Posted: 31st Jan, 2012 By: MarkJ

Return Path, a global email certification and reputation monitoring company, has joined
Google,
AOL,
Yahoo!,
Microsoft and many others in helping to found the new
DMARC (Domain-based Message Authentication, Reporting & Conformance) technical specification that will be used to
combat malicious and unauthenticated email (i.e.
SPAM).
Sadly
Phishing attacks make up a significant chunk of modern SPAM email. This refers to the fraudulent use of legitimate / trustworthy business images, such as those
fake PayPal or bank messages, which attempt to fool users into parting with their personal, financial or other private information.
The new DMARC specification aims to tackle the problem by solving a couple of "
long-standing operational, deployment, and reporting issues" related to email authentication protocols.
What is DMARC?
DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC.
A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes - such as junk or reject the message.
DMARC removes guesswork from the receiver's handling of these failed messages, limiting or eliminating the user's exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.
The new technology could represent a significant step forward in the fight against fraudulent email. However it's adoption will remain limited unless DMARC can achieve its goal of getting their draft specification submitted and approved as an official
Internet Standard RFC by the
Internet Engineering Task Force (IETF).
Matt Blumberg, CEO of Return Path, explained:
"Email has changed the way the world communicates. But many of the attributes that have made it great – it’s openness, it’s interoperability – have also made it vulnerable to malicious activity. The beauty of DMARC is that it attempts to address the security threats to the email ecosystem without impacting its utility as a communication channel.
Return Path is proud to support the DMARC standard and we encourage companies to implement it as quickly as they can. Fast, widespread adoption of DMARC will make a significant dent in scammers ability to perpetuate crime through email."
The first draft DMARC specification (v0.1) has already been released and a number of organizations, such as Return Path, are already deploying it. However new internet standards usually take time to fully develop and many ISPs might not adopt it until that process has completed. But hopefully one day soon we will all benefit from seeing fewer fraudulent messages, at least until the spammers find another way of distributing their c**p.