FTC Study Urges Wider Implementation of DMARC to Fight Phishing

    Apr 11, 2017

    On March 3, the Federal Trade Commission (FTC) announced the results of a study that looked at the ways online businesses use e-mail authentication technologies to prevent phishing attacks. The sample consisted of 569 large online businesses that have strong ties to the United States.

    The study found that most major online companies are using proper e-mail authentication technology to prevent phishing e-mails, but few of them are taking full advantage of the best technologies. Eighty-six percent of the surveyed companies use Sender Policy Framework, which is an e-mail authentication technology that enables ISPs to determine if an e-mail message actually originates from the domain that it claims to.

    In a subsequent report, the FTC recommended wider implementation of an authentication technology known as DMARC, which stands for Domain Message Authentication Reporting & Conformance. It alerts the company about spoofing efforts and advises the Internet service providers (ISPs) to reject messages that claim to be from the company’s e-mail address.

    The study found that fewer than 10% of the participating companies use DMARC. 

    The Washington Policy Brief is an online advisory that contains brief summaries of recent legislative and regulatory issues that may affect the records and information management profession. Further information about the issue is accessed by clicking on the link provided at the end of each summary.


    Want to sign up to receive an e-mail version of the Washington Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.



    © 2017, ARMA International