back to article Anti-phishing DMARC adoption gathers (free) steam

The world's biggest names in the consumer webmail space are sharing security intelligence with businesses for free to help drive adoption of the DMARC email-authentication system. Last month, Google, Microsoft, AOL, Facebook, and Yahoo! joined up with service providers such as PayPal to push the Domain-based Message …

COMMENTS

This topic is closed for new posts.
  1. Leeroy
    Meh

    Spf and Sophos Puremessage are working fine for my companies mail system. Not looking forward to implementing additional layers of complexity no matter how easy it is mean t to be :(

  2. Robert Carnegie Silver badge

    So will the next innovation in spam be...

    ...to hack PCs in respectable offices and use them to send spam with the stamp of respectability? And traceability, sure. But if you told our head techy guy that a PC in our network was sending spam, I donn't know when he'd get arround to dealing with it. Or even finding it.

    Something important broke today, when it's Friday can we blame Anonymous now?

    1. Allan George Dyer
      Coat

      Re: So will the next innovation in spam be...

      It's not an innovation. Most spam now is sent by botnets, some of those are in "respectable offices" with "head techy guys" that haven't got around to looking for the problem. At least with this someone will tell them they have a problem...

    2. Voland's right hand Silver badge

      Re: So will the next innovation in spam be...

      That's not next.

      It is already being done.

    3. jonathanb Silver badge

      Re: So will the next innovation in spam be...

      He'd probably get round to it when people can't use the internet connection because it is on every blacklist there is, or the ISP disconnects them for violations of the AUP.

  3. Jacqui

    IBM EMEA

    NOt long ago I was getting botnet and infected email from US and .eu parts fo IBM and some other multi's. Contacting them to explain the porblem did SFA.

    SPF did the trick even if I had to initially hack DNS to add it myself on my DNS server :-)

  4. Anonymous Coward
    Anonymous Coward

    It just takes a few minutes to implement

    It's way easy to implement..

    Just use a DMARC wizards theirs a few of them, I used this one.

    http://unlocktheinbox.com/dmarcwizard.aspx

    Publish the records it produces in your DNS and you're done! That simple.

  5. Anonymous Coward
    Paris Hilton

    It just takes a few minutes to implement

    It's way easy to implement..

    Just use a DMARC wizards theirs a few of them, I used this one.

    http://unlocktheinbox.com/dmarcwizard.aspx

    Publish the records it produces in your DNS and you're done! That simple.

  6. Anonymous Coward
    Anonymous Coward

    Pathetic uptake still.

    SPF and DKIM have been around for years, but only a few percent of people use them, including me. If phishing targets such as banks and HMRC etc actually implemented the damn things, then we can completely eradicate phishing from spoofed domains.

    Even paypal finally implemented SPF, but the "~all" policy doesn't go far enough IMHO.

    hmrc.gov.uk is a prime phishing target, and that incomprehensibly still doesn't have any SPF record!

    Many online dns providers still don't provide txt or spf fields for users to add policies.

    I'm fortunate that I have my own domain servers to configure as I wish.

    When will those that should be protecting their identities actually start doing it?

    and when will those receiving mail actually include spf/dkim checks?

    How will DMARC make any difference if adoption is similarly pathetic?

  7. Kevin McMurtrie Silver badge
    FAIL

    Check that invitation list

    abuse@google.com, abuse@gmail.com, groups-abuse@google.com, and abuse@yahoo.com don't seem to function. Fixing that would be a huge step towards eliminating spam floods and phishing.

    1. Shannon Jacobs

      Re: Check that invitation list

      While it would be nice if everyone followed the standard (or SOME standard among many), that seems to be rather too much to hope for. However, keeping track of the trivial exceptions (such as non-standard email addresses) is the kind of thin that computers are quite good at. When that doesn't work, it should be possible to escalate to find SOMEONE who is willing to act in a responsible party. Yeah, I know that it's pretty hard to escalate above the google these years, which is especially awkward as they follow their tao of EVIL.

      However, all in all, this does seem to be an improvement, and I even think that part of the idea seems to be stolen from something I've been advocating for a while. The main difference here is that the lowest level victims (like you and me) aren't properly included in this system. Just a small percentage of us who are willing to volunteer a bit of time could make the lives of the spammers into miserable hellholes. Oh wait. I forgot. Spammers are already living in miserable hellholes--but at least we can try harder to make them less profitable hellholes.

      Let's reword the issue a bit: If you had a strong and convenient anti-spam tool, would you use it? I'm talking about something like SpamCop on steroids. Rather than one round looking for ISPs and webhosts, it would go several rounds of refinements, going after ALL of the spammers' infrastructure and ALL of the spammers' accomplices and ALL of the spammers' victims. In addition, it would have 'other' options so we could help recognize the spammers' latest wrinkles BEFORE the spammer can get any money. Would you participate? Would you like to become a spam-fighter first class?

  8. Spanners Silver badge
    Black Helicopters

    I have a domain.

    I have a domain and use it for mail addresses. It is all hosted but will this stop my email working?

This topic is closed for new posts.

Other stories you might like