Tech giants including Google, Facebook, Microsoft and Yahoo! have combined forces to form a new alliance that aims to eliminate huge amounts of email spam and reduce the impact of phishing attacks on unsuspecting users.
Cnet reports that the alliance will announce today the “Domain-based Message Authentication, Reporting & Conformance (DMARC) initiative, a new technical specification that will “reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.”
The standard will allow Google, Microsoft, Facebook and Yahoo! to offer their users consistent authorisation results for their messages from Gmail, Hotmail and other services, thus improving the reliability of email and encouraging people to place more trust in the medium.
The DMARC initiative is an expansion of an anti-phishing initiative by Agari, which Google, Microsoft, Yahoo! and AOL joined to help authenticate platforms operated by Facebook, YouSendIt and other services.
The founding contributors include:
- Receivers: AOL, GMail, Hotmail, Yahoo! Mail
- Senders: American Greetings, Bank of America, Facebook, Fidelity, LinkedIn, Paypal
- Intermediaries & Vendors: Agari, Cloudmark, eCert, ReturnPath, Trusted Domain Project
Today’s announcement sees other companies join the alliance, ensuring that messages sent between some of the world’s biggest companies can be authenticated and trusted.
The DMARC policies have been published in the public Domain Name System (DNS) and are available to everyone. The next step is to submit the specification as an official Internet standard (as noted on the DMARC website):
It is the goal of DMARC.org to submit the draft specification to the IETF so that it may begin the process of becoming an official Internet Standard RFC – available to everyone for reference, implementation, and improvement.
Google says that in the two years it has been involved in DMARC, it has seen 15% of non-spam messages in Gmail coming from domains protected by DMARC.
Whilst the standard is still in the development stages, it already has major backing. Should DMARC.org see its work adopted as the formal way to authenticate messages, we could soon see a huge reduction in the number of Spam and phishing emails we receive.