Protect Your Brand Against Spoofing and Spam with DMARC
According to the NCSC, 6.4M suspicious emails were reported in the UK in 2022. Considering there are so many email filtering solutions out there that it designed to minimise suspicious email, this is an extremely large number that ultimately raises questions.
For example:
- Why do so many suspicious emails get through email filtering systems?
- How many of these reported emails were false positives? This could mean that many genuine emails never found their way to the recipient’s inbox because they were flagged as suspicious.
- If these emails were the ones that were reported, how many suspicious emails have gone unnoticed or may have fooled an unaware user?
- What were the sources of these suspicious emails? Was the email spoofed from a pre-existing domain or was a fake domain generated? You may be surprised to hear that the misuse of company domains often goes undetected by both employees and email servers.
There is an ongoing battle between organisations and cybercriminals, who are working very hard to generate more sophisticated attacks. This means that organisations must work just as hard to ensure that their emails are protected. Otherwise, they risk ruining their brand’s reputation and compromising their financial assets.
To help combat this power struggle between organisations and cyber criminals, we will spend the next 5 minutes discussing Domain-based Message Authentication, Reporting, and Conformance (DMARC), and how it can better protect against email spoofing and phishing attacks.
Authenticating emails with DMARC, SPF & DKIM
DMARC
DMARC, or Domain-based Message Authentication, Reporting, and Conformance (imagine saying that every time!) is an email security standard that further protects your company’s email domain from email spoofing and fraud.
DMARC does this by working with Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) to authenticate mail senders.
SPF
SPF, or Sender Policy Framework, is an email authentication protocol that authenticates the source IP address of the server that sent the email. It does this by comparing it to the authorised list of sending sources contained within your SPF record – as long as it is properly configured.
Think of it as a phone book that has a list of trusted IP addresses of the servers that are allowed to send emails from your associated domains.
DKIM
DKIM, or DomainKeys Identified Mail (DKIM), is an email authentication protocol that allows an organisation to prove ownership of a message by signing it in a way that email receivers can validate.
Think of it as an encrypted signature or a wax seal.
How do DMARC, SPF and DKIM work together?
When an email is sent, it will be checked by SPF and DKIM protocols to further verify the email sender. Using this information, your DMARC policy can then decide how an external mail server should handle emails that appear to be suspicious based on DKIM and SPF information. If the email passes the SPF and DKIM checks, the recipient will receive the email. If the email fails these checks, it will be blocked, rejected or quarantined depending on the configured DMARC policy.
If your organisation doesn’t have SPF or DKIM protocols in place, your emails may not reach their intended destination. Without DMARC, your organisation will be unable to properly verify these emails as genuine.
While each of these protocols has anti-spoofing capabilities, each works wonders when combined. Only by layering these protocols can your organisation better:
- Prevent spammers, phishers, and other unauthorised parties from sending emails on behalf of your domains
- Protect your organisation from reputational and financial damage
- Improve the deliverability rate of the emails that you are sending
- Enable trust in the emails that your organisation sends
- Increase visibility of both legitimate and fraudulent use of your domains via DMARC reports
How does DMARC compare to Email Filtering solutions?
You’re probably wondering if having a DMARC Policy in place really matters if you already have an email filtering solution. The simple response is ‘Yes’ – it absolutely does.
While Email Filtering Solutions work very hard to identify Phishing emails, they can only analyse the email on a superficial level, looking at:
- Header
- Footer
- From Name
- From Email Address
- Content
- Links
- Images
- Attachments
If an email appears to be a phishing attempt, it will be rejected or quarantined depending on your Email Filtering setup. However, it doesn’t do much to protect against more sophisticated attacks that try to replicate your brand.
Therefore, a layered approach to email security is the best way forward.
Go the extra mile with BIMI
If you really want to go the extra mile to authenticate your organisation’s brand, DMARC also works alongside BIMI, or Brand Indicators for Message Identification. In simpler terms, this shows your brand’s logo next to the marketing emails that you send.
Image Source: Nation Marketo
BIMI is another way of authenticating your brand so that your customers know that the emails they are receiving from your organisation are genuine.
DMARC Mythbusters
DMARC was first established in 2010 by fifteen leading organisations, including PayPal, Google, Microsoft, etc. So, it may be no surprise if you’re already familiar with this email protocol.
While the tech may be older, the concept of layering these technologies is only now being encouraged. However, due to its history, there may be some misconceptions that have slowed down the adoption of DMARC.
Myths
- I’ve implemented SPF and DKIM, so I don’t need DMARC
- I have so many domains that need securing, won’t my DMARC setup be too complex?
- DMARC reports will be too confusing and will contain personal information
- DMARC is solely a security project and will stop my email marketing from working
- DMARC only fights against Impersonation attacks
- I need to only protect my primary email domain
These myths are just simply not true anymore. DMARC and its capabilities have dramatically improved since 2010, as well as our knowledge of maintaining the security of your emails.
Truths
- SPF and/or DKIM don’t provide enough information on their own and, therefore, servers need DMARC to effectively authenticate emails
- It helps to smooth business processes
- DMARC can now provide a centralised report for all your domains
- DMARC, isn’t just for security, it will also will provide better deliverability of your marketing emails
- DMARC will protects against a variety of email attacks, not just impersonation and spoofing
- All domains would need to be accounted to efficiently reduce the risk of spoofing attacks
How can Air IT help?
27% of cyberattacks that were reported by UK Businesses in the last 12 months were believed to be impersonation attacks. This makes impersonation emails the second most common cyberattack. Therefore, it is important for businesses to give their email security the necessary TLC. By Adopting DMARC, SPF and DKIM—and setting a policy that utilises all three steps of verification – the risk of an employee falling for a spoofed email will reduce drastically. You will also gain the trust of your customers.
We also thought it would be important to note that Microsoft is preparing a new feature for Exchange Online that will report, throttle, and block emails from unsecured on-prem Exchange servers. Without a layered email approach, your email server could be marked by Microsoft as a security risk.
If you would like to find out more information on DMARC, SPF and DKIM and how they can help bolster your email security, feel free to get in touch.