Yahoo unveils latest antispam defense
Yahoo is rolling out the DMARC system this week, which helps email providers eliminate bogus messages
IDG News Service - Yahoo said it will roll out globally this week a new antispam specification intended to make it easier for service providers to confidently discard suspicious email messages.
The specification, called DMARC (Domain-based Message Authentication, Reporting & Conformance), allows email senders to tell receiving services if they are using two other technologies to weed out spam.
Many email senders use DKIM, or DomainKeys Identified Mail, which wraps a cryptographic signature around an email that verifies the domain name through which the message was sent.
The second technology, SPF, or Sender Policy Framework, allows email senders to indicate which hosts are authorized to send their email, allowing receiving organizations to discard messages coming from spoofed "from" addresses.
The DMARC specification, which is supported by companies including Google, Facebook, Microsoft and others, lets a sender indicate if they are using SPF or DKIM, or both. It also allows senders to tell the recipient what to do with messages if authentication of some messages fails.
Senders can also receive a report from recipients on how they've handled the questionable messages. DMARC helps solve the problem of what to do with suspicious messages, which in some cases might have been delivered.
The messages could be phishing attempts, or ploys intended to trick recipients into revealing sensitive information or encouraging them to click on malicious links leading to bogus websites purporting to be, for example, a bank.
"If you receive an email claiming that it is from your bank, the applicable DMARC policies require the email to prove that is indeed from your bank in order to be delivered to your mailbox," wrote Ajay Gopalkrishna , a senior product manager with Yahoo Mail. "If the incoming email cannot be verified, Yahoo Mail will not deliver the email to your mailbox."
Gopalkrishna wrote Yahoo will encourage ISPs and other email providers to deploy DMARC. Organizations and companies behind DMARC intend to submit a draft specification to the Internet Engineering Task Force in the hope it will become a standard.
Send news tips and comments to firstname.lastname@example.org
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts