Welcome!

News Feed Item

Prominent Brands Cut Email Abuse by More than 50% with DMARC

DMARC.org, an industry collaborative working to increase consumer trust in email, published new data demonstrating how DMARC adoption reduces the risks associated with fraudulent email. Senders, such as Facebook, PayPal, and Twitter, as well as receivers, such as Google and Microsoft, are seeing significant reduction in the delivery of malicious emails to consumer inboxes.

DMARC, which stands for Domain-based Message Authentication, Reporting, & Conformance, is a specification that defines how email can be authenticated by receivers and how they can report the authentication results back to the sender. The specification was published in 2012, and it is now celebrating its second year of having a positive effect in protecting consumer inboxes from spoofed email.

Illustrating this trend, PayPal stated that customer reports of suspicious email dropped in the U.S. by more than 70% during 2013. Microsoft also announced that reports of phishing by users of Outlook.com dropped by more than 50% in 2013 over 2012. These trends clearly underscore the fact that less malicious email is being delivered to consumer inboxes, with DMARC being an important contributing factor.

“Implementing DMARC stopped nearly 25 million attempted attacks on our customers during the 2013 holiday buying season alone,” said Trent Adams, Chair of DMARC.org and Senior Advisor on email security for PayPal and eBay Inc. “Not only is DMARC shutting down spoofed domain attacks, but it has also cut the overall volume of daily attacks in half since 2012.”

While not every mailbox provider has added DMARC protection, users with email accounts operated by Google, Yahoo, Microsoft, AOL, Comcast, Netease, Mail.ru, and XS4All are protected today. This covers almost 2 billion accounts worldwide, protecting senders such as Amazon, American Greetings, DocuSign, Facebook, Fidelity Investments, JP Morgan Chase, LinkedIn, LivingSocial, PayPal, and Twitter.

As a major mailbox provider, Google has seen how effective implementing DMARC can be. In December Google reported that over 90% of emails received by Gmail users are now authenticated by DKIM or SPF, the underlying authentication mechanisms used by DMARC. Further, they report that over 80,000 domains have already published policies via DMARC allowing them to reject unauthenticated messages.

"We are very pleased with the industry adoption of DMARC, and the positive impact on protecting Gmail's users from spoofing and phishing attempts," said Google Product Manager John Rae-Grant. "As more of the industry adopts DMARC, we're increasingly able to reject hundreds of millions of fraudulent messages each week. This improves our ability to protect Gmail users and many brands that were previously targeted by spoofers and phishing attempts. For example, we saw a reduction of 5000% in the amount of spoofing email claiming to be from a major corporation during their busiest season after implementing a DMARC reject policy."

"DMARC protects more than 85% of the people who receive email from Facebook," said Michael Adkins, Production Engineer at Facebook. "That level of adoption has significantly diminished the financial incentive for criminals to spoof our domains, so they've moved on to other targets. People can trust their inboxes more as a result. We're proud to have been one of the first companies to deploy the DMARC specification at scale, and we're excited to see so many others achieving great results."

In the process of deploying DMARC, Twitter first took advantage of its reporting features to identify the scope of abuse against their domains. During the first 45 days of initial monitoring, Twitter saw nearly 2.5 billion messages spoofing its domains. The spoofed messages exceeded 110 million per day at their peak. Once Twitter moved to a DMARC “reject” policy, the number of spoofed messages dropped to only a few thousand within days.

"DMARC was eye-opening for our security team at Twitter,” said Josh Aberant, Postmaster at Twitter. “We found massive amounts of abuse from both our domains and look alike domains we'd claimed. Using DMARC to protect these domains and stop forgeries is a core component of how we protect our users."

“Since the introduction of email, cyber criminals have been hard at work determining ways to corrupt and exploit this communication channel,” said Patrick Peterson, founder and CEO of Agari. “The drastic reduction in attempted email fraud, even across multiple domains, is due primarily to the protections provided by the DMARC standard. For example, one of our prominent financial services clients saw spoofing levels drop an amazing 67% after publishing its DMARC reject policy in the fall of 2013.”

Return Path, a provider of email brand protection, reports similar results. “As awareness of DMARC prompts more senders to make the protection of consumers and brands a priority, Return Path has seen a 130% increase in both clients and domains publishing valid DMARC records over the last twelve months alone, and that growth is only accelerating,” said Matt Blumberg, CEO of Return Path. “Within the span of two years DMARC has introduced a sea change in email security, and the remaining brands that leave themselves and their customers vulnerable to fraud are taking unacceptable risks.”

"In just the last 90 days alone, DMARC has blocked over one hundred thousand messages across multiple sending domains, helping to protect the Publishers Clearing House brand and consumers from potential email threats," said Sal Tripi, Assistant Vice President of Digital Operations & Compliance at Publishers Clearing House. "We believe that online businesses have a responsibility to protect users from phishing and other email abuse. We feel that protecting our members with DMARC is critical to future success of not only our business, but the vitality of the online marketplace in general. DMARC allows us to provide instructions to receivers on how to handle mail received without proper authentication. The implementation and expansion of DMARC is one of the most noteworthy developments in the email industry in the last few years.”

Organizations interested in DMARC are encouraged to visit DMARC.org where there is a comprehensive overview of the technology as well as links to the specification, discussion lists, and support resources.

About DMARC.org

DMARC.org (Domain-based Message Authentication, Reporting and Conformance) is an unincorporated working group made up of many of the world’s leading email providers (AOL, Comcast, Google, NetEase, Outlook.com, Yahoo! Mail), financial institutions and service providers (Bank of America, Fidelity Investments, J.P. Morgan Chase, PayPal), social media properties (American Greetings, Facebook, LinkedIn) and email security solutions providers (Agari, Cloudmark, Return Path, Trusted Domain Project). The group is dedicated to developing Internet standards to reduce the threat of email phishing and to improve coordination between email providers and mail sender domain owners.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
For financial firms, the cloud is going to increasingly become a crucial part of dealing with customers over the next five years and beyond, particularly with the growing use and acceptance of virtual currencies. There are new data storage paradigms on the horizon that will deliver secure solutions for storing and moving sensitive financial data around the world without touching terrestrial networks. In his session at 20th Cloud Expo, Cliff Beek, President of Cloud Constellation Corporation, ...
SYS-CON Events announced today that Tintri, Inc, a leading provider of enterprise cloud infrastructure, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Tintri offers an enterprise cloud platform built with public cloud-like web services and RESTful APIs. Organizations use Tintri all-flash storage with scale-out and automation as a foundation for their own clouds – to build agile development environments...
In his opening keynote at 20th Cloud Expo, Michael Maximilien, Research Scientist, Architect, and Engineer at IBM, will motivate why realizing the full potential of the cloud and social data requires artificial intelligence. By mixing Cloud Foundry and the rich set of Watson services, IBM's Bluemix is the best cloud operating system for enterprises today, providing rapid development and deployment of applications that can take advantage of the rich catalog of Watson services to help drive insigh...
SYS-CON Events announced today that DivvyCloud will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. DivvyCloud software enables organizations to achieve their cloud computing goals by simplifying and automating security, compliance and cost optimization of public and private cloud infrastructure. Using DivvyCloud, customers can leverage programmatic Bots to identify and remediate common cloud problems in rea...
While some vendors scramble to create and sell you a fancy solution for monitoring your spanking new Amazon Lambdas, hear how you can do it on the cheap using just built-in Java APIs yourself. By exploiting a little-known fact that Lambdas aren’t exactly single threaded, you can effectively identify hot spots in your serverless code. In his session at 20th Cloud Expo, David Martin, Principal Product Owner at CA Technologies, will give a live demonstration and code walkthrough, showing how to ov...
SYS-CON Events announced today that Outscale, a global pure play Infrastructure as a Service provider and strategic partner of Dassault Systèmes, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Founded in 2010, Outscale simplifies infrastructure complexities and boosts the business agility of its customers. Outscale delivers a secure, reliable and industrial strength solution for its customers, which in...
The 21st International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, whic...
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
Every successful software product evolves from an idea to an enterprise system. Notably, the same way is passed by the product owner's company. In his session at 20th Cloud Expo, Oleg Lola, CEO of MobiDev, will provide a generalized overview of the evolution of a software product, the product owner, the needs that arise at various stages of this process, and the value brought by a software development partner to the product owner as a response to these needs.
SYS-CON Events announced today that EARP will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. "We are a software house, so we perfectly understand challenges that other software houses face in their projects. We can augment a team, that will work with the same standards and processes as our partners' internal teams. Our teams will deliver the same quality within the required time and budget just as our partn...
As DevOps methodologies expand their reach across the enterprise, organizations face the daunting challenge of adapting related cloud strategies to ensure optimal alignment, from managing complexity to ensuring proper governance. How can culture, automation, legacy apps and even budget be reexamined to enable this ongoing shift within the modern software factory?
SYS-CON Events announced today that delaPlex will exhibit at SYS-CON's @ThingsExpo, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. delaPlex pioneered Software Development as a Service (SDaaS), which provides scalable resources to build, test, and deploy software. It’s a fast and more reliable way to develop a new product or expand your in-house team.
SYS-CON Events announced today that Tappest will exhibit MooseFS at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. MooseFS is a breakthrough concept in the storage industry. It allows you to secure stored data with either duplication or erasure coding using any server. The newest – 4.0 version of the software enables users to maintain the redundancy level with even 50% less hard drive space required. The software func...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...