Anyone wondering why Yahoo! recently decided switch to a DMARC reject policy got a pointed answer from CISO Alex Stamos last week: He testified before a congressional subcommittee on Thursday that the policy “reduced spam purported to come from yahoo.com accounts by over 90%.” Stamos added, “If used broadly, [DMARC] would target spammers’ financial incentives with crippling effectiveness.”
Yahoo’s decision essentially tells mailbox providers to block any unauthenticated mail appearing to come from a yahoo.com address. Stamos discussed DMARC and the measures that Yahoo! takes to protect consumers from email abuse and associated security risks during a hearing led by U.S. Senators John McCain (R-AZ) and Carl Levin (D-MI), “Online Advertising and Hidden Hazards to Consumer Security and Data Privacy.” The subcommittee also heard testimony from Craig Spiezle, executive director of the Online Trust Alliance (OTA), who warned that commercial brands without proactive policies to safeguard consumers’ security and privacy place broad swaths of the internet economy at risk, stressing that “trust is the foundation of every communication we receive, every web site we visit, every transaction we make and every ad we view.”
As a founding member of DMARC.org and an active member of the OTA, Return Path has played a central role in the effort to fight email abuse and raise awareness of the danger it represents to brands and consumers. As an email security provider we routinely see examples of large organizations successfully protecting users and themselves from threats such as phishing attacks. Earlier this month we helped a major financial services provider use DMARC to diagnose and stop a coordinated attempt to distribute malware under its name. By immediately quarantining the unauthenticated messages, sent from more than 5,600 IP addresses through a typical botnet attack, the company prevented nearly one million people from receiving email designed to infect their systems and compromise their privacy and security.
DMARC works. Progressive companies are embracing technology like this to keep their customers, their businesses, and the entire online community safe from email abuse. Public success stories like Yahoo’s and private ones like our clients’ prove that the fight to protect email from fraud is winnable. As lawmakers and consumers pay closer attention to who’s taking action and what they’re doing to maintain trust in online communication, marketers should step up and lead the effort.
If you haven’t implemented DMARC or email authentication, please find out what you need to do today to protect your brand and your customer relationships. You can find more information here, or you can contact Return Path to learn how to get started.
Wayne received his Bachelor of Science in Applied Science from Kingston University.
Helen received her BA (Honours) Business studies degree from Nottingham Trent University.
Tunc holds a Bachelor of Computer Science from Macquarie University.
Cecilia has Bachelor of Economy with an MBA for Business and Technology Management
Kevin received his Bachelors from Bentley University in Waltham MA.
Greg has BSBAs in Economics, Finance and Real Estate from University of Denver and an MBA from Dartmouth’s Tuck School of Business.
As Senior Vice President of Marketing, Kate leads all of Validity’s marketing efforts.
Kate holds a Bachelor’s degree in Spanish Language and Literature from Regis College.
Eduardo has practiced law for more than 20 years in both corporate and law firm environments. Eduardo has broad legal experience in SaaS commercial transactions, risk management, M&A, due diligence, entity and product integrations, intellectual property, data privacy, regulatory compliance, and corporate governance.
Eduardo has an LL.M. in Securities and Financial Regulation from Georgetown University Law Center, a J.D. from the University of Pittsburgh School of Law, and a B.A. from the University of Dallas.