Phishing protection

Last week Return Path announced a new service: Domain Assurance. This service allows companies who send only authenticated email to protect their brand from phishing attacks. Participating ISPs will reject unauthenticated email from domains participating in this program.

Once the sender has ensured that all their email is being authenticated, they can add their domains and sub-domains to the Domain Assurance Registry list for ISPs to automatically reject all mail coming from these registered domains that fail authentication. Email senders using Domain Assurance have access to rich data reports about their email, get alerted when fraudulent emails using their domains are observed, and are provided with email intelligence on attackers and phishing URLs so they can initiate the take down of fraudulent websites.

Blocklist BCP
Expiring emails

Related Posts

Domain Assurance by Return Path

As often happens during MAAWG, email companies are announcing new products. One of the interesting ones is the new Domain Assurance product from Return Path.

Read More

Goodmail sued for patent infringement

Late last week RPost sued Goodmail for infringing two patents. One patent authenticates content and delivery of documents. The second verifies the message was received by the recipient.
Patent #6,182,219: Apparatus and method for authenticating the dispatch and contents of documents.

Read More

ESPs, Non-portable Reputation and Vendor Lock-in

I’ve seen some mentions recently of ESPs suggesting that if you use your own domain in the From: of mail you send through an ESP then that ESP can’t “do email authentication” properly unless they require you to edit your domains DNS settings. That’s not really so, but there is a kernel of truth in there.
The real situation is, unsurprisingly, a bit more complicated.
What authentication features should you look for in an ESP?

Read More