Good news: Possible end of Phishing
I have heard that now all the giants like Microsoft, Google, PayPal, Facebook, AOL as well as LinkedIn along with quit other large corporation and Bank of America along with Fidelity Investments joined their hands together for the intention to put full stop to the phishing Scams. It is not something a new technology they are going to invent but it is just a new framework for email using SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail). Right now it is only available for large institutions.
Re: Good news: Possible end of Phishing
The major technique behind this is, DMARC adds is a policy-based framework of actions. Now every email providers should go through the instructions from enterprise email managers to identify or block spoofed mail. Thus it can prevent exploitation of any enterprise domain name. The DMARC is just a new standard, not new technology. Now it is sure that SPF and DKIM will put end to spoofing or any other kind of email abuse.
Re: Good news: Possible end of Phishing
The launch of DMARC is intended to improve email authentication infrastructure. You might know that domain spoofing is the most widely used technique for phishing. Due to this phishers can easily take advantage of the scam. Currently mailbox hosted by Google has DMARC capabilities and they already began blocking fraudulent mails based on cooperation. Google implemented DMARC very well now.
Re: Good news: Possible end of Phishing
The SPF looks like a very good standard for mailbox or mailserver. It may breaks existing MTA mechanisms such as mail forwarding. If you have forwarded from Google account to your Yahoo account, the mails surely get rejected due to SPF standard because mails receiving from different IP addresses which are not specified in the SPF records.
Re: Good news: Possible end of Phishing
Has anyone tested these scenarios out? I'm not seeing DMARC implemented on my gmail account...
Re: Good news: Possible end of Phishing
Quote:
Originally Posted by
wpfn
Has anyone tested these scenarios out? I'm not seeing DMARC implemented on my gmail account...
DMARC policies are published in the public Domain Name System (DNS), and available to everyone. Google uses it already, both in its email sender and email provider capacities.