30 May 2014 • BLOG - News
Flight School Friday: DMARC Results in 90% Reduction in Spam
30 May 2014
Alex Stamos, Chief Information Security Officer at Yahoo!, recently testified in front of a US Senate sub-committee that Yahoo!’s implementation of DMARC has reduced spam purported to come from Yahoo email accounts by over 90%. His testimony was part of a wider investigation into online advertising and hidden hazards to consumer security and data privacy. Stamos emphasized that spam is the easiest way for malicious parties to earn illicit money online. Email spoofing in particular, is a commonly used method; spammers will impersonate a person or brand you are familiar with and solicit personal information (credit card numbers, online accounts).
DMARC, Domain-based Message Authentication, Reporting & Conformance, is a technical specification created by a group of organizations to help reduce email spoofing. It expands on the established authentication tools SPF and DKIM, allowing senders to indicate which mechanism they are using and includes a policy that applies actions a receiving email server should take in the event that an email fails authentication (report, quarantine, reject). DMARC standardizes how the receiving email server handles these events and provides a mechanism for it to report failed authentication to the sending server.
Email spoofing is a serious threat to brand credibility; the yearly sent volume is astounding. In a press release DMARC.org published earlier this year, Twitter said it discovered 2.5 billion spoofed emails related to its domains over the course of a 45-day monitoring period. Customers are pretty wary of sharing personal information these days, possibly because of the increase in circulated spam. In a recent study conducted by SDL, 62% of survey respondents said they worry about how brands are using their information.
Implementing DMARC will significantly reduce the risk of email spoofing and strengthen customer-brand relationship. Twitter reported that they saw a significant drop in spoofed emails once they implemented DMARC. What was once a whopping 110 million attack messages a day is now down to a few thousand.
Customer trust is hard to win, but the data that results is extremely valuable. Globally, 79% of customers are more willing to share personal information with a brand they trust. Mining this customer data helps brands understand customer behavior and shape future communication.
Mailjet fully supports DMARC, reach out to the Mailjet team to learn more about implementing this mechanism on your domains.