Microsoft Cloud Authors: Jim Kaskade, Lori MacVittie, Andreas Grabner, Janakiram MSV, Pat Romanski

News Feed Item

In First Year, DMARC Protects 60 Percent of Global Consumer Mailboxes

SAN JOSE, CA -- (Marketwire) -- 02/06/13 -- DMARC.org, an industry collaborative working to increase email trust, announced today that the DMARC standard now protects almost two-thirds of the world's 3.3 billion consumer mailboxes worldwide. First announced January 2012, DMARC marshals the forces of leading brands and email suppliers to combat rampant email deception and fraud, such as spam and phishing. The mailbox providers who have implemented DMARC represent roughly 80 percent of consumer inboxes in the United States. The standard has also been implemented at leading mailbox providers in the Netherlands, China, and Russia, representing hundreds of millions of mailboxes.

"DMARC is a testimony to private sector and market-driven collaboration to combat a real problem on the Internet," said Trent Adams, chair of DMARC.org and senior policy advisor at PayPal. "The successful adoption of DMARC has been phenomenal. And the effectiveness proves that any brand owner interested in increasing protection of their email stream should deploy DMARC today."

On the sender side, DMARC is seeing wide acceptance, especially by very high-volume mailers. Data provided by DMARC member companies shows that 10 of 20 domains with the highest sending volumes are now implementing DMARC, including many companies beyond the original DMARC.org consortium. The implementation of DMARC by mailbox providers and mail senders is having a measurable impact on consumers -- with more than 325 million messages rejected in November and December 2012 alone, by mailbox providers because they failed the DMARC authentication check.

"Despite being one of the world's largest email senders, we only require a handful of individuals to maintain all of Facebook's email security efforts thanks to DMARC," said Michael Adkins, Messaging Engineer, Facebook. "DMARC's powerful controls protect over 85% of our users from fraudulent email that claims to be from Facebook, and that's after just one year. Add in the visibility and insight provided by DMARC's reporting features and a very small team can have a huge impact on phishing."

DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance, builds on previous email authentication advancements, SPF and DKIM, with strong protection of the author's address (From field) and creating a feedback loop from receivers back to legitimate email senders. This makes impersonation of the author's address difficult for phishers who are trying to send fraudulent email. Brands can use DMARC to easily notify email providers how to recognize and manage fraudulent mail, while also providing a means by which the receiver can report on fraudulent messages to the owner of the spoofed domain. Messages that pass DMARC validation will continue to be evaluated by the mailbox provider to determine ultimate placement of the message according to its spam-detection filters.

DMARC Performance by the Numbers

DMARC successfully addresses concerns that previously hindered widespread adoption and mass deployment of trusted email authentication solutions. The standards-based framework of DMARC establishes a foundational feedback loop so email senders and receivers communicate automatically about potential abuse. As more senders embrace DMARC, global protection against fraudulent email will continue to increase. Compelling data reported by Trend Micro, claims that 91 percent of targeted attacks involve highly tailored spear-phishing emails (http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf). Senders can use DMARC to defend their brands against becoming a vector of attack.

In its first year, DMARC:

  • Protects 60 percent of the world's email boxes or 1.976 billion of the estimated 3.3 billion email boxes worldwide. (http://www.email-marketing-reports.com/metrics/email-statistics.htm)

  • Has been adopted by the world's largest consumer email providers- AOL, Comcast, Google, Mail.ru, Microsoft, NetEase, Xs4All, and Yahoo!.

  • Can claim 50 percent of the top 20 sending domains publish a DMARC policy, with 70 percent of those domains asserting a policy that directs receivers to take action against unauthenticated messages.

  • Sender adoption exceeds the original DMARC.org membership, with 60 percent of the top sending domains publishing policy coming from companies not directly affiliated with DMARC.org.

  • Rejected hundreds of millions of potentially fraudulent messages from domains publishing a DMARC reject policy. As an example, in November and December 2012, more than 325 million messages were rejected as purporting to be "From" domains with a DMARC reject policy. Of those messages, 49 million were from highly phished domains*.

  • Protects 80 percent of US typical consumer mailboxes.

* Highly phished domains = Domains with a DMARC reject policy and more than 10 percent of all messages purporting to be from that domain failing authentication checks.

Service Providers Embrace DMARC

Mailbox providers who have deployed DMARC include AOL, Comcast, Google, Mail.ru, Microsoft, NetEase, Xs4All, and Yahoo!.

"DMARC implementation is of utmost importance to Microsoft as we protect our millions of email users against phishing and online fraud. At Microsoft, we want our users to be able to trust messages that appear in their inbox. The increasing global adoption is a cumulative effect; the more email sending brands that use DMARC, the broader the protection offered against phishing," said Krish Vitaldevara, Outlook.com's principal group program manager.

"We are excited with how quickly DMARC has been adopted in China, and we are pleased to be part of the effort," said Junping Chen, Senior Mail Security Officer at NetEase. "NetEase had more than 530 million mailbox users at the end of 2012 and is the first DMARC implementer in China. We estimate that DMARC protection already applies to over 50 percent of all Chinese consumer mailboxes, and adoption is accelerating."

"DMARC has reduced the risk of phishing for Gmail users by enabling us to effectively reject suspicious, unauthenticated messages that come from DMARC senders with a reject policy," said Adam Dawes, Product Manager at Google. "This capability gives users instant protection against zero hour phishing attacks and provides better assurance that spam classifications are accurate."

"Every day, email users are potentially exposed to a wide range of abusive emails -- from spam, to phishing attacks, to potential malware that can take over a computer. To combat this abuse, Yahoo! helped create the DMARC specification which now helps us recognize and prevent forged or spoofed emails from reaching our users," said Raj Ramaswamy, senior director, Yahoo! Mail. "We're encouraged to see the rapid global adoption of DMARC because it will keep all email users safer."

"DMARC helps protect AOL users from fraud and phishing attacks, which in turn helps our users trust the email they see in their inbox. After year one, we are seeing positive results from these efforts," said Jim Sargent, Anti-Spam Technology Development and Operations Manager, AOL. "AOL is proud to be a DMARC.org founding member and we see worldwide support for the standard. It's very gratifying to see the growth, expansion and innovation possible now with DMARC enabling greater trust in the email channel."

Leading Brands Rely on DMARC to Preserve Reputation and Protect Constituents

Brands, or email senders, have accelerated DMARC adoption. Compelled to ensure their brands' integrity with consumers, brands employ DMARC to ensure the authenticity of their emails and guard millions of would-be targets from popular phishing schemes that attempt to exploit them.

Leading brands across industry use DMARC, including Amazon, American Greetings, Apple, Bank of America, Blizzard Entertainment, Booking.com, eBay, Facebook, FedEx, Fidelity Investments, Google, Groupon, JP Morgan Chase, LinkedIn, LivingSocial, Netflix, PayPal, Tagged, Twitter, Western Union, Yelp, YouTube, and Zynga.**

** Brands in this list have been identified by publicly discoverable DMARC records available in the DNS.

Industry experts have embraced DMARC as a market-driven solution to secure the email channel against phishing and fraud. Active contributors participate through the open DMARC-Discuss email group (http://www.dmarc.org/participate.html). ISPs, brands, and security vendors collaboratively address issues and share information regarding the specification. This participation, combined with the DMARC Interoperability Workshop held at Facebook headquarters in July 2012, and global operational experience has continued to improve the specification in the past year.

Industry Associations Promote DMARC Awareness and Adoption

Leading industry groups have embraced DMARC and encourage their member companies to use DMARC to protect their brands and their audiences against nefarious phishing scams. The Financial Services - Information Sharing and Analysis Center (FS-ISAC), BITS - The Financial Services Round Table, and the Online Trust Alliance (OTA) have joined the DMARC.org efforts to benefit those most targeted by phishing.

The Messaging, Mobile, & Malware Anti-Abuse Working Group (M3AAWG) was instrumental in helping to incubate the DMARC specification, as well as providing ongoing education to its members and the public. As a commitment to the email ecosystem, they released a free video training series published on February 4th (http://www.maawg.org).

"M3AAGW has been supporting the development of DMARC since its inception at our M3AAWG meetings as part of our mission to combat messaging abuse," said Jerry Upton, M3AAWG Executive Director. "In addition, the DMARC training sessions we've hosted over the last year have all exceeded capacity, indicating the industry's high level of interest for this new, exceptionally useful technology."

Founded in 2004 to advance the business and brand protection value of email authentication, OTA provides ongoing education by way of its Email Authentication Training Academy, Email Authentication Deployment Guide for Senders, and annual adoption scorecard tracking adoption of the world's largest banks, commerce sites and social network sites (https://otalliance.org/resources/authentication/index.html). Supporting its commitment to education, OTA is hosting a series of DMARC Webinars planned for February 12th and 18th (https://otalliance.org/events/index.html).

"DMARC brings together the business and technical value and is on track to be a baseline security requirement and essential brand and consumer protection tool. Brands which fail to implement DMARC at their top-level domain are putting their customers and employees at an unacceptable risk to the spread of fraudulent and malicious email," said Craig Spiezle, Executive Director & President of OTA.

BITS is publishing an Email Authentication Guide to its members and supports the effort by offering a Trusted Email Registry program for its members that includes DMARC support.

"Even as other communication channels are gaining momentum, email remains a well-used, established communication channel for consumers. Unfortunately, it also remains a mechanism used by cyber criminals to lure victims into providing private information or to implant malicious software. Email authentication is critical to protect consumers from harm and potential fraud," said Paul Smocer, BITS president. "BITS is pleased to provide ongoing support to DMARC as it progresses its efforts in bringing stakeholders together -- email and service providers with financial institutions -- to enable email senders and receivers to collaborate via DMARC specifications for strong email authentication. These efforts will help all consumers and in particular, customers of financial services institutions."

Interested organizations are encouraged to read the specification, join the dmarc-discuss mailing list at www.dmarc.org, and begin testing and deploying email authentication standards SPF, DKIM, and DMARC. DMARC.org members will be participating in discussions about the specification at MAAWG and RSA conferences in February. See www.dmarc.org for details.

About DMARC.org
DMARC.org (Domain-based Message Authentication, Reporting and Conformance) is an unincorporated working group made up of many of the world's leading email providers (AOL, Comcast, Google, Hotmail, NetEase, Yahoo! Mail), financial institutions and service providers (Bank of America, Fidelity Investments, J.P. Morgan Chase, PayPal), social media properties (American Greetings, Facebook, LinkedIn) and email security solutions providers (Agari, Cloudmark, Return Path, Trusted Domain Project). The group is dedicated to developing Internet standards to reduce the threat of email phishing and to improve coordination between email providers and mail sender domain owners.

The DMARC specification and further information can be found at www.dmarc.org.

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact:
Suzanne Matick
for DMARC.org
suzanne [at] matick.net
831-479-1888 Pacific time zone

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@ThingsExpo Stories
November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Penta Security is a leading vendor for data security solutions, including its encryption solution, D’Amo. By using FPE technology, D’Amo allows for the implementation of encryption technology to sensitive data fields without modification to schema in the database environment. With businesses having their data become increasingly more complicated in their mission-critical applications (such as ERP, CRM, HRM), continued ...
SYS-CON Events announced today that Enzu will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their online busine...
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
Established in 1998, Calsoft is a leading software product engineering Services Company specializing in Storage, Networking, Virtualization and Cloud business verticals. Calsoft provides End-to-End Product Development, Quality Assurance Sustenance, Solution Engineering and Professional Services expertise to assist customers in achieving their product development and business goals. The company's deep domain knowledge of Storage, Virtualization, Networking and Cloud verticals helps in delivering ...
SYS-CON Events announced today that Cloudbric, a leading website security provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Cloudbric is an elite full service website protection solution specifically designed for IT novices, entrepreneurs, and small and medium businesses. First launched in 2015, Cloudbric is based on the enterprise level Web Application Firewall by Penta Security Sys...
The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
In the next five to ten years, millions, if not billions of things will become smarter. This smartness goes beyond connected things in our homes like the fridge, thermostat and fancy lighting, and into heavily regulated industries including aerospace, pharmaceutical/medical devices and energy. “Smartness” will embed itself within individual products that are part of our daily lives. We will engage with smart products - learning from them, informing them, and communicating with them. Smart produc...
SYS-CON Events announced today that 910Telecom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Housed in the classic Denver Gas & Electric Building, 910 15th St., 910Telecom is a carrier-neutral telecom hotel located in the heart of Denver. Adjacent to CenturyLink, AT&T, and Denver Main, 910Telecom offers connectivity to all major carriers, Internet service providers, Internet backbones and ...
SYS-CON Events announced today that Coalfire will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Coalfire is the trusted leader in cybersecurity risk management and compliance services. Coalfire integrates advisory and technical assessments and recommendations to the corporate directors, executives, boards, and IT organizations for global brands and organizations in the technology, cloud, health...
SYS-CON Events announced today that Transparent Cloud Computing (T-Cloud) Consortium will exhibit at the 19th International Cloud Expo®, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. The Transparent Cloud Computing Consortium (T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data proces...
WebRTC defines no default signaling protocol, causing fragmentation between WebRTC silos. SIP and XMPP provide possibilities, but come with considerable complexity and are not designed for use in a web environment. In his session at @ThingsExpo, Matthew Hodgson, technical co-founder of the Matrix.org, discussed how Matrix is a new non-profit Open Source Project that defines both a new HTTP-based standard for VoIP & IM signaling and provides reference implementations.
The Internet of Things (IoT), in all its myriad manifestations, has great potential. Much of that potential comes from the evolving data management and analytic (DMA) technologies and processes that allow us to gain insight from all of the IoT data that can be generated and gathered. This potential may never be met as those data sets are tied to specific industry verticals and single markets, with no clear way to use IoT data and sensor analytics to fulfill the hype being given the IoT today.
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
We're entering the post-smartphone era, where wearable gadgets from watches and fitness bands to glasses and health aids will power the next technological revolution. With mass adoption of wearable devices comes a new data ecosystem that must be protected. Wearables open new pathways that facilitate the tracking, sharing and storing of consumers’ personal health, location and daily activity data. Consumers have some idea of the data these devices capture, but most don’t realize how revealing and...
A completely new computing platform is on the horizon. They’re called Microservers by some, ARM Servers by others, and sometimes even ARM-based Servers. No matter what you call them, Microservers will have a huge impact on the data center and on server computing in general. Although few people are familiar with Microservers today, their impact will be felt very soon. This is a new category of computing platform that is available today and is predicted to have triple-digit growth rates for some ...
SYS-CON Events announced today that MathFreeOn will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MathFreeOn is Software as a Service (SaaS) used in Engineering and Math education. Write scripts and solve math problems online. MathFreeOn provides online courses for beginners or amateurs who have difficulties in writing scripts. In accordance with various mathematical topics, there are more tha...
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, will be adding the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor...
SYS-CON Events announced today that SoftNet Solutions will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. SoftNet Solutions specializes in Enterprise Solutions for Hadoop and Big Data. It offers customers the most open, robust, and value-conscious portfolio of solutions, services, and tools for the shortest route to success with Big Data. The unique differentiator is the ability to architect and ...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this ...