An unlikely alliance of online giants, including rival email services Microsoft Hotmail and Google Gmail, announced this morning that they’re working together on a new strategy to crack down on deceptive and fraudulent email messages.
The approach gives email services a new way of cooperating with email senders, such as web domain owners, to automatically double-check that messages going through the system are really coming from that sender, building on existing email authentication technologies.
It’s called DMARC, for Domain-based Message Authentication, Reporting & Conformance. Here’s a diagram from the group showing how it works …
It’s a new strategy in the battle against spam and phishing messages that try to trick users into buying illegitimate goods or downloading malware, among other things.
The system dates to 2007, when PayPal started working with Yahoo Mail and later Gmail to reduce fraudulent mail. Now the group is looking to spread the practice across the industry.
The 15 participants in the group are email providers AOL, Gmail, Hotmail, and Yahoo Mail; financial institutions and service providers Bank of America, Fidelity Investments and PayPal; online services American Greetings, Facebook and LinkedIn; and email security providers Agari, Cloudmark, eCert, Return Path, and the Trusted Domain Project.