Prevent email spoofing and keep information safe

Do you know how your company can reduce phishing emails targeting your brand?

Email scams have increased rapidly in recent years. For example, in 2016 a Swedish manufacturer lost SEK 25 million due to this kind of scam. In these cases, criminals impersonate a company executive and send a fake email message to selected employees, tricking them into wiring funds.

DMARC (Domain Message Authentication Reporting and Conformance) can protect you from this. DMARC is an Internet protocol specification that provides visibility into email flows, and can tell receiving servers to delete spoofed messages immediately when received, thereby ensuring that only legitimate emails are delivered to inboxes. Approximately 70% of consumer inboxes worldwide are protected by DMARC – that is more than 2.5 billion mailboxes worldwide. However, many organizations are still not aware of DMARC and its benefits, only one-third of businesses and other organizations have implemented DMARC as a part of their validation process.

Within If, we think that every organization with a domain name should consider using DMARC to help reduce spam and phishing attacks targeting their brand.

Every organization with a domain name should consider using DMARC to help reduce spam and phishing attacks targeting their brand.

How does it work?

A DMARC policy allows the sender to indicate that their messages are protected, and advises the receiver what to do – nothing, quarantine, or reject – if a received message does not match the DMARC policy. Because the specification is available with no licensing or similar restriction, any interested party is free to implement it.

What are the benefits?

DMARC benefits both recipients and senders. Email recipients are warned if an email is fraudulent or harmful and do not have to guess what to do with emails that fail the DMARC authentication. The senders can now identify how much email is coming from their own domain (or claiming to come from their domain), where it originated, and how recipients are handling the emails.

Can DMARC combat all types of email attacks?

No. DMARC can only provide protection against direct domain spoofing. If the owners/operators of example.com use DMARC to protect that domain, it would have no effect on example.eu (notice the ".eu" vs. ".com").

How to get started?

Although it technically can take less than an hour to build and publish a DMARC record, it is wise to first engage all teams with a stake in email security (security, marketing, fraud prevention, service desk, system administrators, and others) and then consider deploying DMARC in three steps:

  1. Monitoring mode
    In monitoring mode, you advertise to the Internet that you want all DMARC-compliant email receivers to send you reports on who is sending email from your domain. No emails are flagged, blocked, rejected, or quarantined.
  2. Quarantine mode
    In quarantine mode, suspicious messages are flagged for review. This allows you to identify all internal and authorized email servers and ensure they are configured properly.
  3. Reject mode
    In reject mode, spam and phishing messages are deleted by DMARC -protected email servers. This enhances the trust relationship between emails sent by you and received by DMARC-protected mailboxes.

As a final step, DMARC should be leveraged to detect and mitigate threats since it provides valuable reporting information about the amount and structure of phishing attacks and can help to improve fraud intelligence around targeted attacks on your brand.

For further information, see the Global Cyber Alliance's web site https://dmarc.globalcyberalliance.org/

If News 2/2018 Property

Article by

Peter Granlund

Cyber Risk Engineer