Publishers Clearing House Reduces Phishing Threats with DMARC

Phishing is a huge threat to trust in the email ecosystem. Consumers are wary of interacting with brands that they perceive as being insecure.

For this reason, Publishers Clearing House (PCH) is a Return Path client that was an early adopter of domain protection services and DMARC. The system has helped them quickly detect misuse of their brand name. In one recent incident the Return Path system detected a run of 144,000 messages in just one day.

“PCH is a prominent household name. Protecting our members from phishers and scammers is key business initiative for us. Phishing scams were prevalent. Since working with Return Path to implement authentication, including DMARC, we have substantially reduced the incidents of phishing. It’s like having a sign out that says we are protected. Criminals move on to easier targets,” said Sal Tripi, Assistant Vice President, Digital Operations and Compliance, Publisher’s Clearinghouse. “When incidents do occur we detect them very quickly and are able to direct mailbox providers to reject these fraudulent messages. This protects our customers and maintains the trust people place in our brand.”

In a recent example, from one PCH domain’s mailstream over the past 90 days, Return Path’s Domain Secure system was able to block 350,000 messages from bogus forwarding services and infrastructure that does not belong to PCH. Blocking these messages from inboxes protects hundreds of thousands of consumers from harmful messages. This was not possible before DMARC.

Phishing can be a needle-in-the-haystack problem, especially with high volume mailers. Finding the relatively small number of phishing messages can be difficult, and so the DMARC standard is crucial for allowing senders like PCH to keep their brands safe.

The success of DMARC in just one year has been really amazing. For years now the email industry has been talking about the importance of authentication, but the reality was we couldn’t show a benefit to brands that took the time and resources to implement the protocols. Now with the reporting function and the ability to publish a reject policy to some of the world’s largest mailbox providers, brands that implement DMARC can actually protect a substantial number of their customers from fraudulent messages purporting to be from their domain. This is a real and important benefit and all companies should take advantage of it.