Google, Facebook, Microsoft, Yahoo, PayPal and others are working together on a standard that can be used across the internet for blocking phishing emails.
The 15 companies will be announcing DMARC.org on Monday, which stands for Domain-based Message Authentication, Reporting and Conformance — a system for verifying that emails are coming from legitimate companies and not impostors trying to trick people into clicking a phishing link. Basically, the system offers a common way for companies to authenticate their legitimate communications with customers.
Also in the DMARC working group are AOL, Bank of America, Fidelity Investments, American Greetings, LinkedIn and email security providers Agari, Cloudmark, eCert, Return Path and Trusted Domain Project.
Google, Microsoft, Yahoo, AOL and Agari announced in November that they were doing this authentication coordination for Facebook, YouSendIt and a few dozen other e-commerce companies and social networks. Now the effort is being expanded to include more participants. The anti-phishing collaboration has been going on for 18 months between various partners, DMARC members said.
"About 15 per cent of all email in the Gmail inboxes comes from these organisations that have published these DMARC records," said Adam Dawes, a Gmail product manager. "That means that these records cannot be domain spoofed."
DMARC.org plans to submit the DMARC specification to the Internet Engineering Task Force for standardisation.