Enter the aforementioned titans who along with PayPal, LinkedIn, Bank Of America and others are getting lots of press about a proposed new internet standard called DMARC, or Domain-based Message Authentication, Reporting & Conformance. Some of the headlines noted by Sophos in a recent blog post:
Google, Microsoft Say DMARC Spec Stops Phishing (Information Week)
Google, Facebook, Microsoft in PHISH-FIGHTING smackdown (Channel Register)
[DMARC] could dramatically slash the amount of spam received by hundreds of millions of people (Financial Review)
If you’re responsible for the mail infrastructure in your organisation, you might be a little sceptical at this point. You’re probably asking yourself, “What happened to SPF and DKIM, which themselves were going to be the scourge of spammers?”
The answer to your sceptical [sic] question about DMARC is that it doesn’t replace SPF or DKIM, and it doesn’t replace your current email security and control solution. In fact, it is predicated upon them, to the point that DMARC’s official first step in its implementation guidelines is:
* Deploy DKIM & SPF. You have to cover the basics first.
So, will it work? We can only hope.]]>