Fifteen leading e-mail service and technology providers have formed Domain-based Message Authentication, Reporting and Conformance (DMARC.org), a technical working group that has been developing standards for reducing the threat of deceptive e-mails, such as spam and phishing. The group's work includes a draft specification that helps create a feedback loop between legitimate e-mail senders and receivers to make impersonation more difficult for phishers trying to send fraudulent e-mail. The DMARC specification addresses concerns that have traditionally hindered widespread deployment of an authenticated, trusted e-mail ecosystem. By introducing a standards-based framework, DMARC has defined an integrated way for e-mail senders to introduce e-mail authentication technologies into their infrastructure. A sender could set policies to request a provider to discard unauthenticated e-mail in order to block phishing attacks. The specification also creates a mechanism for e-mail providers to send detailed reports back to e-mail senders to help catch any gaps in the authentication system. After gathering data and input from field usage of the technology, DMARC.org intends to submit its DMARC specification to the IETF for standardisation. Initial members in DMARC include AOL, Google, Microsoft and Yahoo!, as well as financial institutions and service providers (Bank of America, Fidelity Investments, PayPal), social media properties (American Greetings, Facebook, LinkedIn) and e-mail security providers (Agari, Cloudmark, eCert, Return Path, Trusted Domain Project).
