Click here to close now.

Welcome!

Search Authors: Elizabeth White, Mike Kavis, Ruxit Blog, Pat Romanski, Carmen Gonzalez

News Feed Item

In First Year, DMARC Protects 60 Percent of Global Consumer Mailboxes

SAN JOSE, CA -- (Marketwire) -- 02/06/13 -- DMARC.org, an industry collaborative working to increase email trust, announced today that the DMARC standard now protects almost two-thirds of the world's 3.3 billion consumer mailboxes worldwide. First announced January 2012, DMARC marshals the forces of leading brands and email suppliers to combat rampant email deception and fraud, such as spam and phishing. The mailbox providers who have implemented DMARC represent roughly 80 percent of consumer inboxes in the United States. The standard has also been implemented at leading mailbox providers in the Netherlands, China, and Russia, representing hundreds of millions of mailboxes.

"DMARC is a testimony to private sector and market-driven collaboration to combat a real problem on the Internet," said Trent Adams, chair of DMARC.org and senior policy advisor at PayPal. "The successful adoption of DMARC has been phenomenal. And the effectiveness proves that any brand owner interested in increasing protection of their email stream should deploy DMARC today."

On the sender side, DMARC is seeing wide acceptance, especially by very high-volume mailers. Data provided by DMARC member companies shows that 10 of 20 domains with the highest sending volumes are now implementing DMARC, including many companies beyond the original DMARC.org consortium. The implementation of DMARC by mailbox providers and mail senders is having a measurable impact on consumers -- with more than 325 million messages rejected in November and December 2012 alone, by mailbox providers because they failed the DMARC authentication check.

"Despite being one of the world's largest email senders, we only require a handful of individuals to maintain all of Facebook's email security efforts thanks to DMARC," said Michael Adkins, Messaging Engineer, Facebook. "DMARC's powerful controls protect over 85% of our users from fraudulent email that claims to be from Facebook, and that's after just one year. Add in the visibility and insight provided by DMARC's reporting features and a very small team can have a huge impact on phishing."

DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance, builds on previous email authentication advancements, SPF and DKIM, with strong protection of the author's address (From field) and creating a feedback loop from receivers back to legitimate email senders. This makes impersonation of the author's address difficult for phishers who are trying to send fraudulent email. Brands can use DMARC to easily notify email providers how to recognize and manage fraudulent mail, while also providing a means by which the receiver can report on fraudulent messages to the owner of the spoofed domain. Messages that pass DMARC validation will continue to be evaluated by the mailbox provider to determine ultimate placement of the message according to its spam-detection filters.

DMARC Performance by the Numbers

DMARC successfully addresses concerns that previously hindered widespread adoption and mass deployment of trusted email authentication solutions. The standards-based framework of DMARC establishes a foundational feedback loop so email senders and receivers communicate automatically about potential abuse. As more senders embrace DMARC, global protection against fraudulent email will continue to increase. Compelling data reported by Trend Micro, claims that 91 percent of targeted attacks involve highly tailored spear-phishing emails (http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf). Senders can use DMARC to defend their brands against becoming a vector of attack.

In its first year, DMARC:

  • Protects 60 percent of the world's email boxes or 1.976 billion of the estimated 3.3 billion email boxes worldwide. (http://www.email-marketing-reports.com/metrics/email-statistics.htm)

  • Has been adopted by the world's largest consumer email providers- AOL, Comcast, Google, Mail.ru, Microsoft, NetEase, Xs4All, and Yahoo!.

  • Can claim 50 percent of the top 20 sending domains publish a DMARC policy, with 70 percent of those domains asserting a policy that directs receivers to take action against unauthenticated messages.

  • Sender adoption exceeds the original DMARC.org membership, with 60 percent of the top sending domains publishing policy coming from companies not directly affiliated with DMARC.org.

  • Rejected hundreds of millions of potentially fraudulent messages from domains publishing a DMARC reject policy. As an example, in November and December 2012, more than 325 million messages were rejected as purporting to be "From" domains with a DMARC reject policy. Of those messages, 49 million were from highly phished domains*.

  • Protects 80 percent of US typical consumer mailboxes.

* Highly phished domains = Domains with a DMARC reject policy and more than 10 percent of all messages purporting to be from that domain failing authentication checks.

Service Providers Embrace DMARC

Mailbox providers who have deployed DMARC include AOL, Comcast, Google, Mail.ru, Microsoft, NetEase, Xs4All, and Yahoo!.

"DMARC implementation is of utmost importance to Microsoft as we protect our millions of email users against phishing and online fraud. At Microsoft, we want our users to be able to trust messages that appear in their inbox. The increasing global adoption is a cumulative effect; the more email sending brands that use DMARC, the broader the protection offered against phishing," said Krish Vitaldevara, Outlook.com's principal group program manager.

"We are excited with how quickly DMARC has been adopted in China, and we are pleased to be part of the effort," said Junping Chen, Senior Mail Security Officer at NetEase. "NetEase had more than 530 million mailbox users at the end of 2012 and is the first DMARC implementer in China. We estimate that DMARC protection already applies to over 50 percent of all Chinese consumer mailboxes, and adoption is accelerating."

"DMARC has reduced the risk of phishing for Gmail users by enabling us to effectively reject suspicious, unauthenticated messages that come from DMARC senders with a reject policy," said Adam Dawes, Product Manager at Google. "This capability gives users instant protection against zero hour phishing attacks and provides better assurance that spam classifications are accurate."

"Every day, email users are potentially exposed to a wide range of abusive emails -- from spam, to phishing attacks, to potential malware that can take over a computer. To combat this abuse, Yahoo! helped create the DMARC specification which now helps us recognize and prevent forged or spoofed emails from reaching our users," said Raj Ramaswamy, senior director, Yahoo! Mail. "We're encouraged to see the rapid global adoption of DMARC because it will keep all email users safer."

"DMARC helps protect AOL users from fraud and phishing attacks, which in turn helps our users trust the email they see in their inbox. After year one, we are seeing positive results from these efforts," said Jim Sargent, Anti-Spam Technology Development and Operations Manager, AOL. "AOL is proud to be a DMARC.org founding member and we see worldwide support for the standard. It's very gratifying to see the growth, expansion and innovation possible now with DMARC enabling greater trust in the email channel."

Leading Brands Rely on DMARC to Preserve Reputation and Protect Constituents

Brands, or email senders, have accelerated DMARC adoption. Compelled to ensure their brands' integrity with consumers, brands employ DMARC to ensure the authenticity of their emails and guard millions of would-be targets from popular phishing schemes that attempt to exploit them.

Leading brands across industry use DMARC, including Amazon, American Greetings, Apple, Bank of America, Blizzard Entertainment, Booking.com, eBay, Facebook, FedEx, Fidelity Investments, Google, Groupon, JP Morgan Chase, LinkedIn, LivingSocial, Netflix, PayPal, Tagged, Twitter, Western Union, Yelp, YouTube, and Zynga.**

** Brands in this list have been identified by publicly discoverable DMARC records available in the DNS.

Industry experts have embraced DMARC as a market-driven solution to secure the email channel against phishing and fraud. Active contributors participate through the open DMARC-Discuss email group (http://www.dmarc.org/participate.html). ISPs, brands, and security vendors collaboratively address issues and share information regarding the specification. This participation, combined with the DMARC Interoperability Workshop held at Facebook headquarters in July 2012, and global operational experience has continued to improve the specification in the past year.

Industry Associations Promote DMARC Awareness and Adoption

Leading industry groups have embraced DMARC and encourage their member companies to use DMARC to protect their brands and their audiences against nefarious phishing scams. The Financial Services - Information Sharing and Analysis Center (FS-ISAC), BITS - The Financial Services Round Table, and the Online Trust Alliance (OTA) have joined the DMARC.org efforts to benefit those most targeted by phishing.

The Messaging, Mobile, & Malware Anti-Abuse Working Group (M3AAWG) was instrumental in helping to incubate the DMARC specification, as well as providing ongoing education to its members and the public. As a commitment to the email ecosystem, they released a free video training series published on February 4th (http://www.maawg.org).

"M3AAGW has been supporting the development of DMARC since its inception at our M3AAWG meetings as part of our mission to combat messaging abuse," said Jerry Upton, M3AAWG Executive Director. "In addition, the DMARC training sessions we've hosted over the last year have all exceeded capacity, indicating the industry's high level of interest for this new, exceptionally useful technology."

Founded in 2004 to advance the business and brand protection value of email authentication, OTA provides ongoing education by way of its Email Authentication Training Academy, Email Authentication Deployment Guide for Senders, and annual adoption scorecard tracking adoption of the world's largest banks, commerce sites and social network sites (https://otalliance.org/resources/authentication/index.html). Supporting its commitment to education, OTA is hosting a series of DMARC Webinars planned for February 12th and 18th (https://otalliance.org/events/index.html).

"DMARC brings together the business and technical value and is on track to be a baseline security requirement and essential brand and consumer protection tool. Brands which fail to implement DMARC at their top-level domain are putting their customers and employees at an unacceptable risk to the spread of fraudulent and malicious email," said Craig Spiezle, Executive Director & President of OTA.

BITS is publishing an Email Authentication Guide to its members and supports the effort by offering a Trusted Email Registry program for its members that includes DMARC support.

"Even as other communication channels are gaining momentum, email remains a well-used, established communication channel for consumers. Unfortunately, it also remains a mechanism used by cyber criminals to lure victims into providing private information or to implant malicious software. Email authentication is critical to protect consumers from harm and potential fraud," said Paul Smocer, BITS president. "BITS is pleased to provide ongoing support to DMARC as it progresses its efforts in bringing stakeholders together -- email and service providers with financial institutions -- to enable email senders and receivers to collaborate via DMARC specifications for strong email authentication. These efforts will help all consumers and in particular, customers of financial services institutions."

Interested organizations are encouraged to read the specification, join the dmarc-discuss mailing list at www.dmarc.org, and begin testing and deploying email authentication standards SPF, DKIM, and DMARC. DMARC.org members will be participating in discussions about the specification at MAAWG and RSA conferences in February. See www.dmarc.org for details.

About DMARC.org
DMARC.org (Domain-based Message Authentication, Reporting and Conformance) is an unincorporated working group made up of many of the world's leading email providers (AOL, Comcast, Google, Hotmail, NetEase, Yahoo! Mail), financial institutions and service providers (Bank of America, Fidelity Investments, J.P. Morgan Chase, PayPal), social media properties (American Greetings, Facebook, LinkedIn) and email security solutions providers (Agari, Cloudmark, Return Path, Trusted Domain Project). The group is dedicated to developing Internet standards to reduce the threat of email phishing and to improve coordination between email providers and mail sender domain owners.

The DMARC specification and further information can be found at www.dmarc.org.

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact:
Suzanne Matick
for DMARC.org
suzanne [at] matick.net
831-479-1888 Pacific time zone

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@ThingsExpo Stories
The true value of the Internet of Things (IoT) lies not just in the data, but through the services that protect the data, perform the analysis and present findings in a usable way. With many IoT elements rooted in traditional IT components, Big Data and IoT isn’t just a play for enterprise. In fact, the IoT presents SMBs with the prospect of launching entirely new activities and exploring innovative areas. CompTIA research identifies several areas where IoT is expected to have the greatest impact.
Wearable devices have come of age. The primary applications of wearables so far have been "the Quantified Self" or the tracking of one's fitness and health status. We propose the evolution of wearables into social and emotional communication devices. Our BE(tm) sensor uses light to visualize the skin conductance response. Our sensors are very inexpensive and can be massively distributed to audiences or groups of any size, in order to gauge reactions to performances, video, or any kind of presentation. In her session at @ThingsExpo, Jocelyn Scheirer, CEO & Founder of Bionolux, will discuss ho...
Cloud data governance was previously an avoided function when cloud deployments were relatively small. With the rapid adoption in public cloud – both rogue and sanctioned, it’s not uncommon to find regulated data dumped into public cloud and unprotected. This is why enterprises and cloud providers alike need to embrace a cloud data governance function and map policies, processes and technology controls accordingly. In her session at 15th Cloud Expo, Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems, will focus on how to set up a cloud data governance program and s...
The Workspace-as-a-Service (WaaS) market will grow to $6.4B by 2018. In his session at 16th Cloud Expo, Seth Bostock, CEO of IndependenceIT, will begin by walking the audience through the evolution of Workspace as-a-Service, where it is now vs. where it going. To look beyond the desktop we must understand exactly what WaaS is, who the users are, and where it is going in the future. IT departments, ISVs and service providers must look to workflow and automation capabilities to adapt to growing demand and the rapidly changing workspace model.
As organizations shift toward IT-as-a-service models, the need for managing and protecting data residing across physical, virtual, and now cloud environments grows with it. CommVault can ensure protection &E-Discovery of your data – whether in a private cloud, a Service Provider delivered public cloud, or a hybrid cloud environment – across the heterogeneous enterprise. In his session at 16th Cloud Expo, Randy De Meno, Chief Technologist - Windows Products and Microsoft Partnerships, will discuss how to cut costs, scale easily, and unleash insight with CommVault Simpana software, the only si...
Hadoop as a Service (as offered by handful of niche vendors now) is a cloud computing solution that makes medium and large-scale data processing accessible, easy, fast and inexpensive. In his session at Big Data Expo, Kumar Ramamurthy, Vice President and Chief Technologist, EIM & Big Data, at Virtusa, will discuss how this is achieved by eliminating the operational challenges of running Hadoop, so one can focus on business growth. The fragmented Hadoop distribution world and various PaaS solutions that provide a Hadoop flavor either make choices for customers very flexible in the name of opti...
Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 16th Cloud Expo at the Javits Center in New York June 9-11 will find fresh new content in a new track called PaaS | Containers & Microservices Containers are not being considered for the first time by the cloud community, but a current era of re-consideration has pushed them to the top of the cloud agenda. With the launch of Docker's initial release in March of 2013, interest was revved up several notches. Then late last...
Roberto Medrano, Executive Vice President at SOA Software, had reached 30,000 page views on his home page - http://RobertoMedrano.SYS-CON.com/ - on the SYS-CON family of online magazines, which includes Cloud Computing Journal, Internet of Things Journal, Big Data Journal, and SOA World Magazine. He is a recognized executive in the information technology fields of SOA, internet security, governance, and compliance. He has extensive experience with both start-ups and large companies, having been involved at the beginning of four IT industries: EDA, Open Systems, Computer Security and now SOA.
HP and Aruba Networks on Monday announced a definitive agreement for HP to acquire Aruba, a provider of next-generation network access solutions for the mobile enterprise, for $24.67 per share in cash. The equity value of the transaction is approximately $3.0 billion, and net of cash and debt approximately $2.7 billion. Both companies' boards of directors have approved the deal. "Enterprises are facing a mobile-first world and are looking for solutions that help them transition legacy investments to the new style of IT," said Meg Whitman, Chairman, President and Chief Executive Officer of HP...
The industrial software market has treated data with the mentality of “collect everything now, worry about how to use it later.” We now find ourselves buried in data, with the pervasive connectivity of the (Industrial) Internet of Things only piling on more numbers. There’s too much data and not enough information. In his session at @ThingsExpo, Bob Gates, Global Marketing Director, GE’s Intelligent Platforms business, to discuss how realizing the power of IoT, software developers are now focused on understanding how industrial data can create intelligence for industrial operations. Imagine ...
Operational Hadoop and the Lambda Architecture for Streaming Data Apache Hadoop is emerging as a distributed platform for handling large and fast incoming streams of data. Predictive maintenance, supply chain optimization, and Internet-of-Things analysis are examples where Hadoop provides the scalable storage, processing, and analytics platform to gain meaningful insights from granular data that is typically only valuable from a large-scale, aggregate view. One architecture useful for capturing and analyzing streaming data is the Lambda Architecture, representing a model of how to analyze rea...
SYS-CON Events announced today that Vitria Technology, Inc. will exhibit at SYS-CON’s @ThingsExpo, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Vitria will showcase the company’s new IoT Analytics Platform through live demonstrations at booth #330. Vitria’s IoT Analytics Platform, fully integrated and powered by an operational intelligence engine, enables customers to rapidly build and operationalize advanced analytics to deliver timely business outcomes for use cases across the industrial, enterprise, and consumer segments.
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
SYS-CON Events announced today that Open Data Centers (ODC), a carrier-neutral colocation provider, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place June 9-11, 2015, at the Javits Center in New York City, NY. Open Data Centers is a carrier-neutral data center operator in New Jersey and New York City offering alternative connectivity options for carriers, service providers and enterprise customers.
The explosion of connected devices / sensors is creating an ever-expanding set of new and valuable data. In parallel the emerging capability of Big Data technologies to store, access, analyze, and react to this data is producing changes in business models under the umbrella of the Internet of Things (IoT). In particular within the Insurance industry, IoT appears positioned to enable deep changes by altering relationships between insurers, distributors, and the insured. In his session at @ThingsExpo, Michael Sick, a Senior Manager and Big Data Architect within Ernst and Young's Financial Servi...
PubNub on Monday has announced that it is partnering with IBM to bring its sophisticated real-time data streaming and messaging capabilities to Bluemix, IBM’s cloud development platform. “Today’s app and connected devices require an always-on connection, but building a secure, scalable solution from the ground up is time consuming, resource intensive, and error-prone,” said Todd Greene, CEO of PubNub. “PubNub enables web, mobile and IoT developers building apps on IBM Bluemix to quickly add scalable realtime functionality with minimal effort and cost.”
Sensor-enabled things are becoming more commonplace, precursors to a larger and more complex framework that most consider the ultimate promise of the IoT: things connecting, interacting, sharing, storing, and over time perhaps learning and predicting based on habits, behaviors, location, preferences, purchases and more. In his session at @ThingsExpo, Tom Wesselman, Director of Communications Ecosystem Architecture at Plantronics, will examine the still nascent IoT as it is coalescing, including what it is today, what it might ultimately be, the role of wearable tech, and technology gaps stil...
In the consumer IoT, everything is new, and the IT world of bits and bytes holds sway. But industrial and commercial realms encompass operational technology (OT) that has been around for 25 or 50 years. This grittier, pre-IP, more hands-on world has much to gain from Industrial IoT (IIoT) applications and principles. But adding sensors and wireless connectivity won’t work in environments that demand unwavering reliability and performance. In his session at @ThingsExpo, Ron Sege, CEO of Echelon, will discuss how as enterprise IT embraces other IoT-related technology trends, enterprises with i...
When it comes to the Internet of Things, hooking up will get you only so far. If you want customers to commit, you need to go beyond simply connecting products. You need to use the devices themselves to transform how you engage with every customer and how you manage the entire product lifecycle. In his session at @ThingsExpo, Sean Lorenz, Technical Product Manager for Xively at LogMeIn, will show how “product relationship management” can help you leverage your connected devices and the data they generate about customer usage and product performance to deliver extremely compelling and reliabl...
The Internet of Things (IoT) is causing data centers to become radically decentralized and atomized within a new paradigm known as “fog computing.” To support IoT applications, such as connected cars and smart grids, data centers' core functions will be decentralized out to the network's edges and endpoints (aka “fogs”). As this trend takes hold, Big Data analytics platforms will focus on high-volume log analysis (aka “logs”) and rely heavily on cognitive-computing algorithms (aka “cogs”) to make sense of it all.