Fifteen leading email service and technology providers are announcing DMARC.org, a technical working group that has been developing standards for reducing the threat of deceptive emails, such as spam and phishing.

According to a press release, DMARC.org draws upon a history of private industry collaboration with 18 months of dedicated work, to outline an enhanced vision for email authentication that can scale up to today's Internet needs. The group's work includes a draft specification that helps create a feedback loop between legitimate email senders and receivers to make impersonation more difficult for phishers trying to send fraudulent email.

By introducing a standards-based framework, DMARC has defined a more comprehensive and integrated way for email senders to introduce email authentication technologies into their infrastructure. For example, a sender could set policies to easily request a provider to discard unauthenticated email in order to block phishing attacks. The specification also creates a mechanism for email providers to send detailed reports back to email senders to help catch any gaps in the authentication system. This feedback loop raises the trust level within the email ecosystem and makes it easier to detect and stop phishing attempts.

After gathering data and input from field usage of the technology, DMARC.org intends to submit its DMARC specification to the IETF for standardization. Interested organizations are encouraged to read the specification, join the dmarc-discuss mailing list at www.dmarc.org, and begin testing and deploying email authentication standards SPF, DKIM, and DMARC. DMARC.org members will be participating in discussions about the specification at MAAWG and RSA conferences in February.

DMARC.org (Domain-based Message Authentication, Reporting and Conformance) is an unincorporated working group made up of many of the world's leading email providers (AOL, Gmail, Hotmail, Yahoo! Mail), financial institutions and service providers (Bank of America, Fidelity Investments, PayPal), social media properties (American Greetings, Facebook, LinkedIn) and email security solutions providers (Agari, Cloudmark, eCert, Return Path, Trusted Domain Project). The group is dedicated to developing Internet standards to reduce the threat of email phishing and to improve coordination between email providers and mail sender domain owners.