Yahoo! Tells Congress DMARC Policy Eliminated 90% of Phony Spam

Anyone wondering why Yahoo! recently decided switch to a DMARC reject policy got a pointed answer from CISO Alex Stamos last week: He testified before a congressional subcommittee on Thursday that the policy “reduced spam purported to come from accounts by over 90%.” Stamos added, “If used broadly, [DMARC] would target spammers’ financial incentives with crippling effectiveness.”

Yahoo’s decision essentially tells mailbox providers to block any unauthenticated mail appearing to come from a address. Stamos discussed DMARC and the measures that Yahoo! takes to protect consumers from email abuse and associated security risks during a hearing led by U.S. Senators John McCain (R-AZ) and Carl Levin (D-MI), “Online Advertising and Hidden Hazards to Consumer Security and Data Privacy.” The subcommittee also heard testimony from Craig Spiezle, executive director of the Online Trust Alliance (OTA), who warned that commercial brands without proactive policies to safeguard consumers’ security and privacy place broad swaths of the internet economy at risk, stressing that “trust is the foundation of every communication we receive, every web site we visit, every transaction we make and every ad we view.”

As a founding member of and an active member of the OTA, Return Path has played a central role in the effort to fight email abuse and raise awareness of the danger it represents to brands and consumers. As an email security provider we routinely see examples of large organizations successfully protecting users and themselves from threats such as phishing attacks. Earlier this month we helped a major financial services provider use DMARC to diagnose and stop a coordinated attempt to distribute malware under its name. By immediately quarantining the unauthenticated messages, sent from more than 5,600 IP addresses through a typical botnet attack, the company prevented nearly one million people from receiving email designed to infect their systems and compromise their privacy and security.

DMARC works. Progressive companies are embracing technology like this to keep their customers, their businesses, and the entire online community safe from email abuse. Public success stories like Yahoo’s and private ones like our clients’ prove that the fight to protect email from fraud is winnable. As lawmakers and consumers pay closer attention to who’s taking action and what they’re doing to maintain trust in online communication, marketers should step up and lead the effort.

If you haven’t implemented DMARC or email authentication, please find out what you need to do today to protect your brand and your customer relationships. You can find more information here, or you can contact Return Path to learn how to get started.

minute read

Popular stories



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time