A shot was heard 'round the world this week, as Microsoft, Google, AOL, Yahoo!, and Facebook teamed to lead the fight against email spam scandals. It's news even the least savvy of Internet consumers can understand. Finally, justice for all! Or at least a step in the right direction.

No Phishing Allowed

The news broke quickly on Monday when a team of the net’s biggest players and their equally powerful corporate friends announced a partnership with the Domain-based Message Authentication, Reporting & Conformance (DMARC) initiative, a relatively new organization initiated by a mission to prevent “phishing,”(the process by which spammers feed into the lives of the free and open).

Phishers trick people into giving away everything from bank account details to computer passwords, and encourage the installation of malware onto personal devices. Most commonly achieved through domain spoofing (i.e. using fake domains that look legit or “from” bonafide entities), the end result can lead to, at best, an inbox clogged with spam, and at worst, identity theft. Furthermore, such spinster moves dupe the most formidable of the virtual world. As CMSWire reported last year, even Google fell victim to a phishing scandal from China, unwittingly disposing their contact database of U.S. government officials. 

To understand the devastation, consider the fact there are 20,000 to 25,000 phishing campaigns every month, costing everyone millions of dollars each year. With so many people shopping, selling and trading online these days, it has become harder to discern good from evil.

The system created by DMARC to hinder such efforts creates one standard policy, whereby senders can label their messages as protected by SPF and/or DKIM, thus indicating to a receiver the nature and content of the message without any complicated interpretation. It’s a failsafe authorization process set up so the general public can protect their inbox.

In a statement on Google’s blog, the company explains, “We’ve been active in the leadership of the DMARC group for almost two years, and now that Gmail and several other large mail senders and providers -- namely Facebook, LinkedIn, and PayPal -- are actively using the DMARC specification, the road is paved for more members of the email ecosystem to start getting a handle on phishing. Our recent data indicates that roughly 15% of non-spam messages in Gmail are already coming from domains protected by DMARC, which means Gmail users like you don’t need to worry about spoofed messages from these senders.”


Learning Opportunities


A World Without Spam

While it seems someone would have stepped in a long time ago to address this issue, past efforts to combat phishing have proven unsuccessful, lacking a unifying thread. Without one common model, companies have to “coordinate with email providers," to ensure everyone is on the same page. The novelty of DMARC, then, is that one size fits all, a breakthrough for the worldwide community.

Tweets about the report erupted in languages from Japanese to Spanish, some even believing this marks a move towards spam extinction in a matter of years. The only real concern appears to be that legitimate mailing lists might somehow being weeded out in the process. 

Of course, also worthy of note: DMARC has been operating for 18 months, why only now has everyone else joined the bandwagon?