Author: Richard Chirgwin / Source: The Register
We could cut down on e-mail spoofing, but we don’t
Big-name companies are still leaving themselves and their customers open to phishing because they haven’t implemented the DMARC message validation standard.
In this year’s DMARC adoption report [PDF], phishing prevention specialist Agari reckons two-thirds of the Fortune 500 are yet to implement Domain-based Message Authentication, Reporting and Conformance (DMARC) yet.
Specified in RFC 7489 to combine Sender Policy Framework and DomainKeys Identified Mail techniques, DMARC’s aim is to defeat e-mail spoofing. It was originally put forward by Google, Microsoft, AOL, Facebook, Yahoo!, PayPal and others.
Agric’s data-gathering was straightforward: it analysed the DNS records of its targets – which also included companies on the Financial Times Stock Exchange 100 and the Australian Securities Exchange 100 – using its own DMARC record tool.
The FTSE 100 had the same non-adoption rate of 67 per cent, while…
Click here to read more