New York, NY January 30, 2012 Return Path, the world’s leading email certification and reputation monitoring company, today announced it is a founding member of DMARC.org (Domain-based Message Authentication, Reporting and Conformance), a technical working group dedicated to the development of internet standards for reducing the threat of deceptive emails known as phishing. DMARC has outlined a new vision for email authentication and published a draft specification that resolves the issues associated with widespread adoption of email authentication technologies. Leading internet service providers, including Google, Yahoo!, AOL and Microsoft, are founding members of DMARC. The group is led by Brett McDowell, Senior Manager of Customer Security Initiatives at PayPal, one of the world’s most highly spoofed brands. Return Path’s anti-phishing solution Domain Assurance supports the DMARC specifications today, enabling companies to quickly and easily implement DMARC.
“Google has worked with Return Path for more than a year now to provide their clients the tools needed to better protect Gmail users from phishing and other malicious email,” said Adam Dawes, Product Manager, Google. “Return Path’s extensive experience positions it well to improve mail senders’ authentication practices and help clean up the email channel. Most importantly, Return Path’s Domain Assurance product is already set up to support DMARC, and senders can start receiving data from Google and visualizing it with Return Path immediately.”
Enabling Widespread Deployment of an Authenticated, Trusted Email Ecosystem
According to recent Return Path data, email senders continue to struggle with email authentication, leaving brands vulnerable to phishing attacks. According to a report from the Anti-Phishing Working Group (APWG), more than 300 brands are hijacked by phishers every month, eroding trust in the email channel across many sectors including financial services, payment services, gaming, retail, auctions and social networks. While brands have been encouraged to use best practices in their email delivery processes including implementing SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail), two email authentication standards which help verify that an email is coming from an authorized source, ISPs have not been able to make definitive policy decisions to block unauthenticated email purporting to be from highly spoofed brands.
The DMARC specification allows brands of all sizes to empower ISPs to take action on malicious and unauthenticated email appearing to come from that brand. Data on any questionable email streams are sent back to the brand or to an intermediary such as Return Path, enabling the auditing of email streams to determine proper authentication. By creating this feedback loop between ISPs and brands, DMARC allows brands to create policy statements that instruct ISPs to block or quarantine messages that aren’t properly authenticated, providing the necessary framework to thwart phishing attempts and enabling widespread deployment of a trusted email ecosystem.
“Email has changed the way the world communicates. But many of the attributes that have made it great it’s openness, it’s interoperability have also made it vulnerable to malicious activity. The beauty of DMARC is that it attempts to address the security threats to the email ecosystem without impacting its utility as a communication channel,” said Matt Blumberg, CEO, Return Path. “Return Path is proud to support the DMARC standard and we encourage companies to implement it as quickly as they can. Fast, widespread adoption of DMARC will make a significant dent in scammers ability to perpetuate crime through email.”
Domain Assurance Supports DMARC Specifications
Return Path’s anti-phishing solution, Domain Assurance supports the DMARC specifications allowing companies to deploy DMARC easily. Domain Assurance takes the raw data from ISPs that support DMARC and delivers the necessary intelligence, built-in logic and sophisticated alerting that shows where a company’s implementation is broken or where a company is being spoofed. Domain Assurance receives the data being sent from ISPs that provide DMARC authentication results data (as well as other sources of authentication results data from ISPs that don’t use DMARC) and provides detailed reporting, including information about every message sent on a brand’s behalf, whether legitimate or not.
This data enables brands to not only better understand their email streams and which emails are not authenticating, but also empowers them with the ability to understand where phishing traffic is coming from, what the potential impact is from criminal activity, and a means to create policy statements to block future phishing attacks. Leveraging its extensive network and relationships with Google, Hotmail, Yahoo! and more than 70 other global ISP partners, along with access to over 2.2 billion messages a day, Return Path receives more phishing data than anybody else in the industry, providing the ability to identify, alert on, and block more phishing attacks. Domain Assurance bridges the gap between senders and their ISP, blocking fraudulent phishing email before it reaches end-user recipients. Return Path also fraudcasts phishing URLs and IP addresses to third party security and take-down vendors to broaden protection against phishing threats.
Return Path makes email work better by scoring and certifying email senders from around the world. We help marketers, publishers and other large-volume email senders increase their response rates by providing the world’s leading inbox deliverability solution. We help mailbox providers and email administrators at ISPs and enterprises block unwelcome and malicious email by providing near real-time IP reputation scores and other data-driven tools. Taken as a whole, these tools and services improve the consumer experience of email by protecting them from spam, phishing and other abuse. Return Path offers free access to Sender Score, the email reputation measure compiled through our cooperative data network of ISPs and other email receivers, at our reputation portal senderscore.org. Information about Return Path can be found at returnpath.com.
DMARC.org (Domain-based Message Authentication, Reporting and Conformance) is an unincorporated working group made up of many of the world’s leading email providers (AOL, Gmail, Hotmail, Yahoo! Mail), financial institutions and service providers (Bank of America, Fidelity Investments, PayPal), social media properties (American Greetings, Facebook, LinkedIn) and mail security solutions providers (Agari, Cloudmark, Return Path, Trusted Domain Project). The group is dedicated to developing Internet standards to reduce the threat of email phishing and to improve coordination between email providers and mail sender domain owners.