Back Issues This Week → Current Issue → Popular →

Email security standards are proving porous where malicious email attacks are concerned, since attackers use a deceptive link or new domains that comply with the same email security standards regular users employ to blunt threats like phishing, according to a vendor report released this week.

Security firm Cloudflare found that the vast majority (89%) of unwanted messages passed a check of at least one of the three major email security standards: Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), or Domain-based Message Authentication, Reporting and Conformance (DMARC). SPF typically uses a domain-name record to indicate which servers can send mail on behalf of the domain, while DKIM allows senders to sign parts of a message, such as the "from" address, to attest to their validity. Finally, DMARC is a way of specifying policies, which can include attestation by SPF and DKIM processing.