looking to steal passwords, credit card details, and other sensitive information.
DMARC can be used by used by anyone and it has been encouraging interested organizations to read the specification, join their mailing list and start testing and deploying standards.