Welcome!

News Feed Item

Prominent Brands Cut Email Abuse by More than 50% with DMARC

DMARC.org, an industry collaborative working to increase consumer trust in email, published new data demonstrating how DMARC adoption reduces the risks associated with fraudulent email. Senders, such as Facebook, PayPal, and Twitter, as well as receivers, such as Google and Microsoft, are seeing significant reduction in the delivery of malicious emails to consumer inboxes.

DMARC, which stands for Domain-based Message Authentication, Reporting, & Conformance, is a specification that defines how email can be authenticated by receivers and how they can report the authentication results back to the sender. The specification was published in 2012, and it is now celebrating its second year of having a positive effect in protecting consumer inboxes from spoofed email.

Illustrating this trend, PayPal stated that customer reports of suspicious email dropped in the U.S. by more than 70% during 2013. Microsoft also announced that reports of phishing by users of Outlook.com dropped by more than 50% in 2013 over 2012. These trends clearly underscore the fact that less malicious email is being delivered to consumer inboxes, with DMARC being an important contributing factor.

“Implementing DMARC stopped nearly 25 million attempted attacks on our customers during the 2013 holiday buying season alone,” said Trent Adams, Chair of DMARC.org and Senior Advisor on email security for PayPal and eBay Inc. “Not only is DMARC shutting down spoofed domain attacks, but it has also cut the overall volume of daily attacks in half since 2012.”

While not every mailbox provider has added DMARC protection, users with email accounts operated by Google, Yahoo, Microsoft, AOL, Comcast, Netease, Mail.ru, and XS4All are protected today. This covers almost 2 billion accounts worldwide, protecting senders such as Amazon, American Greetings, DocuSign, Facebook, Fidelity Investments, JP Morgan Chase, LinkedIn, LivingSocial, PayPal, and Twitter.

As a major mailbox provider, Google has seen how effective implementing DMARC can be. In December Google reported that over 90% of emails received by Gmail users are now authenticated by DKIM or SPF, the underlying authentication mechanisms used by DMARC. Further, they report that over 80,000 domains have already published policies via DMARC allowing them to reject unauthenticated messages.

"We are very pleased with the industry adoption of DMARC, and the positive impact on protecting Gmail's users from spoofing and phishing attempts," said Google Product Manager John Rae-Grant. "As more of the industry adopts DMARC, we're increasingly able to reject hundreds of millions of fraudulent messages each week. This improves our ability to protect Gmail users and many brands that were previously targeted by spoofers and phishing attempts. For example, we saw a reduction of 5000% in the amount of spoofing email claiming to be from a major corporation during their busiest season after implementing a DMARC reject policy."

"DMARC protects more than 85% of the people who receive email from Facebook," said Michael Adkins, Production Engineer at Facebook. "That level of adoption has significantly diminished the financial incentive for criminals to spoof our domains, so they've moved on to other targets. People can trust their inboxes more as a result. We're proud to have been one of the first companies to deploy the DMARC specification at scale, and we're excited to see so many others achieving great results."

In the process of deploying DMARC, Twitter first took advantage of its reporting features to identify the scope of abuse against their domains. During the first 45 days of initial monitoring, Twitter saw nearly 2.5 billion messages spoofing its domains. The spoofed messages exceeded 110 million per day at their peak. Once Twitter moved to a DMARC “reject” policy, the number of spoofed messages dropped to only a few thousand within days.

"DMARC was eye-opening for our security team at Twitter,” said Josh Aberant, Postmaster at Twitter. “We found massive amounts of abuse from both our domains and look alike domains we'd claimed. Using DMARC to protect these domains and stop forgeries is a core component of how we protect our users."

“Since the introduction of email, cyber criminals have been hard at work determining ways to corrupt and exploit this communication channel,” said Patrick Peterson, founder and CEO of Agari. “The drastic reduction in attempted email fraud, even across multiple domains, is due primarily to the protections provided by the DMARC standard. For example, one of our prominent financial services clients saw spoofing levels drop an amazing 67% after publishing its DMARC reject policy in the fall of 2013.”

Return Path, a provider of email brand protection, reports similar results. “As awareness of DMARC prompts more senders to make the protection of consumers and brands a priority, Return Path has seen a 130% increase in both clients and domains publishing valid DMARC records over the last twelve months alone, and that growth is only accelerating,” said Matt Blumberg, CEO of Return Path. “Within the span of two years DMARC has introduced a sea change in email security, and the remaining brands that leave themselves and their customers vulnerable to fraud are taking unacceptable risks.”

"In just the last 90 days alone, DMARC has blocked over one hundred thousand messages across multiple sending domains, helping to protect the Publishers Clearing House brand and consumers from potential email threats," said Sal Tripi, Assistant Vice President of Digital Operations & Compliance at Publishers Clearing House. "We believe that online businesses have a responsibility to protect users from phishing and other email abuse. We feel that protecting our members with DMARC is critical to future success of not only our business, but the vitality of the online marketplace in general. DMARC allows us to provide instructions to receivers on how to handle mail received without proper authentication. The implementation and expansion of DMARC is one of the most noteworthy developments in the email industry in the last few years.”

Organizations interested in DMARC are encouraged to visit DMARC.org where there is a comprehensive overview of the technology as well as links to the specification, discussion lists, and support resources.

About DMARC.org

DMARC.org (Domain-based Message Authentication, Reporting and Conformance) is an unincorporated working group made up of many of the world’s leading email providers (AOL, Comcast, Google, NetEase, Outlook.com, Yahoo! Mail), financial institutions and service providers (Bank of America, Fidelity Investments, J.P. Morgan Chase, PayPal), social media properties (American Greetings, Facebook, LinkedIn) and email security solutions providers (Agari, Cloudmark, Return Path, Trusted Domain Project). The group is dedicated to developing Internet standards to reduce the threat of email phishing and to improve coordination between email providers and mail sender domain owners.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
"With Digital Experience Monitoring what used to be a simple visit to a web page has exploded into app on phones, data from social media feeds, competitive benchmarking - these are all components that are only available because of some type of digital asset," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
21st International Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Me...
SYS-CON Events announced today that DXWorldExpo has been named “Global Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Digital Transformation is the key issue driving the global enterprise IT business. Digital Transformation is most prominent among Global 2000 enterprises and government institutions.
SYS-CON Events announced today that Datera, that offers a radically new data management architecture, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Datera is transforming the traditional datacenter model through modern cloud simplicity. The technology industry is at another major inflection point. The rise of mobile, the Internet of Things, data storage and Big...
Kubernetes is an open source system for automating deployment, scaling, and management of containerized applications. Kubernetes was originally built by Google, leveraging years of experience with managing container workloads, and is now a Cloud Native Compute Foundation (CNCF) project. Kubernetes has been widely adopted by the community, supported on all major public and private cloud providers, and is gaining rapid adoption in enterprises. However, Kubernetes may seem intimidating and complex ...
"Outscale was founded in 2010, is based in France, is a strategic partner to Dassault Systémes and has done quite a bit of work with divisions of Dassault," explained Jackie Funk, Digital Marketing exec at Outscale, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We focus on SAP workloads because they are among the most powerful but somewhat challenging workloads out there to take into public cloud," explained Swen Conrad, CEO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"DivvyCloud as a company set out to help customers automate solutions to the most common cloud problems," noted Jeremy Snyder, VP of Business Development at DivvyCloud, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We provide IoT solutions. We provide the most compatible solutions for many applications. Our solutions are industry agnostic and also protocol agnostic," explained Richard Han, Head of Sales and Marketing and Engineering at Systena America, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are still a relatively small software house and we are focusing on certain industries like FinTech, med tech, energy and utilities. We help our customers with their digital transformation," noted Piotr Stawinski, Founder and CEO of EARP Integration, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I think DevOps is now a rambunctious teenager – it’s starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...
"We were founded in 2003 and the way we were founded was about good backup and good disaster recovery for our clients, and for the last 20 years we've been pretty consistent with that," noted Marc Malafronte, Territory Manager at StorageCraft, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.