Google, Microsoft, Facebook and other tech giants have collaborated on a new project named ‘Domain-based Message Authentication, Reporting & Conformance’.
DMARC is essentially a ‘technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols’.
They are planning to submit the draft specifications to the IETF so that it can be turned into a specification in the future.
The project developers spoke about the technology:
A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.