Preventing domain name spoofing and email fraud using DMARC

Discussion in 'Resources' started by JulienJ, Jan 3, 2018.

  1. JulienJ

    JulienJ India Member

    Joined:
    Dec 13, 2017
    Messages:
    637
    Likes Received:
    10
    Trophy Points:
    18
    Location:
    Germany
    DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol.

    DMARC is a way to make it easier for email senders and receivers to determine whether or not a given message is legitimately from the sender, and what to do if it isn’t. This makes it easier to identify spam and phishing messages, and keep them out of peoples’ inboxes.

    DMARC can be used to prevent domain name spoofing and email fraud. Of course it can not prevent all phishing attacks.

    Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well known brand into an email gives it instant legitimacy with many users.

    Users can’t tell a real message from a fake one, and large mailbox providers have to make very difficult (and frequently incorrect) choices about which messages to deliver and which ones might harm users. Senders remain largely unaware of problems with their authentication practices because there’s no scalable way for them to indicate they want feedback and where it should be sent.

    DMARC addresses these issues, helping email senders and receivers work together to better secure emails, protecting users and brands from painfully costly abuse.

    Source