Welcome!

API Journal Authors: Liz McMillan, Pat Romanski, Elizabeth White, Carmen Gonzalez, Jonathan Fries

News Feed Item

In First Year, DMARC Protects 60 Percent of Global Consumer Mailboxes

SAN JOSE, CA -- (Marketwire) -- 02/06/13 -- DMARC.org, an industry collaborative working to increase email trust, announced today that the DMARC standard now protects almost two-thirds of the world's 3.3 billion consumer mailboxes worldwide. First announced January 2012, DMARC marshals the forces of leading brands and email suppliers to combat rampant email deception and fraud, such as spam and phishing. The mailbox providers who have implemented DMARC represent roughly 80 percent of consumer inboxes in the United States. The standard has also been implemented at leading mailbox providers in the Netherlands, China, and Russia, representing hundreds of millions of mailboxes.

"DMARC is a testimony to private sector and market-driven collaboration to combat a real problem on the Internet," said Trent Adams, chair of DMARC.org and senior policy advisor at PayPal. "The successful adoption of DMARC has been phenomenal. And the effectiveness proves that any brand owner interested in increasing protection of their email stream should deploy DMARC today."

On the sender side, DMARC is seeing wide acceptance, especially by very high-volume mailers. Data provided by DMARC member companies shows that 10 of 20 domains with the highest sending volumes are now implementing DMARC, including many companies beyond the original DMARC.org consortium. The implementation of DMARC by mailbox providers and mail senders is having a measurable impact on consumers -- with more than 325 million messages rejected in November and December 2012 alone, by mailbox providers because they failed the DMARC authentication check.

"Despite being one of the world's largest email senders, we only require a handful of individuals to maintain all of Facebook's email security efforts thanks to DMARC," said Michael Adkins, Messaging Engineer, Facebook. "DMARC's powerful controls protect over 85% of our users from fraudulent email that claims to be from Facebook, and that's after just one year. Add in the visibility and insight provided by DMARC's reporting features and a very small team can have a huge impact on phishing."

DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance, builds on previous email authentication advancements, SPF and DKIM, with strong protection of the author's address (From field) and creating a feedback loop from receivers back to legitimate email senders. This makes impersonation of the author's address difficult for phishers who are trying to send fraudulent email. Brands can use DMARC to easily notify email providers how to recognize and manage fraudulent mail, while also providing a means by which the receiver can report on fraudulent messages to the owner of the spoofed domain. Messages that pass DMARC validation will continue to be evaluated by the mailbox provider to determine ultimate placement of the message according to its spam-detection filters.

DMARC Performance by the Numbers

DMARC successfully addresses concerns that previously hindered widespread adoption and mass deployment of trusted email authentication solutions. The standards-based framework of DMARC establishes a foundational feedback loop so email senders and receivers communicate automatically about potential abuse. As more senders embrace DMARC, global protection against fraudulent email will continue to increase. Compelling data reported by Trend Micro, claims that 91 percent of targeted attacks involve highly tailored spear-phishing emails (http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf). Senders can use DMARC to defend their brands against becoming a vector of attack.

In its first year, DMARC:

  • Protects 60 percent of the world's email boxes or 1.976 billion of the estimated 3.3 billion email boxes worldwide. (http://www.email-marketing-reports.com/metrics/email-statistics.htm)

  • Has been adopted by the world's largest consumer email providers- AOL, Comcast, Google, Mail.ru, Microsoft, NetEase, Xs4All, and Yahoo!.

  • Can claim 50 percent of the top 20 sending domains publish a DMARC policy, with 70 percent of those domains asserting a policy that directs receivers to take action against unauthenticated messages.

  • Sender adoption exceeds the original DMARC.org membership, with 60 percent of the top sending domains publishing policy coming from companies not directly affiliated with DMARC.org.

  • Rejected hundreds of millions of potentially fraudulent messages from domains publishing a DMARC reject policy. As an example, in November and December 2012, more than 325 million messages were rejected as purporting to be "From" domains with a DMARC reject policy. Of those messages, 49 million were from highly phished domains*.

  • Protects 80 percent of US typical consumer mailboxes.

* Highly phished domains = Domains with a DMARC reject policy and more than 10 percent of all messages purporting to be from that domain failing authentication checks.

Service Providers Embrace DMARC

Mailbox providers who have deployed DMARC include AOL, Comcast, Google, Mail.ru, Microsoft, NetEase, Xs4All, and Yahoo!.

"DMARC implementation is of utmost importance to Microsoft as we protect our millions of email users against phishing and online fraud. At Microsoft, we want our users to be able to trust messages that appear in their inbox. The increasing global adoption is a cumulative effect; the more email sending brands that use DMARC, the broader the protection offered against phishing," said Krish Vitaldevara, Outlook.com's principal group program manager.

"We are excited with how quickly DMARC has been adopted in China, and we are pleased to be part of the effort," said Junping Chen, Senior Mail Security Officer at NetEase. "NetEase had more than 530 million mailbox users at the end of 2012 and is the first DMARC implementer in China. We estimate that DMARC protection already applies to over 50 percent of all Chinese consumer mailboxes, and adoption is accelerating."

"DMARC has reduced the risk of phishing for Gmail users by enabling us to effectively reject suspicious, unauthenticated messages that come from DMARC senders with a reject policy," said Adam Dawes, Product Manager at Google. "This capability gives users instant protection against zero hour phishing attacks and provides better assurance that spam classifications are accurate."

"Every day, email users are potentially exposed to a wide range of abusive emails -- from spam, to phishing attacks, to potential malware that can take over a computer. To combat this abuse, Yahoo! helped create the DMARC specification which now helps us recognize and prevent forged or spoofed emails from reaching our users," said Raj Ramaswamy, senior director, Yahoo! Mail. "We're encouraged to see the rapid global adoption of DMARC because it will keep all email users safer."

"DMARC helps protect AOL users from fraud and phishing attacks, which in turn helps our users trust the email they see in their inbox. After year one, we are seeing positive results from these efforts," said Jim Sargent, Anti-Spam Technology Development and Operations Manager, AOL. "AOL is proud to be a DMARC.org founding member and we see worldwide support for the standard. It's very gratifying to see the growth, expansion and innovation possible now with DMARC enabling greater trust in the email channel."

Leading Brands Rely on DMARC to Preserve Reputation and Protect Constituents

Brands, or email senders, have accelerated DMARC adoption. Compelled to ensure their brands' integrity with consumers, brands employ DMARC to ensure the authenticity of their emails and guard millions of would-be targets from popular phishing schemes that attempt to exploit them.

Leading brands across industry use DMARC, including Amazon, American Greetings, Apple, Bank of America, Blizzard Entertainment, Booking.com, eBay, Facebook, FedEx, Fidelity Investments, Google, Groupon, JP Morgan Chase, LinkedIn, LivingSocial, Netflix, PayPal, Tagged, Twitter, Western Union, Yelp, YouTube, and Zynga.**

** Brands in this list have been identified by publicly discoverable DMARC records available in the DNS.

Industry experts have embraced DMARC as a market-driven solution to secure the email channel against phishing and fraud. Active contributors participate through the open DMARC-Discuss email group (http://www.dmarc.org/participate.html). ISPs, brands, and security vendors collaboratively address issues and share information regarding the specification. This participation, combined with the DMARC Interoperability Workshop held at Facebook headquarters in July 2012, and global operational experience has continued to improve the specification in the past year.

Industry Associations Promote DMARC Awareness and Adoption

Leading industry groups have embraced DMARC and encourage their member companies to use DMARC to protect their brands and their audiences against nefarious phishing scams. The Financial Services - Information Sharing and Analysis Center (FS-ISAC), BITS - The Financial Services Round Table, and the Online Trust Alliance (OTA) have joined the DMARC.org efforts to benefit those most targeted by phishing.

The Messaging, Mobile, & Malware Anti-Abuse Working Group (M3AAWG) was instrumental in helping to incubate the DMARC specification, as well as providing ongoing education to its members and the public. As a commitment to the email ecosystem, they released a free video training series published on February 4th (http://www.maawg.org).

"M3AAGW has been supporting the development of DMARC since its inception at our M3AAWG meetings as part of our mission to combat messaging abuse," said Jerry Upton, M3AAWG Executive Director. "In addition, the DMARC training sessions we've hosted over the last year have all exceeded capacity, indicating the industry's high level of interest for this new, exceptionally useful technology."

Founded in 2004 to advance the business and brand protection value of email authentication, OTA provides ongoing education by way of its Email Authentication Training Academy, Email Authentication Deployment Guide for Senders, and annual adoption scorecard tracking adoption of the world's largest banks, commerce sites and social network sites (https://otalliance.org/resources/authentication/index.html). Supporting its commitment to education, OTA is hosting a series of DMARC Webinars planned for February 12th and 18th (https://otalliance.org/events/index.html).

"DMARC brings together the business and technical value and is on track to be a baseline security requirement and essential brand and consumer protection tool. Brands which fail to implement DMARC at their top-level domain are putting their customers and employees at an unacceptable risk to the spread of fraudulent and malicious email," said Craig Spiezle, Executive Director & President of OTA.

BITS is publishing an Email Authentication Guide to its members and supports the effort by offering a Trusted Email Registry program for its members that includes DMARC support.

"Even as other communication channels are gaining momentum, email remains a well-used, established communication channel for consumers. Unfortunately, it also remains a mechanism used by cyber criminals to lure victims into providing private information or to implant malicious software. Email authentication is critical to protect consumers from harm and potential fraud," said Paul Smocer, BITS president. "BITS is pleased to provide ongoing support to DMARC as it progresses its efforts in bringing stakeholders together -- email and service providers with financial institutions -- to enable email senders and receivers to collaborate via DMARC specifications for strong email authentication. These efforts will help all consumers and in particular, customers of financial services institutions."

Interested organizations are encouraged to read the specification, join the dmarc-discuss mailing list at www.dmarc.org, and begin testing and deploying email authentication standards SPF, DKIM, and DMARC. DMARC.org members will be participating in discussions about the specification at MAAWG and RSA conferences in February. See www.dmarc.org for details.

About DMARC.org
DMARC.org (Domain-based Message Authentication, Reporting and Conformance) is an unincorporated working group made up of many of the world's leading email providers (AOL, Comcast, Google, Hotmail, NetEase, Yahoo! Mail), financial institutions and service providers (Bank of America, Fidelity Investments, J.P. Morgan Chase, PayPal), social media properties (American Greetings, Facebook, LinkedIn) and email security solutions providers (Agari, Cloudmark, Return Path, Trusted Domain Project). The group is dedicated to developing Internet standards to reduce the threat of email phishing and to improve coordination between email providers and mail sender domain owners.

The DMARC specification and further information can be found at www.dmarc.org.

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact:
Suzanne Matick
for DMARC.org
suzanne [at] matick.net
831-479-1888 Pacific time zone

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@ThingsExpo Stories
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, discussed the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
Businesses and business units of all sizes can benefit from cloud computing, but many don't want the cost, performance and security concerns of public cloud nor the complexity of building their own private clouds. Today, some cloud vendors are using artificial intelligence (AI) to simplify cloud deployment and management. In his session at 20th Cloud Expo, Ajay Gulati, Co-founder and CEO of ZeroStack, will discuss how AI can simplify cloud operations. He will cover the following topics: why clou...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
Everyone knows that truly innovative companies learn as they go along, pushing boundaries in response to market changes and demands. What's more of a mystery is how to balance innovation on a fresh platform built from scratch with the legacy tech stack, product suite and customers that continue to serve as the business' foundation. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, discussed why and how ReadyTalk diverted from healthy revenue and mor...
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Dave McCarthy, Director of Products at Bsquare Corporation; Alan Williamson, Principal...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
Successful digital transformation requires new organizational competencies and capabilities. Research tells us that the biggest impediment to successful transformation is human; consequently, the biggest enabler is a properly skilled and empowered workforce. In the digital age, new individual and collective competencies are required. In his session at 19th Cloud Expo, Bob Newhouse, CEO and founder of Agilitiv, drew together recent research and lessons learned from emerging and established compa...
"IoT is going to be a huge industry with a lot of value for end users, for industries, for consumers, for manufacturers. How can we use cloud to effectively manage IoT applications," stated Ian Khan, Innovation & Marketing Manager at Solgeniakhela, in this SYS-CON.tv interview at @ThingsExpo, held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA.
Financial Technology has become a topic of intense interest throughout the cloud developer and enterprise IT communities. Accordingly, attendees at the upcoming 20th Cloud Expo at the Javits Center in New York, June 6-8, 2017, will find fresh new content in a new track called FinTech.
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
"At ROHA we develop an app called Catcha. It was developed after we spent a year meeting with, talking to, interacting with senior citizens watching them use their smartphones and talking to them about how they use their smartphones so we could get to know their smartphone behavior," explained Dave Woods, Chief Innovation Officer at ROHA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2017 New York. The 20th Cloud Expo and 7th @ThingsExpo will take place on June 6-8, 2017, at the Javits Center in New York City, NY. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Internet to enable us all to im...
We are always online. We access our data, our finances, work, and various services on the Internet. But we live in a congested world of information in which the roads were built two decades ago. The quest for better, faster Internet routing has been around for a decade, but nobody solved this problem. We’ve seen band-aid approaches like CDNs that attack a niche's slice of static content part of the Internet, but that’s it. It does not address the dynamic services-based Internet of today. It does...
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.