DMARC: Another Step in the Fight Against Email Phishing

Is there any topic more certain to make a marketer’s eyes glaze over with boredom than email authentication?
Don’t answer. That was rhetorical.

However, there was an email-authentication-related development earlier this week that marketers who use email should take note of. It may begin to tip the scales in the battle against phishing—fraudulent email pretending to be from a well known brand in order to get users’ account information—in favor of the good guys.

A group of 15 of the Internet’s most well-known brands have unveiled a plan aimed at shoring up some of the shortcomings that have plagued the implementation and use of email authentication: Dubbed Domain-based Message Authentication, Reporting and Conformance, or DMARC (dee-mark).

The scheme is an extension of authentication, where senders publish certain information, such as which IP addresses are authorized to send messages on their brand’s behalf, so the ISPs can more readily identify email coming from those brands.

However, though authentication helps identify authorized senders, ISPs have apparently struggled with what to do with unauthenticated messages. The reason: Just because they’re not authenticated doesn’t necessarily mean they’re fraudulent.

For one thing, email authentication has not reached 100 percent adoption. Moreover, many emailers who have implemented email authentication have reportedly not authenticated all of their outbound messaging.

For example, a company’s marketing messages might be authenticated while its customer service or transactional messages are not.

And in instances where companies have authenticated all of their email, there is still the difficulty of informing all the various ISPs that the authentication process for a particular brand is complete.

Most companies don’t have the relationships with ISP abuse desk employees that would be necessary for them to communicate that any unauthenticated email purporting to come from their brand is probably phony.

If there’s one word that most aptly describes Ken Magill’s coverage of online marketing, it’s fearless. For more than a decade, Magill has built a reputation for calling it like he sees it no matter who may get offended. Some marketers read his column just to make sure they’re not in it. In a trade-publishing market populated mostly by vendor representatives who must watch what they say, Magill stands out as the one guy who says what he thinks. Moreover, he often writes what others are thinking, but are afraid to say. He can even be very funny.

Having been a direct marketer, and having covered online marketing since 1997 for DM News, Direct, Chief Marketer and Multichannel Merchant magazines, Magill offers a unique, informed perspective on the evolution of digital selling. He was also founding editor of trade weekly iMarketing News and Magilla Marketing, a newsletter dedicated to e-mail.

He is currently founding editor of the recently launched trade weekly email newsletter The Magill Report.

Related Content