Dealing with the aftereffects of a phishing attack can be more than a little frustrating. One group is trying to fix that with a set of standards.
I don't know how your email inbox looks these days, but my personal email accounts still get a noticeable amount of phishing emails. Some of those phishing emails have actually been very well-constructed attempts at extracting information — attempts that I am sure tricked at least a few individuals into divulging personal information to someone not authorized to receive it.
For novice users in your organization or even in your family, these phishing emails can be very effective, which can lead to all sorts of costly problems. As the IT Pro on the hook to fix those kinds of problems, dealing with the aftereffects of a phishing attack can be more than a little frustrating.
Would a set of agreed-upon email authentication standards help you in this respect?
On January 30, 2012, a group of organizations announced a joint effort to reduce the threat of deceptive emails. DMARC.org is a working group that wants to establish a set of standards outlining "an enhanced vision for email authentication that can scale up to today's Internet needs." The draft standards incorporate some of the best authentication practices currently in use by large email senders.
By the way, DMARC is an acronym for: Domain-based Message Authentication, Reporting and Conformance. As you can see, the name practically demands an acronym.
In a ZDNet Blog post, Larry Dignan says that "after 18 months of work, DMARC is pitching a system that allows email senders to include authentication technologies. In this system, email providers can get reports that highlight gaps in authentication schemes."
Here is how the system would work
The entities involved in the working include a veritable who's who of large-volume email senders and providers, including Google, Microsoft, Yahoo, eBay's PayPal, AOL, and Bank of America. For more detailed information about the DMARC initiative, check out the DMARC.org website.
Are you still having trouble with phishing emails at your organization? Do you think the DMARC.org plans to create a set of authentication standards will work in the real world? Do you plan to support the effort?