One of the biggest problems that the Internet has faced for years, and is facing still, is spam. It is estimated that more than 90% of the total Internet traffic is email spam. The figure has come down considerably, after Microsoft hunted for and took down a number of botnets. Nonetheless, the volume of spam is still high enough, that it is a matter of concern.
Spam is so popular and widespread, there are businesses based on spam, which thrive on the naiveness of the casual Internet surfer. Most of these spammers gather personal data or credentials, using phishing attacks.
This time, all tech giants, namely Google, Microsoft, Yahoo!, PayPal, Facebook and LinkedIn are going after spammers. They have decided to verify if the email sender is indeed the actual sender. Ars Technica writes on this, claiming that SMTP is too old to, and the concept of emails has become complicated since its birth.
As with SPF and DKIM, DMARC depends on storing extra information about the sender in DNS. This information tells receiving mail servers how to handle messages that fail the SPF or DKIM tests, and how critical the two tests are. The sender can tell recipient servers to reject messages that fail SPF and DKIM outright, to quarantine them somehow (for example, putting them into a spam folder), or to accept the mail normally and send a report of the failure back to the sender.
As DMARC stores extra information about the sender, it has to record all the senders, to function effectively. This makes a global rollout compulsory for DMARC to be effective in fighting spam. In the next few months, we will see how the Internet community receives DMARC and whether it is effective against spam.