01 Feb 2012

New antiphishing framework gains support from industry titans

Phishing, the malicious obtaining of personal and financial information online under fraudulent pretenses, costs companies a significant amount of money annually. A tech company recently said targeted attacks against organizations throughout the world result in an annual total cost of $1.29 billion. While attacks peaked in late 2009, email phishing continues to present a grave threat to the finances of individuals, banks, and small businesses.

As a deception tactic, phishing relies on email spamming to request private information under the guise of an official notice, often using official logos and designs to fake authenticity. Antiphishing software today studies these emails on a domain level to determine if the message is truly from the alleged sender, a task made exponentially more difficult by the innumerable methods of authentication that individual companies use.

A new initiative known as DMARC, or the Domain-based Message Authentication, Reporting and Conformance specification, intends to standardize the internet security framework used to authenticate emails.

On January 30, 15 internet behemoths in online finance, social networking, and computing announced they were joining the protocol. Corporations like Google, Facebook, Bank of America, and Yahoo! now provide the platform for processing DMARC data, a base of operations that will accelerate the development of standardized security measures to extinguish phishing as a threat to the economy.