Return Path Research Finds that DMARC is Effective in Blocking Millions of Potentially Fraudulent Messages from 60% of the World’s Mailboxes

DocuSign Leads eSignature Industry Security with DMARC to Thwart Phishing Attacks

NEW YORK -- February 6, 2013 -- Return Path, the global leader in email intelligence, today announced, in partnership with DMARC.org, that the DMARC standard is giving top senders a new level of control in blocking potentially fraudulent messages from a majority of the world’s mailboxes. In fact, DMARC is now deployed at mailbox providers representing 60% of the world’s mailboxes and been adopted by 10 of the top 20 sending domains, representing a high volume of daily traffic into receiving networks. Because of this, more than 325 million messages were blocked from consumer inboxes in November and December of 2012, according to data from Return Path and other members of DMARC.org. In one recent example, DocuSign used the DMARC standard to thwart an active phishing attack.

DMARC, which stands for Domain-based Message Authentication, Reporting and Conformance, was launched last year by a consortium of top mailbox providers and senders including Google, Microsoft, Yahoo!, Facebook and PayPal. DMARC uses existing authentication protocols – Sender Policy Framework (SPF) and DKIM – to enable brands to publish policies that reject messages that are not properly authenticated. DMARC adds deeper value by enabling mailbox providers to send reporting back to companies to let them know when their domains are not authenticated properly. This helps companies quickly detect phishing attacks and keep their systems running properly.

DocuSign, as the global standard for eSignature, has built a trust network of more than 27 million users in 188 countries who use the company’s eSignature transaction management platform to finish business faster. The company helps individuals and businesses of all sizes and industries accelerate transactions to increase speed to results, reduce costs, and delight customers.

With the industry’s most robust security, DocuSign is on the cutting edge of using innovative tools like the DMARC standard to protect its brand and global network of users. An advocate for using Sender Policy Framework (SPF) for authentication, DocuSign uses DMARC to monitor messages from its sending domains. When fraudulent emails recently began appearing via DMARC, the company quickly saw that its brand and users were the target of a phishing attack, and took immediate action. DocuSign published an updated DMARC policy that directed participating mailbox providers to quarantine all messages that failed authentication, thereby stopping suspicious messages from reaching inboxes.

“DocuSIgn offers the industry’s most trusted eSignature platform,” said Joan Ross, Chief Security Officer, DocuSign. “DMARC allows us to rapidly identify any attacks against the DocuSign brand and protect our global network of users so that they can continue to rely on DocuSign to finish business faster safely and securely.”

As a security thought leader, DocuSign recently blogged about DMARC and other best practices in a series of blog posts designed to help the company’s users further protect their information and data.

DocuSign isn’t alone: As malware spam attacks are on the rise targeting high-profile companies with trusted brands, many companies are turning to this new defensive tool to fight back. Using the DMARC standard, these companies direct mailbox providers to block or quarantine unauthenticated mail attributed to their domains. This can prevent addressees from receiving deceptive phishing messages that falsely appear to be from what are made to look like familiar senders.

Return Path’s Secure.EQ suite of anti-phishing solutions includes tools that help senders implement the DMARC standard and protect their brands from phishing attacks. In another recent example, Publishers Clearing House was able to use Return Path’s Domain Secure system to block 350,000 messages from bogus forwarding services and infrastructure that did not belong to PCH. Blocking these messages from inboxes protects hundreds of thousands of consumers from harmful messages – something not possible before DMARC.

“As longtime advocates for email authentication and co-founding members of DMARC.org, we’re encouraged by examples like these,” said George Bilbrey, President of Return Path. “As more senders recognize the effectiveness of DMARC in their battle against fraud, consumer trust across the email channel will build. Top brands are already leading the way – their success should inspire senders everywhere to take these simple steps to make the entire email ecosystem safer and more secure.”