Instead of the extensive, persistent phishing campaigns against top brands that we commonly found in past years, we now detect lower-volume efforts that change fast, target less well-known senders, and go away quickly. Like marketers, criminals are testing more and working harder for their success. Credit especially mailbox providers’ and large brands’ early adoption of the DMARC standard for a big part of this shift. I see its effect firsthand as attacks against marketers publishing DMARC policy (quarantine or reject) fail to reach customers. One large bank blocked more than 200,000 phishing messages in December alone, for example, and this was a typical outcome. In general the fraudsters moved on faster to easier targets in 2014, increasing avoiding the most prominent social media, financial services, and top-tier retail brands.
There’s a tremendous opportunity for DMARC to push conventional phishing further into the margins in 2015. As with any technological standard, the senders with the most to gain were the first to adopt DMARC, so the most-phished brands were relatively quick to protect themselves. The next tier of senders, literally hundreds of globally recognized brands, is poised to follow the industry leaders this year. The result could change the economics of conventional phishing, driving costs too high to justify the effort.
DMARC works, and it’s positioned to fulfill the vision that spurred its development: the elimination of an entire class of email fraud. And while it’s true that criminals will continue to search for weaknesses to exploit as long as there’s an opportunity for gain, DMARC’s success should stand as an example for cynics. Industrywide cooperation and joint development efforts can produce real, lasting victories in our battle to maintain the viability of email as a marketing channel.
DMARC should also inspire technologists and data scientist. As phishing tactics predictably shift toward attacks that evade authentication-based detection, technologists are developing a new generation of data-driven solutions that uncover patterns and anomalies in the global mailstream in real time. In early tests we’re seeing an immediate impact from this approach, quickly finding messages that use lookalike or cousin domains to dupe consumers. Again the keys to these solutions’ broader success are worldwide cooperation and leadership by industry champions, but the framework to achieve those is already in place.
As DMARC approaches its third anniversary this month, its contribution to keeping email marketing safe and effective may extend far beyond its ability to detect and stop domain-based phishing. DMARC offers a model for our industry and others to innovate against cybercrime.