Google, Facebook, Pay Pal, and others: anti-phishing email protocol

Can some of the web giants work together to help stop deceptive email?

The plan surrounds the existing systems DKIM and SPF and from a quick read seems to basically be an attempt to back and promote these existing systems with a few add-ons. To quote the dmarc.org web site "A group of leading organizations came together in the spring of 2011 to collaborate on a method for combating fraudulent email at Interenet-scale."

The main difference here seems to be that DMARC includes instructions for what should be done when a email is received that fails the tests. Currently SPF and DKIM just attempt (loosly) to identify valid email but it´s up to the client to deturmin what to do if an email comes in that fails the test.

From the dmarc.org site:
"A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes - such as junk or reject the message. DMARC removes guesswork from the receiver´s handling of these failed messages, limiting or eliminating the user´s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation."

Will it work, let´s hope so! only time will tell what the bad boys can come up with the try and circumvent this latest filter but it certainly can´t hurt!

For more information check the http://dmarc.org web site

---