DMARC.org recently announced the launch of a new supporter program to offer technical and financial assistance for the adoption of DMARC email authentication.
The new Supporters program allows organizations to participate in and help improve DMARC.org’s technical programs, such as developing or enhancing protocols for email authentication and
education programs, aimed at implementing DMARC worldwide.
Founding supporters of DMARC.org’s new program are SparkPost, a cloud-based email company, and ValiMail, a recently launched email security startup that provides a free DMARC online domain checker.
advertisement
advertisement
The first step toward global adoption of the DMARC standard may be to demystify the protocol, which is highly technical and
often confusing for even the savviest of email marketing professionals.
Domain-based Message Authentication, Reporting & Conformance, otherwise known as DMARC, is an email authentication
protocol designed to validate email senders and prevent email spoofing. It is built on SPF and DKIM protocols, which were originally developed over a decade ago.
“DMARC is
confusing because it's based on email standards that are ten years old and were written long before the cloud era we live in today,” says Alexander García-Tobar, CEO and cofounder of
ValiMail. “Configuring them requires very specialized (some might even say arcane) knowledge.”
“Email evolved back when the Internet was used by a few thousand
researchers and scientists, and they weren't concerned about security because everybody knew everybody else,” says Steve Jones, director of DMARC.org. “Bad actors were easily identified
and, if necessary, punished."
He said that as the Internet grew to millions -- and ultimately billions -- of users, the industry had to add security to functions like email decades after they
were developed. Retrofitting something isn't always easy, he said, when you're trying to address security concerns.
Yet DMARC is an incredibly important standard, and the repercussions of
non-DMARC conformance can have wide-ranging consequences. DMARC can help protect companies from email-based phishing attempts, which can lead to financial fraud and brand harm.
The FBI
recently revealed that more than $3 billion has been lost globally to CEO email fraud, or business email compromised (BEC), and cyberattacks are increasing year-over-year.
“In a perfect
world, if every legitimate domain used a p=reject policy (effectively telling receiving domains and ISPs to discard mail that failed DKIM validation) it would massively decrease the ability of
phishers & spammers from doing their dirty work,” says Len Shneyder, VP of Industry Relations at SparkPost.
Although a little geeky, Gmail and Microsoft announced intentions to implement a p=reject policy by the end of the month, but
this could reduce marketers’ email delivery rates as DMARC conformance directly correlates to higher inbox placements.