One of the challenges in combating spam and phishing emails is the diverse ecosystem of email software, validation services, blacklists, certifications, and other variables that have evolved as email rapidly became a ubiquitous mode of communication. One of the challenges of implementing anti-spam measures that could be used to authenticate messages across different platforms is this operational diversity – it is difficult to implement a new policy or method of authentication adaptable to every aspect of the current email ecosystem.

In development since 2010, DMARC (Domain-based Message Authentication, Reporting, Conformance) is a protocol designed to authenticate email messages and remain adaptable to the varied needs of email providers and senders. According to the FAQ on the DMARC site, “DMARC is a proposed standard that allows email senders and receivers to cooperate in sharing information about the email they send to each other. This information helps senders improve the mail authentication infrastructure so that all their mail can be authenticated. It also gives the legitimate owner of an Internet domain a way to request that illegitimate messages – spoofed spam, phishing – be put directly in the spam folder or rejected outright.” Yahoo plans to extend its adoption of DMARC next month and Google has announced that its email services will adhere to a strict DMARC protocol as of next year. 

According to Facebook developer Michael Adkins, the DMARC system started as “a working group of industry experts from leading companies who came together to collaborate on an open specification for fighting domain spoofing… DMARC builds on those earlier experiences and leverages existing open technologies to provide a powerful, flexible, and open framework that any email system operator or domain owner can use.” Domain spoofing is the unauthorized use of a third-party domain name in an email. It is used to bypass existing anti-spam measures as well as fool users into thinking an email originated from a reliable source, inciting them to read and engage with the message. As DMARC is adopted by more organizations the spam and phishing emails will probably evolve with it, though it does provide an adaptable authentication system and perhaps the future standard of spam filtering technology. It won't be the end of rich foreign businessmen asking for our help to distribute their wealth but it's a promising start.