Big Internet Players Propose DMARC Anti-Phishing Protocol

judgecorp writes "Google, Microsoft, PayPal, Facebook and others have proposed DMARC, or Domain-based Message Authentication, Reporting and Conformance, an email authentication protocol to combat phishing attacks. Authentication has been proposed before; this group of big names might get it adopted." Adds reader Trailrunner7, "The specification is the product of a collaboration among the large email receivers such as AOL, Gmail, Yahoo Mail and Hotmail, and major email senders such as Facebook, Bank of America and others, all of whom have a vested interest in either knowing which emails are legitimate or being able to prove that their messages are authentic. The DMARC specification is meant to be a policy layer that works in conjunction with existing mail authentication systems such as DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework)."

Re:We already have email authentication

[Nemilar]

The problem with PGP/signed-emails is that you're putting the burden on the user. I'm a pretty technical guy, and I don't even want to bother with it. There's no way that the average person it going to take the time to understand and implement PGP.

The proposed solution puts the burden entirely on the system and the providers, so is more likely to be adopted and actually used (and therefore, successful in its end-purpose of stopping phishing attacks).