Welcome!

News Feed Item

Prominent Brands Cut Email Abuse by More than 50% with DMARC

DMARC.org, an industry collaborative working to increase consumer trust in email, published new data demonstrating how DMARC adoption reduces the risks associated with fraudulent email. Senders, such as Facebook, PayPal, and Twitter, as well as receivers, such as Google and Microsoft, are seeing significant reduction in the delivery of malicious emails to consumer inboxes.

DMARC, which stands for Domain-based Message Authentication, Reporting, & Conformance, is a specification that defines how email can be authenticated by receivers and how they can report the authentication results back to the sender. The specification was published in 2012, and it is now celebrating its second year of having a positive effect in protecting consumer inboxes from spoofed email.

Illustrating this trend, PayPal stated that customer reports of suspicious email dropped in the U.S. by more than 70% during 2013. Microsoft also announced that reports of phishing by users of Outlook.com dropped by more than 50% in 2013 over 2012. These trends clearly underscore the fact that less malicious email is being delivered to consumer inboxes, with DMARC being an important contributing factor.

“Implementing DMARC stopped nearly 25 million attempted attacks on our customers during the 2013 holiday buying season alone,” said Trent Adams, Chair of DMARC.org and Senior Advisor on email security for PayPal and eBay Inc. “Not only is DMARC shutting down spoofed domain attacks, but it has also cut the overall volume of daily attacks in half since 2012.”

While not every mailbox provider has added DMARC protection, users with email accounts operated by Google, Yahoo, Microsoft, AOL, Comcast, Netease, Mail.ru, and XS4All are protected today. This covers almost 2 billion accounts worldwide, protecting senders such as Amazon, American Greetings, DocuSign, Facebook, Fidelity Investments, JP Morgan Chase, LinkedIn, LivingSocial, PayPal, and Twitter.

As a major mailbox provider, Google has seen how effective implementing DMARC can be. In December Google reported that over 90% of emails received by Gmail users are now authenticated by DKIM or SPF, the underlying authentication mechanisms used by DMARC. Further, they report that over 80,000 domains have already published policies via DMARC allowing them to reject unauthenticated messages.

"We are very pleased with the industry adoption of DMARC, and the positive impact on protecting Gmail's users from spoofing and phishing attempts," said Google Product Manager John Rae-Grant. "As more of the industry adopts DMARC, we're increasingly able to reject hundreds of millions of fraudulent messages each week. This improves our ability to protect Gmail users and many brands that were previously targeted by spoofers and phishing attempts. For example, we saw a reduction of 5000% in the amount of spoofing email claiming to be from a major corporation during their busiest season after implementing a DMARC reject policy."

"DMARC protects more than 85% of the people who receive email from Facebook," said Michael Adkins, Production Engineer at Facebook. "That level of adoption has significantly diminished the financial incentive for criminals to spoof our domains, so they've moved on to other targets. People can trust their inboxes more as a result. We're proud to have been one of the first companies to deploy the DMARC specification at scale, and we're excited to see so many others achieving great results."

In the process of deploying DMARC, Twitter first took advantage of its reporting features to identify the scope of abuse against their domains. During the first 45 days of initial monitoring, Twitter saw nearly 2.5 billion messages spoofing its domains. The spoofed messages exceeded 110 million per day at their peak. Once Twitter moved to a DMARC “reject” policy, the number of spoofed messages dropped to only a few thousand within days.

"DMARC was eye-opening for our security team at Twitter,” said Josh Aberant, Postmaster at Twitter. “We found massive amounts of abuse from both our domains and look alike domains we'd claimed. Using DMARC to protect these domains and stop forgeries is a core component of how we protect our users."

“Since the introduction of email, cyber criminals have been hard at work determining ways to corrupt and exploit this communication channel,” said Patrick Peterson, founder and CEO of Agari. “The drastic reduction in attempted email fraud, even across multiple domains, is due primarily to the protections provided by the DMARC standard. For example, one of our prominent financial services clients saw spoofing levels drop an amazing 67% after publishing its DMARC reject policy in the fall of 2013.”

Return Path, a provider of email brand protection, reports similar results. “As awareness of DMARC prompts more senders to make the protection of consumers and brands a priority, Return Path has seen a 130% increase in both clients and domains publishing valid DMARC records over the last twelve months alone, and that growth is only accelerating,” said Matt Blumberg, CEO of Return Path. “Within the span of two years DMARC has introduced a sea change in email security, and the remaining brands that leave themselves and their customers vulnerable to fraud are taking unacceptable risks.”

"In just the last 90 days alone, DMARC has blocked over one hundred thousand messages across multiple sending domains, helping to protect the Publishers Clearing House brand and consumers from potential email threats," said Sal Tripi, Assistant Vice President of Digital Operations & Compliance at Publishers Clearing House. "We believe that online businesses have a responsibility to protect users from phishing and other email abuse. We feel that protecting our members with DMARC is critical to future success of not only our business, but the vitality of the online marketplace in general. DMARC allows us to provide instructions to receivers on how to handle mail received without proper authentication. The implementation and expansion of DMARC is one of the most noteworthy developments in the email industry in the last few years.”

Organizations interested in DMARC are encouraged to visit DMARC.org where there is a comprehensive overview of the technology as well as links to the specification, discussion lists, and support resources.

About DMARC.org

DMARC.org (Domain-based Message Authentication, Reporting and Conformance) is an unincorporated working group made up of many of the world’s leading email providers (AOL, Comcast, Google, NetEase, Outlook.com, Yahoo! Mail), financial institutions and service providers (Bank of America, Fidelity Investments, J.P. Morgan Chase, PayPal), social media properties (American Greetings, Facebook, LinkedIn) and email security solutions providers (Agari, Cloudmark, Return Path, Trusted Domain Project). The group is dedicated to developing Internet standards to reduce the threat of email phishing and to improve coordination between email providers and mail sender domain owners.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
Digital Transformation (DX) is not a "one-size-fits all" strategy. Each organization needs to develop its own unique, long-term DX plan. It must do so by realizing that we now live in a data-driven age, and that technologies such as Cloud Computing, Big Data, the IoT, Cognitive Computing, and Blockchain are only tools. In her general session at 21st Cloud Expo, Rebecca Wanta explained how the strategy must focus on DX and include a commitment from top management to create great IT jobs, monitor ...
"WineSOFT is a software company making proxy server software, which is widely used in the telecommunication industry or the content delivery networks or e-commerce," explained Jonathan Ahn, COO of WineSOFT, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, led attendees through the exciting evolution of the cloud. He looked at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering m...
Recently, WebRTC has a lot of eyes from market. The use cases of WebRTC are expanding - video chat, online education, online health care etc. Not only for human-to-human communication, but also IoT use cases such as machine to human use cases can be seen recently. One of the typical use-case is remote camera monitoring. With WebRTC, people can have interoperability and flexibility for deploying monitoring service. However, the benefit of WebRTC for IoT is not only its convenience and interopera...
No hype cycles or predictions of a gazillion things here. IoT is here. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, an Associate Partner of Analytics, IoT & Cybersecurity at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He also discussed the evaluation of communication standards and IoT messaging protocols, data...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
As many know, the first generation of Cloud Management Platform (CMP) solutions were designed for managing virtual infrastructure (IaaS) and traditional applications. But that's no longer enough to satisfy evolving and complex business requirements. In his session at 21st Cloud Expo, Scott Davis, Embotics CTO, explored how next-generation CMPs ensure organizations can manage cloud-native and microservice-based application architectures, while also facilitating agile DevOps methodology. He expla...
Product connectivity goes hand and hand these days with increased use of personal data. New IoT devices are becoming more personalized than ever before. In his session at 22nd Cloud Expo | DXWorld Expo, Nicolas Fierro, CEO of MIMIR Blockchain Solutions, will discuss how in order to protect your data and privacy, IoT applications need to embrace Blockchain technology for a new level of product security never before seen - or needed.
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, discussed how they built...
Sanjeev Sharma Joins June 5-7, 2018 @DevOpsSummit at @Cloud Expo New York Faculty. Sanjeev Sharma is an internationally known DevOps and Cloud Transformation thought leader, technology executive, and author. Sanjeev's industry experience includes tenures as CTO, Technical Sales leader, and Cloud Architect leader. As an IBM Distinguished Engineer, Sanjeev is recognized at the highest levels of IBM's core of technical leaders.
Digital transformation is about embracing digital technologies into a company's culture to better connect with its customers, automate processes, create better tools, enter new markets, etc. Such a transformation requires continuous orchestration across teams and an environment based on open collaboration and daily experiments. In his session at 21st Cloud Expo, Alex Casalboni, Technical (Cloud) Evangelist at Cloud Academy, explored and discussed the most urgent unsolved challenges to achieve f...
Nordstrom is transforming the way that they do business and the cloud is the key to enabling speed and hyper personalized customer experiences. In his session at 21st Cloud Expo, Ken Schow, VP of Engineering at Nordstrom, discussed some of the key learnings and common pitfalls of large enterprises moving to the cloud. This includes strategies around choosing a cloud provider(s), architecture, and lessons learned. In addition, he covered some of the best practices for structured team migration an...
SYS-CON Events announced today that Synametrics Technologies will exhibit at SYS-CON's 22nd International Cloud Expo®, which will take place on June 5-7, 2018, at the Javits Center in New York, NY. Synametrics Technologies is a privately held company based in Plainsboro, New Jersey that has been providing solutions for the developer community since 1997. Based on the success of its initial product offerings such as WinSQL, Xeams, SynaMan and Syncrify, Synametrics continues to create and hone inn...
There is a huge demand for responsive, real-time mobile and web experiences, but current architectural patterns do not easily accommodate applications that respond to events in real time. Common solutions using message queues or HTTP long-polling quickly lead to resiliency, scalability and development velocity challenges. In his session at 21st Cloud Expo, Ryland Degnan, a Senior Software Engineer on the Netflix Edge Platform team, will discuss how by leveraging a reactive stream-based protocol,...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is foundational - something customers routinely cite as a top pain point. In his session at @DevOpsSummit at 21st Cloud Expo, Bill Borsari, Head of Systems Engineering at Datera, explored how organizations can reap the bene...