Self-Regulation In The Email Provider Market

Uploaded on 2024-07-16 in TECHNOLOGY--Developments, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

In a recent webinar, Microsoft's Principal PM Architect, Ross Adams, hinted at plans for Microsoft to join Google, Apple, and Yahoo and require email authentication for bulk senders. This encompasses any email domain that sends over 5,000 emails daily, giving millions of businesses a stark choice: comply with the new standards or risk their security and email deliverability.

Businesses that fall into the 'bulk sender' category are required to implement a DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy. This policy outlines how to handle emails that fail authentication checks - whether they should be accepted, rejected, or sent to the junk folder.

By ensuring only legitimate emails are delivered, DMARC enhances email security and reduces the risk of phishing and other email-based attacks.

With Microsoft now precariously agreeing with the need for this email requirement, the four largest email providers globally are on board with eventually implementing this policy. But what has brought about this unanimous agreement? After all, DMARC isn’t a legal requirement. 

Secure Inboxes, Secure Customer Base

While we can't know the exact motivations behind the implementation of DMARC without regulatory influence, it’s an understandable decision. In a world with dozens of communication channel choices, maintaining the integrity of email, especially for professional communications, is crucial. As of May 2024, the UK's National Cybersecurity Centre had received over 32 million reports of phishing scams from the public. This surge is likely unsurprising to many email users, as the AI boom has enabled cybercriminals to create more frequent and sophisticated scams that are harder to detect.

As AI-driven scams continue to rage, email providers must maintain their grip on professional communications.

With cyberattacks on the rise and businesses prioritizing cybersecurity more than ever, protecting the email sphere from significant losses in trust is in the best interest of these providers. While they can’t stop the sophistication of phishing emails from improving, they can allow customers to control whose emails are being delivered to their inboxes. By adopting DMARC, the four largest email providers globally are not just enhancing security but also ensuring they remain the trusted backbone of professional and personal communication. This unanimous agreement highlights a proactive approach to safeguarding their customer base and preserving the reliability of email as a communication tool.

Importantly, however, this move isn't just beneficial to email providers - it's beneficial to organizations and their customers too. It's a win-win-win!

As frequent targets of phishing attacks, customers are eager to secure their inboxes, especially with scams continuing to increase. As a result, implementing DMARC allows businesses to show their commitment to protecting customers' personal information and financial assets, fostering trust and brand loyalty.

These changes have also created an atmosphere where organizations are incentivized to proactively get ahead of the competition. This is because DMARC doesn't just reduce the chances of imitation or attack; it also means improved deliverability, resulting in happier, more engaged customers. 

Given these mutual benefits, it's surprising this shift towards self-regulation hasn't happened sooner. But it makes sense - it's a rare case where self-regulation provides a competitive edge in the long run. Cyber attacks are only going in one direction, and providers that offer the most reliable and secure email experiences will ultimately prevail.

Strength in numbers: How the collaborative shift towards self-regulation brought to light the seriousness of phishing

The collective shift towards self-regulation signals that top email providers now see DMARC as a critical line of defense. By announcing cybersecurity protocols collectively, email providers have established a consistent standard across the industry, which tells us that curbing the threat of phishing is a top priority. Importantly, this uniformity simplifies compliance for businesses and users, ensuring that everyone adheres to the same security practices and is equally protected as a result. 

On top of this, the decisive move has put pressure on other organisations to follow suit. Smaller email providers and businesses are more likely to adopt these standards to remain competitive and compliant, helping drive the industry’s cybersecurity forward exponentially.  

A New Era Of Email Security

Ultimately, these regulatory changes go a long way in combatting the rapidly rising issue of phishing and spoofing. As cyber criminals refine and multiply their phishing techniques with AI tools, lowering the barrier to entry significantly, DMARC remains a crucial defense against malicious email content. This increased protection helps end-users avoid falling victim to scams, thereby safeguarding their personal information and financial assets.

Google has signaled plans to continue rejecting non-compliant emails in the coming months, meaning that businesses have a short window to prepare. With Microsoft and Yahoo likely to follow shortly, there has never been a better time to re-evaluate approaches to cybersecurity as we enter this new era of digital protection.   

Gerasim Hovhannisyan is Founder and CEO of EasyDMARC

Image: Ideogram

You Might Also Read: 

DMARC Email Validation: Cracking Down On Fraud:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

 

« Google Will Pay $23B To Acquire Cyber Security Firm Wiz
The Top Nine API Security Vulnerabilities »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Covenco

Covenco

Covenco is a data management and IT infrastructure specialist. Working with customers to transform their IT environments, with data protection and security at the forefront of everything we do.

Cyber Data-Risk Managers

Cyber Data-Risk Managers

Cyber Data-Risk Managers Pty Ltd is an insurance broker based in Melbourne, Australia specializing in Cyber insurance / Data breach insurance.

Thinkst Applied Research

Thinkst Applied Research

Thinkst is an Applied Research company with a deep focus on information security.

Digital Security

Digital Security

Digital Security is an Ecuadorian company specialized in providing comprehensive information security solutions.

TeskaLabs

TeskaLabs

TeskaLabs is a software vendor of cybersecurity and data privacy products.

Pipeline Security

Pipeline Security

Pipeline is a leader in cybersecurity, offering comprehensive services to protect organizations from evolving threats.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

Red River

Red River

Red River is a technology transformation company, bringing 25 years of experience and mission-critical expertise in analytics, cloud, collaboration, mobility, networking and security solutions.

DataFleets

DataFleets

DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

Entara

Entara

Entara (formerly YJT Solutions) is an eXtended Service Provider (XSP) focused on providing cutting edge technology and cyber security solutions to companies in regulated industries.

Zenity

Zenity

Zenity is the first and only security governance platform for low-code/no-code applications.

Third Point Ventures

Third Point Ventures

Third Point brings deep technical expertise, a strong network of relationships, and decades of investing experience to add value to our partners throughout their journey from idea to IPO and beyond.

Fusion Cyber

Fusion Cyber

Fusion Cyber educates students in Zero Trust Risk Management, Defense, and Cyber Offense that lead to taking industry-accepted cybersecurity certifications.

Archer Technologies

Archer Technologies

Archer helps organizations manage risk in the digital era—uniting stakeholders, integrating technologies and transforming risk into reward.

DNS Research Federation (DNSRF)

DNS Research Federation (DNSRF)

DNSRF's mission is to advance the understanding of the Domain Name System's impact on cybersecurity, policy and technical standards.