In response to the article on PC World, Yahoo email anti-spoofing policy breaks mailing lists, we want to take the opportunity to comment on the benefits of DMARC and the important role it plays in securing companies and consumers.
2013 was a pivotal year for email security – multiple, high profile attacks that leveraged weaponized emails as an attack component finally highlighted to the world how vulnerable companies are when it comes to the email channel. Without DMARC, criminals can send an email to anyone purporting to be from any company or brand.
DMARC has been adopted by the biggest email senders on the planet and also by email receivers such as Yahoo!, Google, and Microsoft, covering 85% of the consumer inboxes in the US, stops this abuse. With DMARC, senders have control – first, senders can tell receivers when emails are authentic or not, and what to do when they are not legitimate. Second, senders can tell receivers where to send feedback regarding their messages, so the senders can understand what is or isn’t being delivered and why.
Yahoo! was an original supporter of DMARC on the receiving side. Also, by implementing DMARC on the sending side, they are joining the world’s leading brands who are putting the security interests of consumers first.
The security benefits of DMARC to companies have proven to be enormous, as noted in the DMARC.org press release titled Prominent Brands Cut Email Abuse by More than 50% with DMARC. In a study of DMARC data collected in early 2014, Agari found that a only a fraction of a percent of all legitimate email failed DMARC due to problems with mailing lists. The numbers show that the potential problems posed by outdated mailing list software pales in comparison to the great benefits that the DMARC standard gives to the internet community.
Older mailing list software can have interoperability issues with a new security technology like DMARC. Much of this type of software has existed for over 20 years, but can often be updated to support DMARC. As an example, the release of the popular Mailman mailing list software in Oct 2013 added settings to allow these lists to work with DMARC. In addition, highly popular “groups” services (which are essentially mailing lists) offered by many free mail services, work fine with DMARC. DMARC.org has a FAQ for mailing list operators that describe the benefits of using up to date mailing list software.