Brief history of email authentication

As the largest deployed application on the internet, email is huge! And it takes a long time to change the fundamentals:

2003:

• First SPF draft

2004:

• First DomainKeys draft (predecessor to DKIM)

2006:

• First DKIM draft
• PayPal begins work with Yahoo on authentication-based model

2007:

• BITS Email Security Working Group publishes paper recommending TLS + SPF + DKIM for email
• DKIM RFC published
• PayPal + Yahoo blocking based on DomainKeys+SPF goes live

2008:

• PayPal publishes “A Practical Approach To Managing Phishing”

2009:

• BITS publishes deployment guide for email authentication
• First companies launch to build business on top of authenticated email model
• Private-channel model prototyped by webmail providers

2010:

• proto-DMARC.ORG effort begins, organized by PayPal to create Internet-scale success as published in 2008
• Anti-Phishing solutions built on top of proto-DMARC start shipping

2011:

• DMARC.org organizes, begins work.

2012:

• First DMARC draft released
• dmarcian.com launches to support DMARC
• DMARC adoption reaches ~60% of global consumer inboxes

2013:

• BITS publishes “BITS Email Authentication Policy and Deployment Strategy for Financial Services Firms,” recommends DMARC.
• DMARC.ORG specification work moves to the IETF

2014:

• DMARC Working Group chartered within IETF

2015:

• DMARC.org becomes initiative under the Trusted Domain Project, a non-profit and tax-exempt public benefit corporation in State of California.

We’re Here to Help

With a team of email security experts and a mission of making email and the internet more trustworthy through domain security, dmarcian is here to help assess an organization’s domain catalog and implement and manage DMARC for the long haul.

You can get in touch with us or register for a free trial where our onboarding and support team will help you along the way.

Want to continue the conversation? Head over to the dmarcian Forum.