Bank of America and Fidelity Investments have teamed up with the likes of Google, Microsoft, PayPal and others to push for a new email security standard, called the new Domain-based Message Authentication, Reporting and Conformance (DMARC).

The new standard aims to protect email at the domain level so criminals can't “spoof” a legitimate email account or domain name for phishing and other criminal expeditions.

According to Dark Reading, “Some of the most devastating data breaches have begun with an eerily convincing spoofed email address used to fool an unwitting employee into opening a document or following a link. But members of the DMARC working group say their goal is to create Internet standards that provide better coordination and cooperation between email providers and the owners of an email domain.”

For banks, this is good news, as the industry has been a prime target of phishers. The likes of Gmail, Facebook, LinkedIn, and PayPal are already using DMARC. Google says about 15 percent of non-spam Gmail emails are from DMARC domains. The trick for banks will be to spread this sort of success to the enterprise realm.

One expert told the magazine: "The real issue is that most IT email managers will not want to bother with configuring all of their systems to comply with YAP -- Yet Another Proposal -- when they haven’t even began using SPF or DKIM on a large scale.” Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), which validate sender’s IP address and uses cryptographic authentication, have yet to really catch on in the enterprise unfortunately. But banks are keen to the litigation risks posed by phishers, especially at the small business level. It would be nice to see the industry push ahead on enhanced security.

For more:
- here’s the article from Dark Reading

Related articles:
Time to take a stand on security--again
Banks and the looming security crisis