Yahoo Mail is officially DMARC compliant today, meaning your inbox is now part of a revolution in armoring email against phishing attacks and spam that spoof unsuspecting users into giving up personal and financial information.
In January, Yahoo joined the DMARC consortium, a group of Silicon Valley big wigs dedicated to using DMARC, or Domain-Based Message Authentication, Reporting, and Conformance. These companies include Facebook, Google, LinkedIn, and PayPal who all pledged to use different tools to identify and authenticate an email’s sender, and report any issues.
The way DMARC works is an email host, such as Yahoo Mail, will refuse to deliver any messages to an inbox that is not able to prove its identity using DMARC. DMARC looks at two forms of authentication: SPF (Sender Policy Framework), as well as DKIM (Domain Keys Identified Mail). SPF works by having a company to pick which employees are allowed to send emails on the company’s behalf. The DMARC system on Yahoo’s side looks to see if the IP addresses of any incoming emails from that company match the approved list.
DKIM works by allowing a company to set various parameters around the email. For instance, the company can say, “E-mails from us will only come from the domain randomcompany.com. If it comes from any other domain, such as information.randomcompany.com, it isn’t from us.” When an e-mail comes into Yahoo’s systems, Yahoo will check for these set parameters and deliver the e-mail if all of them are met.
Having major email providers require DMARC authentication will force companies to use SPF and DKIM as a way to identify themselves, or be lost in email purgatory. Yahoo says companies will be able to choose how they would like an unauthorized email to be handled as well. For instance, if an email from PayPal fails the DMARC test, PayPal can request that email be delivered to spam.
One big issue DMARC is attempting to tackle is email spoofing, or an email that looks like it’s being sent from a legitimate source, such as Apple, but is actually spam. A huge number of fake emails requesting account or financial information plague inboxes everywhere and dupe those who haven’t had experience with spotting spam.
Yahoo says it will be “working with ISPs, email senders, and other email providers to encourage the creation and deployment of DMARC policies,” in the coming months.
Image via Yodel Anecdotal/Flickr