A group of more than a dozen major email providers and technology giants have announced new email authentication standards that they say could help reduce spam and phishing.
Domain-based Message Authentication, Reporting and Conformance (DMARC) is being supported by Google, Facebook, LinkedIN and PayPal among others, with the hope that the technology can be adopted and scale. DMARC uses the SPF and DKIM mechanisms, which work on the basis of verifying sender IP addresses and domain names.
The working group intends to submit its DMARC specification to the IETF for standardization. The goal is to roll out the standard so service providers and enterprises can verify their support the domain key authentication specifications on their email servers. Under the standards, banks, e-commerce providers would attach a cryptographic digital signature to each message. Meanwhile email providers would verify IP addresses to block spam.
“A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes - such as junk or reject the message,” according to the working group.
The standard is also being rolled out to enable recipients report back to the sender whether the message failed to authenticate properly or other problems exist.
PayPal has been using SPF and DKIM with Yahoo since 2007. The company also works with Gmail to authenticate its emails. In addition to PayPal, the working group lists six other early adopters, including Google, LinkedIN, Return Path, American Greetings and Agari.