Now Reading
Google and Yahoo to enforce strict DMARC protocols to fight email spam

Google and Yahoo to enforce strict DMARC protocols to fight email spam

by AshwinOctober 24, 2015

Google and Yahoo have announced that they will be implementing a more stringent security protocol to combat spam in their email services.

Google Gmail DMARC

The two companies, will be enforcing a strict DMARC policy to do so.

DMARC is short for Domain-based Message Authentication, Reporting and Conformance. Before we get into what it does, let’s take a brief look at what the issues plaguing Gmail and Yahoo Mail are.

Email spoofing is one of the biggest threats that hampers users today. It is a spam technique used by hackers, where the email address used to send the email, is technically forged to resemble that of a legitimate sender. This leads the unaware user to believe the source is a good one, and the consequence could be disastrous. The compromised email account could then be used for spreading spam, or even phishing.

This is where DMARC’s anti-spam tech comes into play. Threatpost observes that DMARC actually uses two authentication technologies to verify if an email is sent from the actual source.

The first is the Domain Keys Identified Mail (DKIM) and the second one is the Sender Policy Framework (SPF). IT’s getting too technical, right? Let me make that a bit simpler. Basically both aforementioned technologies, are tools for email providers to authenticate the origin of the email message, and also to check whether the host email provider is authorized to send the message.

If either of these conditions aren’t met, then the email is kicked out of the inbox, and marked as spam. Microsoft and Facebook are amongst the notable services which already use the DMARC systems.

Yahoo had originally announced its plans to use the protocol for its email services, earlier this month. And so, Yahoo Mail and Rocketmail will begin implementing DMARC next week, from November 2nd. Google, on the other hand will only be enforcing the DMARC protocol by the summer of 2016.

This is what John Rae-Grant, Lead Product Manager for Gmail, had to say:

 “Google is committed to email authentication. In June of 2016, we will be taking a big step by moving to DMARC policy p=reject.We are pleased to be supporting the ARC protocol to help mailing list operators adapt to the need for strong authentication.”

You can read more about it in the annoucement page at DMARC’s official website.

Google does have some good anti-spam measures already in place, and recently introduced new Postmaster Tools for Gmail, to help combat email spam in newsletters.