Large companies introduce a new system to protect against phishing attacks

Standard DMARC designed to authenticate e-mails.

Large companies such as Google, Facebook, Yahoo, PayPal, LinkedIn, AOL, Bank of America and others, have developed a standard for handling e-mail, designed to combat phishing attacks. Standard DMARC (Domain-based Message Authentication, Reporting & Conformance) allows relatively precise filter and block the transfer of messages sent to defrauding the user of important information.

For message authentication DMARC involves the use of “domain keys» (DomainKeys), which present the data packets that are encrypted information stored on the sender of the message. The authentication system will allow the recipient to verify that the sender of the incoming message is the one for whom it is.

Senders often use standards such as SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) to authenticate a message, but recipients of mail can not be fully guaranteed rely on them. DMARC goal is to introduce a centralized mechanism for message authentication in the infrastructure of e-mail provider. After you run the system themselves senders can establish security policies, or use features that the default service provider. In DMARC also provides a mechanism to send the recipient a detailed report of blocked messages.

One of the founders of the company’s certification of e-mail Return Path George Bilbrey (George Bilbrey) said that, for the correct operation of the new system, it must maintain, as the organization of the sender and the recipient organization. According to experts, to make a global transition to a new standard for electronic communications does not require a large amount of time or resources, since it already supports most major email providers.

“We did not get rid of phishing completely but this is a big step forward,” – said Bilbrey.

To view the specifications of DMARC visit here.

Tagged , , , , , , , , , , , , , , , ,