Welcome!

Wearables Authors: Elizabeth White, Liz McMillan, Yeshim Deniz, Pat Romanski, Shelly Palmer

News Feed Item

In First Year, DMARC Protects 60 Percent of Global Consumer Mailboxes

SAN JOSE, CA -- (Marketwire) -- 02/06/13 -- DMARC.org, an industry collaborative working to increase email trust, announced today that the DMARC standard now protects almost two-thirds of the world's 3.3 billion consumer mailboxes worldwide. First announced January 2012, DMARC marshals the forces of leading brands and email suppliers to combat rampant email deception and fraud, such as spam and phishing. The mailbox providers who have implemented DMARC represent roughly 80 percent of consumer inboxes in the United States. The standard has also been implemented at leading mailbox providers in the Netherlands, China, and Russia, representing hundreds of millions of mailboxes.

"DMARC is a testimony to private sector and market-driven collaboration to combat a real problem on the Internet," said Trent Adams, chair of DMARC.org and senior policy advisor at PayPal. "The successful adoption of DMARC has been phenomenal. And the effectiveness proves that any brand owner interested in increasing protection of their email stream should deploy DMARC today."

On the sender side, DMARC is seeing wide acceptance, especially by very high-volume mailers. Data provided by DMARC member companies shows that 10 of 20 domains with the highest sending volumes are now implementing DMARC, including many companies beyond the original DMARC.org consortium. The implementation of DMARC by mailbox providers and mail senders is having a measurable impact on consumers -- with more than 325 million messages rejected in November and December 2012 alone, by mailbox providers because they failed the DMARC authentication check.

"Despite being one of the world's largest email senders, we only require a handful of individuals to maintain all of Facebook's email security efforts thanks to DMARC," said Michael Adkins, Messaging Engineer, Facebook. "DMARC's powerful controls protect over 85% of our users from fraudulent email that claims to be from Facebook, and that's after just one year. Add in the visibility and insight provided by DMARC's reporting features and a very small team can have a huge impact on phishing."

DMARC, which stands for Domain-based Message Authentication, Reporting & Conformance, builds on previous email authentication advancements, SPF and DKIM, with strong protection of the author's address (From field) and creating a feedback loop from receivers back to legitimate email senders. This makes impersonation of the author's address difficult for phishers who are trying to send fraudulent email. Brands can use DMARC to easily notify email providers how to recognize and manage fraudulent mail, while also providing a means by which the receiver can report on fraudulent messages to the owner of the spoofed domain. Messages that pass DMARC validation will continue to be evaluated by the mailbox provider to determine ultimate placement of the message according to its spam-detection filters.

DMARC Performance by the Numbers

DMARC successfully addresses concerns that previously hindered widespread adoption and mass deployment of trusted email authentication solutions. The standards-based framework of DMARC establishes a foundational feedback loop so email senders and receivers communicate automatically about potential abuse. As more senders embrace DMARC, global protection against fraudulent email will continue to increase. Compelling data reported by Trend Micro, claims that 91 percent of targeted attacks involve highly tailored spear-phishing emails (http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-spear-phishing-email-most-favored-apt-attack-bait.pdf). Senders can use DMARC to defend their brands against becoming a vector of attack.

In its first year, DMARC:

  • Protects 60 percent of the world's email boxes or 1.976 billion of the estimated 3.3 billion email boxes worldwide. (http://www.email-marketing-reports.com/metrics/email-statistics.htm)

  • Has been adopted by the world's largest consumer email providers- AOL, Comcast, Google, Mail.ru, Microsoft, NetEase, Xs4All, and Yahoo!.

  • Can claim 50 percent of the top 20 sending domains publish a DMARC policy, with 70 percent of those domains asserting a policy that directs receivers to take action against unauthenticated messages.

  • Sender adoption exceeds the original DMARC.org membership, with 60 percent of the top sending domains publishing policy coming from companies not directly affiliated with DMARC.org.

  • Rejected hundreds of millions of potentially fraudulent messages from domains publishing a DMARC reject policy. As an example, in November and December 2012, more than 325 million messages were rejected as purporting to be "From" domains with a DMARC reject policy. Of those messages, 49 million were from highly phished domains*.

  • Protects 80 percent of US typical consumer mailboxes.

* Highly phished domains = Domains with a DMARC reject policy and more than 10 percent of all messages purporting to be from that domain failing authentication checks.

Service Providers Embrace DMARC

Mailbox providers who have deployed DMARC include AOL, Comcast, Google, Mail.ru, Microsoft, NetEase, Xs4All, and Yahoo!.

"DMARC implementation is of utmost importance to Microsoft as we protect our millions of email users against phishing and online fraud. At Microsoft, we want our users to be able to trust messages that appear in their inbox. The increasing global adoption is a cumulative effect; the more email sending brands that use DMARC, the broader the protection offered against phishing," said Krish Vitaldevara, Outlook.com's principal group program manager.

"We are excited with how quickly DMARC has been adopted in China, and we are pleased to be part of the effort," said Junping Chen, Senior Mail Security Officer at NetEase. "NetEase had more than 530 million mailbox users at the end of 2012 and is the first DMARC implementer in China. We estimate that DMARC protection already applies to over 50 percent of all Chinese consumer mailboxes, and adoption is accelerating."

"DMARC has reduced the risk of phishing for Gmail users by enabling us to effectively reject suspicious, unauthenticated messages that come from DMARC senders with a reject policy," said Adam Dawes, Product Manager at Google. "This capability gives users instant protection against zero hour phishing attacks and provides better assurance that spam classifications are accurate."

"Every day, email users are potentially exposed to a wide range of abusive emails -- from spam, to phishing attacks, to potential malware that can take over a computer. To combat this abuse, Yahoo! helped create the DMARC specification which now helps us recognize and prevent forged or spoofed emails from reaching our users," said Raj Ramaswamy, senior director, Yahoo! Mail. "We're encouraged to see the rapid global adoption of DMARC because it will keep all email users safer."

"DMARC helps protect AOL users from fraud and phishing attacks, which in turn helps our users trust the email they see in their inbox. After year one, we are seeing positive results from these efforts," said Jim Sargent, Anti-Spam Technology Development and Operations Manager, AOL. "AOL is proud to be a DMARC.org founding member and we see worldwide support for the standard. It's very gratifying to see the growth, expansion and innovation possible now with DMARC enabling greater trust in the email channel."

Leading Brands Rely on DMARC to Preserve Reputation and Protect Constituents

Brands, or email senders, have accelerated DMARC adoption. Compelled to ensure their brands' integrity with consumers, brands employ DMARC to ensure the authenticity of their emails and guard millions of would-be targets from popular phishing schemes that attempt to exploit them.

Leading brands across industry use DMARC, including Amazon, American Greetings, Apple, Bank of America, Blizzard Entertainment, Booking.com, eBay, Facebook, FedEx, Fidelity Investments, Google, Groupon, JP Morgan Chase, LinkedIn, LivingSocial, Netflix, PayPal, Tagged, Twitter, Western Union, Yelp, YouTube, and Zynga.**

** Brands in this list have been identified by publicly discoverable DMARC records available in the DNS.

Industry experts have embraced DMARC as a market-driven solution to secure the email channel against phishing and fraud. Active contributors participate through the open DMARC-Discuss email group (http://www.dmarc.org/participate.html). ISPs, brands, and security vendors collaboratively address issues and share information regarding the specification. This participation, combined with the DMARC Interoperability Workshop held at Facebook headquarters in July 2012, and global operational experience has continued to improve the specification in the past year.

Industry Associations Promote DMARC Awareness and Adoption

Leading industry groups have embraced DMARC and encourage their member companies to use DMARC to protect their brands and their audiences against nefarious phishing scams. The Financial Services - Information Sharing and Analysis Center (FS-ISAC), BITS - The Financial Services Round Table, and the Online Trust Alliance (OTA) have joined the DMARC.org efforts to benefit those most targeted by phishing.

The Messaging, Mobile, & Malware Anti-Abuse Working Group (M3AAWG) was instrumental in helping to incubate the DMARC specification, as well as providing ongoing education to its members and the public. As a commitment to the email ecosystem, they released a free video training series published on February 4th (http://www.maawg.org).

"M3AAGW has been supporting the development of DMARC since its inception at our M3AAWG meetings as part of our mission to combat messaging abuse," said Jerry Upton, M3AAWG Executive Director. "In addition, the DMARC training sessions we've hosted over the last year have all exceeded capacity, indicating the industry's high level of interest for this new, exceptionally useful technology."

Founded in 2004 to advance the business and brand protection value of email authentication, OTA provides ongoing education by way of its Email Authentication Training Academy, Email Authentication Deployment Guide for Senders, and annual adoption scorecard tracking adoption of the world's largest banks, commerce sites and social network sites (https://otalliance.org/resources/authentication/index.html). Supporting its commitment to education, OTA is hosting a series of DMARC Webinars planned for February 12th and 18th (https://otalliance.org/events/index.html).

"DMARC brings together the business and technical value and is on track to be a baseline security requirement and essential brand and consumer protection tool. Brands which fail to implement DMARC at their top-level domain are putting their customers and employees at an unacceptable risk to the spread of fraudulent and malicious email," said Craig Spiezle, Executive Director & President of OTA.

BITS is publishing an Email Authentication Guide to its members and supports the effort by offering a Trusted Email Registry program for its members that includes DMARC support.

"Even as other communication channels are gaining momentum, email remains a well-used, established communication channel for consumers. Unfortunately, it also remains a mechanism used by cyber criminals to lure victims into providing private information or to implant malicious software. Email authentication is critical to protect consumers from harm and potential fraud," said Paul Smocer, BITS president. "BITS is pleased to provide ongoing support to DMARC as it progresses its efforts in bringing stakeholders together -- email and service providers with financial institutions -- to enable email senders and receivers to collaborate via DMARC specifications for strong email authentication. These efforts will help all consumers and in particular, customers of financial services institutions."

Interested organizations are encouraged to read the specification, join the dmarc-discuss mailing list at www.dmarc.org, and begin testing and deploying email authentication standards SPF, DKIM, and DMARC. DMARC.org members will be participating in discussions about the specification at MAAWG and RSA conferences in February. See www.dmarc.org for details.

About DMARC.org
DMARC.org (Domain-based Message Authentication, Reporting and Conformance) is an unincorporated working group made up of many of the world's leading email providers (AOL, Comcast, Google, Hotmail, NetEase, Yahoo! Mail), financial institutions and service providers (Bank of America, Fidelity Investments, J.P. Morgan Chase, PayPal), social media properties (American Greetings, Facebook, LinkedIn) and email security solutions providers (Agari, Cloudmark, Return Path, Trusted Domain Project). The group is dedicated to developing Internet standards to reduce the threat of email phishing and to improve coordination between email providers and mail sender domain owners.

The DMARC specification and further information can be found at www.dmarc.org.

Add to Digg Bookmark with del.icio.us Add to Newsvine

Media Contact:
Suzanne Matick
for DMARC.org
suzanne [at] matick.net
831-479-1888 Pacific time zone

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@ThingsExpo Stories
SYS-CON Events announced today that SourceForge has been named “Media Sponsor” of SYS-CON's 21st International Cloud Expo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SourceForge is the largest, most trusted destination for Open Source Software development, collaboration, discovery and download on the web serving over 32 million viewers, 150 million downloads and over 460,000 active development projects each and every month.
SYS-CON Events announced today that Nihon Micron will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Nihon Micron Co., Ltd. strives for technological innovation to establish high-density, high-precision processing technology for providing printed circuit board and metal mount RFID tags used for communication devices. For more inf...
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...
SYS-CON Events announced today that MIRAI Inc. will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MIRAI Inc. are IT consultants from the public sector whose mission is to solve social issues by technology and innovation and to create a meaningful future for people.
Widespread fragmentation is stalling the growth of the IIoT and making it difficult for partners to work together. The number of software platforms, apps, hardware and connectivity standards is creating paralysis among businesses that are afraid of being locked into a solution. EdgeX Foundry is unifying the community around a common IoT edge framework and an ecosystem of interoperable components.
SYS-CON Events announced today that Dasher Technologies will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Dasher Technologies, Inc. ® is a premier IT solution provider that delivers expert technical resources along with trusted account executives to architect and deliver complete IT solutions and services to help our clients execute their goals, plans and objectives. Since 1999, we'v...
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
SYS-CON Events announced today that TidalScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale is the leading provider of Software-Defined Servers that bring flexibility to modern data centers by right-sizing servers on the fly to fit any data set or workload. TidalScale’s award-winning inverse hypervisor technology combines multiple commodity servers (including their ass...
As hybrid cloud becomes the de-facto standard mode of operation for most enterprises, new challenges arise on how to efficiently and economically share data across environments. In his session at 21st Cloud Expo, Dr. Allon Cohen, VP of Product at Elastifile, will explore new techniques and best practices that help enterprise IT benefit from the advantages of hybrid cloud environments by enabling data availability for both legacy enterprise and cloud-native mission critical applications. By rev...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
As popularity of the smart home is growing and continues to go mainstream, technological factors play a greater role. The IoT protocol houses the interoperability battery consumption, security, and configuration of a smart home device, and it can be difficult for companies to choose the right kind for their product. For both DIY and professionally installed smart homes, developers need to consider each of these elements for their product to be successful in the market and current smart homes.
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, will lead you through the exciting evolution of the cloud. He'll look at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering ...
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere delivers a more modern architectural approach to storage that doesn't require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbui...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.