My company, [1] Networking Delaware, spends much of its time and energy trying, with various degrees of success, to protect our clients from attacks by everyone from established hackers to script kiddies. It is very disheartening to work to harden a network only to have it compromised by an uninformed employee clicking some tempting link in a phishing email.

To this end we were very happy to learn the following:

 Google, Yahoo, Microsoft, PayPal, Facebook, LinkedIn, Comcast and AOL along with seven other companies are backing a new initiative intended to dramatically reduce “phishing” emails.  This type of email attack is the most prevalent method hackers use today to breach security. It is as much of a Trojan Horse as contemporary Trojan malware is, and just as effective. For the hacker, it is safer and costs them less in time and energy than hacking directly at hardened systems with safeguards in place.

To achieve this protection, the firms have created [2] DMARC.org, a working group of 15 companies that plans to promote a standard set of technologies that they say will lead to more secure email.

PayPal, for instance has been using these authentication technologies with Yahoo’s email service since 2007 and with Google’s gmail since 2008, and is now blocking about 200,000 fake emails per day

It is said it won’t cost a lot for companies to start using the standards, but it will require them to identify every server that sends email and ensure that the technologies are in use. The same holds true for third-party firms such as marketing agencies that send email on behalf of a company

The DMARC working group officially launches Today, January 31^st

While I see problems ahead for implementation, this is a good step in the right direction.