Click here to close now.

SYS-CON MEDIA Authors: Liz McMillan, Esmeralda Swartz, Hovhannes Avoyan, Elizabeth White, Adrian Bridgwater

News Feed Item

Prominent Brands Cut Email Abuse by More than 50% with DMARC

DMARC.org, an industry collaborative working to increase consumer trust in email, published new data demonstrating how DMARC adoption reduces the risks associated with fraudulent email. Senders, such as Facebook, PayPal, and Twitter, as well as receivers, such as Google and Microsoft, are seeing significant reduction in the delivery of malicious emails to consumer inboxes.

DMARC, which stands for Domain-based Message Authentication, Reporting, & Conformance, is a specification that defines how email can be authenticated by receivers and how they can report the authentication results back to the sender. The specification was published in 2012, and it is now celebrating its second year of having a positive effect in protecting consumer inboxes from spoofed email.

Illustrating this trend, PayPal stated that customer reports of suspicious email dropped in the U.S. by more than 70% during 2013. Microsoft also announced that reports of phishing by users of Outlook.com dropped by more than 50% in 2013 over 2012. These trends clearly underscore the fact that less malicious email is being delivered to consumer inboxes, with DMARC being an important contributing factor.

“Implementing DMARC stopped nearly 25 million attempted attacks on our customers during the 2013 holiday buying season alone,” said Trent Adams, Chair of DMARC.org and Senior Advisor on email security for PayPal and eBay Inc. “Not only is DMARC shutting down spoofed domain attacks, but it has also cut the overall volume of daily attacks in half since 2012.”

While not every mailbox provider has added DMARC protection, users with email accounts operated by Google, Yahoo, Microsoft, AOL, Comcast, Netease, Mail.ru, and XS4All are protected today. This covers almost 2 billion accounts worldwide, protecting senders such as Amazon, American Greetings, DocuSign, Facebook, Fidelity Investments, JP Morgan Chase, LinkedIn, LivingSocial, PayPal, and Twitter.

As a major mailbox provider, Google has seen how effective implementing DMARC can be. In December Google reported that over 90% of emails received by Gmail users are now authenticated by DKIM or SPF, the underlying authentication mechanisms used by DMARC. Further, they report that over 80,000 domains have already published policies via DMARC allowing them to reject unauthenticated messages.

"We are very pleased with the industry adoption of DMARC, and the positive impact on protecting Gmail's users from spoofing and phishing attempts," said Google Product Manager John Rae-Grant. "As more of the industry adopts DMARC, we're increasingly able to reject hundreds of millions of fraudulent messages each week. This improves our ability to protect Gmail users and many brands that were previously targeted by spoofers and phishing attempts. For example, we saw a reduction of 5000% in the amount of spoofing email claiming to be from a major corporation during their busiest season after implementing a DMARC reject policy."

"DMARC protects more than 85% of the people who receive email from Facebook," said Michael Adkins, Production Engineer at Facebook. "That level of adoption has significantly diminished the financial incentive for criminals to spoof our domains, so they've moved on to other targets. People can trust their inboxes more as a result. We're proud to have been one of the first companies to deploy the DMARC specification at scale, and we're excited to see so many others achieving great results."

In the process of deploying DMARC, Twitter first took advantage of its reporting features to identify the scope of abuse against their domains. During the first 45 days of initial monitoring, Twitter saw nearly 2.5 billion messages spoofing its domains. The spoofed messages exceeded 110 million per day at their peak. Once Twitter moved to a DMARC “reject” policy, the number of spoofed messages dropped to only a few thousand within days.

"DMARC was eye-opening for our security team at Twitter,” said Josh Aberant, Postmaster at Twitter. “We found massive amounts of abuse from both our domains and look alike domains we'd claimed. Using DMARC to protect these domains and stop forgeries is a core component of how we protect our users."

“Since the introduction of email, cyber criminals have been hard at work determining ways to corrupt and exploit this communication channel,” said Patrick Peterson, founder and CEO of Agari. “The drastic reduction in attempted email fraud, even across multiple domains, is due primarily to the protections provided by the DMARC standard. For example, one of our prominent financial services clients saw spoofing levels drop an amazing 67% after publishing its DMARC reject policy in the fall of 2013.”

Return Path, a provider of email brand protection, reports similar results. “As awareness of DMARC prompts more senders to make the protection of consumers and brands a priority, Return Path has seen a 130% increase in both clients and domains publishing valid DMARC records over the last twelve months alone, and that growth is only accelerating,” said Matt Blumberg, CEO of Return Path. “Within the span of two years DMARC has introduced a sea change in email security, and the remaining brands that leave themselves and their customers vulnerable to fraud are taking unacceptable risks.”

"In just the last 90 days alone, DMARC has blocked over one hundred thousand messages across multiple sending domains, helping to protect the Publishers Clearing House brand and consumers from potential email threats," said Sal Tripi, Assistant Vice President of Digital Operations & Compliance at Publishers Clearing House. "We believe that online businesses have a responsibility to protect users from phishing and other email abuse. We feel that protecting our members with DMARC is critical to future success of not only our business, but the vitality of the online marketplace in general. DMARC allows us to provide instructions to receivers on how to handle mail received without proper authentication. The implementation and expansion of DMARC is one of the most noteworthy developments in the email industry in the last few years.”

Organizations interested in DMARC are encouraged to visit DMARC.org where there is a comprehensive overview of the technology as well as links to the specification, discussion lists, and support resources.

About DMARC.org

DMARC.org (Domain-based Message Authentication, Reporting and Conformance) is an unincorporated working group made up of many of the world’s leading email providers (AOL, Comcast, Google, NetEase, Outlook.com, Yahoo! Mail), financial institutions and service providers (Bank of America, Fidelity Investments, J.P. Morgan Chase, PayPal), social media properties (American Greetings, Facebook, LinkedIn) and email security solutions providers (Agari, Cloudmark, Return Path, Trusted Domain Project). The group is dedicated to developing Internet standards to reduce the threat of email phishing and to improve coordination between email providers and mail sender domain owners.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

Latest Stories
SYS-CON Events announced today that that Innodisk, the service-driven provider of industrial embedded flash and DRAM storage products and technologies, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Innodisk is a service-driven provider of industrial embedded flash and DRAM storage products and technologies. With satisfied customers across the embedded, aerospace and defense, cloud storage markets an...
SYS-CON Events announced today that WSM International (WSM), the world’s leading cloud and server migration services provider, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. WSM is a solutions integrator with a core focus on cloud and server migration, transformation and DevOps services.
Sonus Networks introduced the Sonus WebRTC Services Solution, a virtualized Web Real-Time Communications (WebRTC) offer, purpose-built for the Cloud. The WebRTC Services Solution provides signaling from WebRTC-to-WebRTC applications and interworking from WebRTC-to-Session Initiation Protocol (SIP), delivering advanced real-time communications capabilities on mobile applications and on websites, which are accessible via a browser.
SYS-CON Events announced today that Site24x7, the cloud infrastructure monitoring service, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Site24x7 is a cloud infrastructure monitoring service that helps monitor the uptime and performance of websites, online applications, servers, mobile websites and custom APIs. The monitoring is done from 50+ locations across the world and from various wireless carr...
SYS-CON Events announced today that Intelligent Systems Services will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Established in 1994, Intelligent Systems Services Inc. is located near Washington, DC, with representatives and partners nationwide. ISS’s well-established track record is based on the continuous pursuit of excellence in designing, implementing and supporting nationwide clients’ mission-cri...
“With easy-to-use SDKs for Atmel’s platforms, IoT developers can now reap the benefits of realtime communication, and bypass the security pitfalls and configuration complexities that put IoT deployments at risk,” said Todd Greene, founder & CEO of PubNub. PubNub will team with Atmel at CES 2015 to launch full SDK support for Atmel’s MCU, MPU, and Wireless SoC platforms. Atmel developers now have access to PubNub’s secure Publish/Subscribe messaging with guaranteed ¼ second latencies across PubN...
SYS-CON Events announced today that B2Cloud, a provider of enterprise resource planning software, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. B2cloud develops the software you need. They have the ideal tools to help you work with your clients. B2Cloud’s main solutions include AGIS – ERP, CLOHC, AGIS – Invoice, and IZUM
SYS-CON Events announced today that Tufin, the market-leading provider of Security Policy Orchestration Solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. As the market leader of Security Policy Orchestration, Tufin automates and accelerates network configuration changes while maintaining security and compliance. Tufin's award-winning Orchestration Suite™ gives IT organizations the power and a...
VoxImplant has announced full WebRTC support in the newest versions of its Android SDK and iOS SDK. The updated SDKs, which enable audio and video calls on mobile devices, are now compatible with the WebRTC standard to allow any mobile app to communicate with WebRTC-enabled browsers, including Google Chrome, Mozilla Firefox, Opera, and, when available, Microsoft Spartan. The WebRTC-updated SDKs represent VoxImplant's continued leadership in simplifying the development of real-time communication...
SYS-CON Events announced today that Cloudian, Inc., the leading provider of hybrid cloud storage solutions, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Cloudian, Inc., is a Foster City, California - based software company specializing in cloud storage software. The main product is Cloudian, an Amazon S3-compliant cloud object storage platform, the bedrock of cloud computing systems, that enables c...
SYS-CON Events announced today that Gridstore™, the leader in hyper-converged infrastructure purpose-built to optimize Microsoft workloads, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Gridstore™ is the leader in hyper-converged infrastructure purpose-built for Microsoft workloads and designed to accelerate applications in virtualized environments. Gridstore’s hyper-converged infrastructure is the ...
SYS-CON Events announced today that IDenticard will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. IDenticard™ is the security division of Brady Corp (NYSE: BRC), a $1.5 billion manufacturer of identification products. We have small-company values with the strength and stability of a major corporation. IDenticard offers local sales, support and service to our customers across the United States and Canada...
SYS-CON Events announced today the IoT Bootcamp – Jumpstart Your IoT Strategy, being held June 9–10, 2015, in conjunction with 16th Cloud Expo and Internet of @ThingsExpo at the Javits Center in New York City. This is your chance to jumpstart your IoT strategy. Combined with real-world scenarios and use cases, the IoT Bootcamp is not just based on presentations but includes hands-on demos and walkthroughs. We will introduce you to a variety of Do-It-Yourself IoT platforms including Arduino, Ras...
SYS-CON Events announced today the DevOps Foundation Certification Course, being held June ?, 2015, in conjunction with DevOps Summit and 16th Cloud Expo at the Javits Center in New York City, NY. This sixteen (16) hour course provides an introduction to DevOps – the cultural and professional movement that stresses communication, collaboration, integration and automation in order to improve the flow of work between software developers and IT operations professionals. Improved workflows will res...
The best mobile applications are augmented by dedicated servers, the Internet and Cloud services. Mobile developers should focus on one thing: writing the next socially disruptive viral app. Thanks to the cloud, they can focus on the overall solution, not the underlying plumbing. From iOS to Android and Windows, developers can leverage cloud services to create a common cross-platform backend to persist user settings, app data, broadcast notifications, run jobs, etc. This session provide...