The email deliverability company Return Path has announced a new service called Domain Assurance which should help companies to aid in battling phishing. Big names in the internet industry are already backing the new service: those include Google, Yahoo!, Tucows and Cloudmark. The way this new service will work is described below:
Domain Assurance helps protect companies from being spoofed and phished by blocking fraudulent emails before they reach the consumer’s inbox.
With Domain Assurance, email senders first have their domains audited to be sure they are properly authenticated. Email authentication methods like SPF and DKIM are industry-accepted standards that confirm the identity of the sender of the email. In the Domain Assurance Dashboard, email senders can review authentication results from Return Path’s mailbox provider partners and the proprietary ISP-based Return Path Reputation Network. Senders can readily detect any malicious activity and initiate a proactive course of action to mitigate any damage.
Additionally, senders can validate email authentication results across all the email sent under their domains, including transactional, marketing, and corporate.
Once the sender has ensured that all their email is being authenticated, they can add their domains and sub-domains to the Domain Assurance Registry list for ISPs to automatically reject all mail coming from these registered domains that fail authentication. Email senders using Domain Assurance have access to rich data reports about their email, get alerted when fraudulent emails using their domains are observed, and are provided with email intelligence on attackers and phishing URLs so they can initiate the take down of fraudulent websites.
As I understand this service, it will not be for every company but more for high volume, high profile companies that are at the crossroads of sending a lot of emails themselves, but also having their brand or product name abused by people who are creating phishing messages. To mitigate the effect of phishing emails the audience should be educated, go to the root cause of the problem: sending phishing emails pays off, just like sending spam, sadly because they get response. If no-one would open or click through a spam or phishing message they have received the amount of spam and phishing messages being sent in the first place would drop to neglicible levels and services like these would not be necessary.