Another major mailbox provider has moved to the DMARC policy reject mode due to recent spoofing attacks on its members. Yesterday, AOL announced that it was following in Yahoo’s footsteps with p=reject.
Over the past few days, “You’ve Got Mail” users have complained about hackers gaining access to their AOL accounts and sending many emails with malicious links to their friend lists. The link in the email leads to malware, phishing attacks and viruses. If you have an AOL account, it is highly recommended that you check your sent folder to see if your account is affected. If you see a suspicious email in your sent folder, you need to delete the email and change your account password immediately.
Although the number of affected users is unknown, this attack has received a lot of attention on Twitter with the trending hashtag #AOLHacked. The AOL anti-spam team regard this as a serious attack, and has taken firm action to defend their users (full disclosure: I’m a former AOL employee). In order to stop hackers and cyber criminals, as well as restore trust in their brand, they announced publicly yesterday that their DMARC policy has been changed from (p=none) to reject (p=reject). With this DMARC policy change, AOL will now only allow traffic from AOL.com users through their mail servers. Other providers who honor DMARC policies such as Gmail, Yahoo and outlook.com are now been instructed to reject mail sent on behalf of AOL Mail users via non-AOL servers.
This big step and revolutionary DMARC reject policy was recently initiated by Yahoo following the earlier lead of Twitter, Facebook & Linkedin, and is now followed by AOL. Hopefully, other major mailbox providers will soon follow suit. The Message Systems’ team fully supports Yahoo’s and AOL’s decision to put stricter DMARC policies in place to battle spam and phishing attacks. Our core messaging engine, Momentum, fully supports all authentication methods such as DKIM and DMARC out of the box, and our support and technical teams are available to address any questions and concerns customers might have with regards to complying with these new email authentication polices.
Want to learn more about DMARC? Read the How DMARC Is Saving Email E-Book today!