Google, Facebook, Yahoo!, Microsoft and eleven others outfits announced that they had formed a new group to fight with phishing, a way of fooling email and net users into giving sensitive information, including credit card numbers. The alliance named as DMARC(Domain-based Message Authentication, Reporting and Conformance)
The worst thing in the internet is phishing. Adam Dawes, a Google product manager and DMARC representative told that the best way to protect user is to make sure the email never reaches the spam folder at all.
Phishing is a simple trick. The scammer spoofs the information in the email message so it actually looks like it came from a genuine sender. There’s a technique to point out where the message really came from, but it can be hard for the average Joe to spot.
Dawes told that the phishing messages are often caught by an email client’s spam filters. But even as they check out their spam folders and open a message and they give a PayPal details before they know it, someone has phished their credit card number. The DMARC idea is to get the email companies functioning behind the scenes to prevent phishing emails from ever receiving your inbox or spam folder.
About 18 months ago, PayPal began working directly with Google and Yahoo to set standards for Gmail and Yahoo! Mail that would prevent bogus PayPal messages from hitting a user’s inbox.
Adkins, a Facebook messaging engineer told the DMARC protocols are based on existing technologies, including the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). Both are ordinary mail security protocols. (clubdeportestolima.com.co) In these SPF verifies the email’s senders IP address and DKIM vets the structure of the email’s content..
DMARC is only the cross-industry effort to fight phishing. A global non-profit called The Anti-Phishing Working Group encourages businesses to share the latest information about phishing tactics and techniques.
PayPal’s McDowell reiterates that the goal of DMARC at least for the moment is to defend legitimate domains, not to address what’s sometimes called “typo-phishing,” where scammers use something that looks like a common domain but is actually a slightly different spelling.
He told that Domain based phishing cannot happen when both parties deploy DMARC.