For all the engineer-poaching and trash-talking going around Silicon Valley these days, there has also been a surprising amount of behind-the-scenes collaboration.
For the past 18 months, engineers at PayPal, Google, Facebook, Yahoo, AOL, Microsoft and nine other technology companies have spent their off-hours (and some on-hours) working hand in hand to tackle the problem that plagues them all: e-mail phishing.
Starting Monday, other companies can adopt the new standard by registering with DMARC.org. Once they sign up, e-mail senders — whether they be a mom-and-pop bakeries or The Gap — will have a way of constantly communicating with the big e-mail providers at Gmail, Hotmail, Yahoo and AOL about which e-mails purporting to be from their domains should be allowed into in-boxes, and which should not.
DMARC requires that members adopt e-mail authentication policies whereby any e-mail that claims to be from their domain must pass one of two authentication tests. If an e-mail doesn’t pass muster, a sender can tell the e-mail providers to quarantine the e-mail or reject it outright. In turn, senders can get real-time reporting on the state of their spoofing problems.
This is good news.