How will DMARC stop phishing?

sspade

It's not often that Facebook, Microsoft, Yahoo, Google, et. al team up to do anything together, but apparently they are going to turn their collective attention to stopping phishing. I just looked at my spam folder, and there were dozen of phishing attempts in there, which is a testament to Gmail's spam filter. Domain-based Message Authentication, Reporting and Conformance, or DMARC is intended to stop phishing to point that attempts never even reach the spam folder, which would be a very good thing. Let's face it, while most of the folks here wouldn't fall for it, there are people every day that open up that message that looks like it is from Paypal or whoever, and gladly send off their account information to criminals. How is DMARC going to stop this, and will the "phishermen" find a way around it anyway?

Topic: Security
Answer this Question

Answers

2 total
jimlynch
Vote Up (17)

I think the jury will be out on this for a while. Hopefully it will help, but spammers are quite clever and might find some way around it. Also, let's face it. Some people are just stupid or careless, so I suspect we'll have till have problems even with this new system. You can't really get rid of this altogether given that a lot of it depends on human judgement and some people have very poor judgement indeed.

Here's more info about DMARC:

http://dmarc.org/

"DMARC - What is it?

DMARC, which stands for "Domain-based Message Authentication, Reporting & Conformance", is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.

DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIM mechanisms. This means that senders will experience consistent authentication results for their messages at AOL, Gmail, Hotmail, Yahoo! and any other email receiver implementing DMARC. We hope this will encourage senders to more broadly authenticate their outbound email which can make email a more reliable way to communicate.

Why is DMARC Important?

With the rise of the social internet and the ubiquity of e-commerce, spammers and phishers have a tremendous financial incentive to compromise user accounts, enabling theft of passwords, bank accounts, credit cards, and more. Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well known brand into an email gives it instant legitimacy with many users.

Users can't tell a real message from a fake one, and large mailbox providers have to make very difficult (and frequently incorrect) choices about which messages to deliver and which ones might harm users. Senders remain largely unaware of problems with their authentication practices because there's no scalable way for them to indicate they want feedback and where it should be sent. Those attempting new SPF and DKIM deployment proceed very slowly and cautiously because the lack of feedback also means they have no good way to monitor progress and debug problems.

DMARC addresses these issues, helping email senders and receivers work together to better secure emails, protecting users and brands from painfully costly abuse.

How Does DMARC Work?

A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes - such as junk or reject the message. DMARC removes guesswork from the receiver's handling of these failed messages, limiting or eliminating the user's exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.

Who Can Use DMARC?

DMARC policies are published in the public Domain Name System (DNS), and available to everyone. It is the goal of DMARC.org to submit the draft specification to the IETF so that it may begin the process of becoming an official Internet Standard RFC - available to everyone for reference, implementation, and improvement."

gusmiles
Vote Up (13)

DMARC has good intentions, but it is human behavior that needs to be addressed and protected against. In today's business world, IT admins need to be more proactive, than reactive. Though DMARC has a lot of proactive traits, more is needed, including proper training and especially, ongoing monitoring.

 

A great company I ran across not too long ago has a very good anti-phishing service; you may want to check out this review and the service: Review of Phishme

 

Gus Miles

Bio / Google+ / LinkedIn

Article: SpyHunter 4 Review

Ask a question

Join Now or Sign In to ask a question.
Almost 500,000 patient records have been hacked from the servers of the Harley Medical Group, the plastic surgery firm which has clinics across the UK.
Security researchers have found that many satellite communication systems have vulnerabilities and design flaws that can let remote attackers intercept, manipulate, block and in some cases take full control of critical communications.
The U.S. commercial drone industry is still struggling to get off the ground more than two years after President Obama signed into law a bill that permits the civilian use of unmanned aerial vehicles (UAV) over the country's airspace.
Sure, you’ve changed a bunch of passwords, but are you doing all you can to protect yourself?
About 2.6 million payment cards at Michaels Stores and another 400,000 at subsidiary Aaron Brothers may have been affected in a card skimming attack that compromised its point-of-sale systems, the retailer said Thursday.
National security may be at stake as private businesses try to manage a growing number of cyberthreats, but IT professionals shouldn't have to bear that burden alone.
Worried about how the Heartbleed vulnerability may affect your personal accounts? A new tool may be of help.
Whether it's the first time you've picked up an iPad or the seventeenth time you've pulled out your iPhone today, there are probably still some iOS 7 features and functionality that you're not familiar with. Don't sweat it: We're here to help. We've collected some of our favorite and most useful tips and compiled them here, just for you.
The Tor Project has flagged 380 Tor relays vulnerable to the critical Heartbleed flaw to be rejected from the Tor anonymity network, reducing the network's entry and exit capacity.
Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

White Papers & Webcasts

See more White Papers | Webcasts

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+