Big Internet Players Propose DMARC Anti-Phishing Protocol 92
judgecorp writes "Google, Microsoft, PayPal, Facebook and others have proposed DMARC, or Domain-based Message Authentication, Reporting and Conformance, an email authentication protocol to combat phishing attacks. Authentication has been proposed before; this group of big names might get it adopted." Adds reader Trailrunner7, "The specification is the product of a collaboration among the large email receivers such as AOL, Gmail, Yahoo Mail and Hotmail, and major email senders such as Facebook, Bank of America and others, all of whom have a vested interest in either knowing which emails are legitimate or being able to prove that their messages are authentic. The DMARC specification is meant to be a policy layer that works in conjunction with existing mail authentication systems such as DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework)."
Re:Why a new protocol? (Score:5, Insightful)
Because average users have issues with it and they are people this proposal are trying to protect.
If any security is going to happen for average user, it must be forced upon them. Otherwise, "it's too hard"
Re:We already have email authentication (Score:5, Insightful)
The problem with PGP/signed-emails is that you're putting the burden on the user. I'm a pretty technical guy, and I don't even want to bother with it. There's no way that the average person it going to take the time to understand and implement PGP.
The proposed solution puts the burden entirely on the system and the providers, so is more likely to be adopted and actually used (and therefore, successful in its end-purpose of stopping phishing attacks).
Re:Why a new protocol? (Score:4, Insightful)
PGP/gpg is ideal because it sits atop of everything else. However, most people wouldn't be bothered to generate and store securely a private key, much less build a usable WoT and making sure not just just absent-mindedly sign everyone's key that passes by.
Comment removed (Score:5, Insightful)