Several email providers that normally compete with one another, like Google Gmail and Microsoft Hotmail, have teamed up in an effort to better protect email users from spam and fraudulent messages. The new system is called DMARC, short for Domain-based Message Authentication, Reporting & Conformance. With a united front, the war against spam may have a powerful new weapon.
The more jaded among us may think that this is too much to hope for, but this new approach to detecting deceptive email messages, which was announced this morning, certainly has the potential to at help. Essentially, email messages will now have to go through an additional level of authentication to better ensure (to the extent that it can be ensured) that they are being sent from a legitimate sender. For example, there has been a recent influx of fraudulent messages allegedly sent from the Better Business Bureau which are not in fact sent from the BBB. Over the last week or so, we received tons of these emails (thankfully caught by our spam filters) from vague email addresses, like firstname.lastname@example.org, with subjects that are equally vague, like “Notice: pending transaction.” For anyone who has dealings with the BBB, these email messages could easily be interpreted as legitimate, and hence the problem.
With DMARC in place, which does not replace existing validation tools, but merely supplements them, email services will be better able to cooperate with senders, senders who, for instance, might own a web domain that is associated with their email address. The system works like this:
|Get notified of new Internet Patrol articles for free!
|Or Read Internet Patrol Articles Right in Your Inbox!
as Soon as They are Published! Only $1 a Month!
Imagine being able to read full articles right in your email, or on your phone, without ever having to click through to the website unless you want to! Just $1 a month and you can cancel at any time!
Someone composes an email message and clicks “send.” The sending mail server inserts a special header, and then this header is used to evaluate the email to determine if it is from a legitimate source. (This all occurs after standard authentication tests, which rely on such factors as the email sender’s reputation, have run their course.) If the email message is deemed legitimate, it will be passed along to the intended recipient, where it still must pass through whatever security tools the user may have in place, like anti-spam filters. All of this is explained in more detail in the diagram below, provided by the group responsible for this project.
Again, DMARC is just an additional layer of security that email messages must pass through to get to your inbox. With this system in place, it will be harder to trick users into, say, downloading malware. With a bit of luck (assuming this additional approach to email authentication works), this will become an industry-wide practice. The system has actually been in place for several years, with PayPal and Yahoo Mail serving as the original alliance, but it has now spread to an impressive list of participants, including such heavyweights as Facebook and LinkedIn, in addition to the already-mentioned Google, Microsoft, and Yahoo.
Sounds good to us. We’re happy with anything that might eliminate those fake “Better Business Bureau” emails that we are so sick of getting.
But even more importantly, we love it when industry-leading organizations who are so often at odds sit down together, roll up their sleeves, and work together for the good of the whole.
No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free? Thank you!
|Get notified of new Internet Patrol articles!