DMARC, or Domain-based Message Authentication, Reporting & Conformance, is actually a technical specification created with the purpose of reducing email-based abuse by addressing issues of the email authentication protocols.
These problems are related to the sender policy framework (SPF) and domain keys identified mail (DKIM) mechanisms utilized by most mailbox providers that are currently experiencing difficulties in telling apart potentially dangerous packages from legitimate ones.
Since there isn’t a way for them to monitor or to receive feedback regarding their authentication practices, senders are having difficulties, which DMARC hopes to resolve.
The new standard allows senders to indicate that their emails are protected by SPF or DKIM, also informing the recipient on what must be done in case none of the authentication methods passes.
“DMARC removes guesswork from the receiver's handling of these failed messages, limiting or eliminating the user's exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation,” DMARC reveals.
In the upcoming period, the draft specifications will be submitted to the Internet Engineering Task Force (IETF) as part of the process of making this an official Internet Standard that can be used and improved by anyone.
Spamming and phishing is on the rise and security solutions providers are struggling to keep up with all the new tricks used by cybercriminals to spread their malicious schemes.
Lately, they’ve been replicating legitimate emails so well that it has become highly problematic for users and spam filters to tell them apart from legitimate notifications coming from diverse organizations.
Since their names are often utilized in phishing emails, the Bank of America and Fidelity Investment are also on board with this project.