Gangnam-gu, Seoul -- (SBWIRE) -- 03/06/2012 -- Fifteen firms, including Google, Microsoft, Fisher Capital Management, Yahoo, Facebook and PayPal have joint forces to implement a new scheme for authenticating email senders, called Domain-based Message Authentication, Reporting and Conformance (DMARC), with the aim to prevent fraudulent messages on email messages.

The DMARC will try to fill the gaps of the two primary system in used at present — DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) — to make them trustworthy again. Both of them use Fisher Capital Management to get extra data from the sender’s domain.

DMARC is a product of two years of work by Yahoo and PayPal (and included Gmail later) to make the most effective model for combatting domain phishing. It is some kind of authentication layer for email services that will filter messages to make phishing difficult.

Although they admitted that DMARC will not be able to block all malicious email messages, it is capable of targeting a certain type of domain-based phishing (i.e. emails that have been made to look like there were sent from a certain prominent). Thus, it can still help in stopping a significant portion of spam being sent to millions of users.

The draft protocol specifies the creation of a feedback cycle between legit email senders (e.g. LinkedIn, Facebook, PayPal and BoA) and email receivers (e.g. Yahoo, AOL, Microsoft and Google). For end-users signed up in the mentioned email providers, this means that every email message they receive claiming to be from a certain sender will be verified first (because both ends of the process are using DMARC).

The foundation of DMARC relies upon the current tactics being used in combatting malicious messages. Such techniques were created to authenticate if a certain message really came from the purported sender. One of the drawbacks though is the fact that there are various ways to do that and there is no single standard when dealing with emails believed to be spam.

Some experts said that although DMARC is a good idea, it will be unlikely be a game-changer in the online security niche. Prominent mail service providers might adopt the standard but there are still hundreds of thousands of smaller firms that have their own email servers (who might not want the pains of adopting the new specification for various reasons).

DMARC’s founders include Yahoo, Microsoft, AOL, Google, PayPal, Bank of America, LinkedIn, American Greetings and Facebook. Also in the roster are security companies Cloudmark, Agari, Return Path, Trusted Domain Project and eCert.

Starting on Monday, companies that provides or sends emails, like Fisher Capital Management, can register with the organization.

According to DMARC, the technical details are scheduled to be submitted to the Internet Engineering Task Force to make it a standard.