Email Security Blog

Hats off to Yahoo!

Patrick Peterson April 15, 2014 DMARC
Fallback Featured Image

On April 4, Yahoo! took one giant step forward for email-kind when they requested all Internet email receivers to stop receiving mail purporting to be From: Yahoo!, that is not authentic. This is done with a “DMARC reject” policy. More recently Yahoo! explained their stance in a blog post.

“And overnight, the bad guys who have used email spoofing to forge emails and launch phishing attempts pretending to come from a Yahoo Mail account were nearly stopped in their tracks.”

Every day, email is used for malicious purposes. Last year RSA reported there were 450k phishing attacks causing global losses of $6B, and the Verizon data breach report revealed 95% of state-sponsored espionage attacks use phishing emails to establish a foothold. These attacks are all enabled by email’s “original sin” – built in 1982, the 32 year-old technology did not enable anyone to determine if a message is really from the purported sender – be it yahoo.comagari.com or whitehouse.gov. Agari has been working on this problem for many years, and thanks to the new DMARC technology, we can take away email from the criminals.

To accomplish this, each company, like Yahoo!, has to take their domains back from the criminals. In Yahoo!’s case, there have been many different legitimate uses of yahoo.com that have developed over the last 20 years, but companies sending marketing email From: Yahoo.com or using mailing lists that don’t support DMARC are going to have to change. Change is never easy, but in this case it will leave us with a better Internet. For everyone.

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

April 17, 2019 Fareed Bukhari

The Time is Now: Underscoring the Importance of DMARC for State and Local Governments

Scammers know that impersonating a trusted government agency is an extremely effective way to trick…

Agari Blog Image

February 26, 2019 Armen Najarian

Retail Trails Other Sectors in Adopting DMARC for Phishing Prevention

Recent research by the Agari Cyber Intelligence Division finds that the retail industry is dead…

Person Looking at DMARC Protected Email

February 19, 2019 Fareed Bukhari

DMARC Adoption Up, But 85% of Fortune 500 Remains Vulnerable to Brand Hijacking

Adoption of Domain-based Message Authentication, Reporting, and Conformance (DMARC) has seen modest growth in recent…

Agari Blog Image

October 16, 2018 Fareed Bukhari

One Year Later: Federal Mandate for Email Authentication Huge Success

Responding to BOD 18-01, agencies rally to complete the fastest sector-wide adoption of DMARC One…

Agari Blog Image

October 16, 2018 Patrick Peterson

DMARC: A 12-Month Triumph for DHS—and the Nation

Today is the deadline set by the Department of Homeland Security for all executive branch…

mobile image