Spoofing and phishing, the practice in which criminals send e-mails masquerading as a trusted source in order to obtain users’ credentials or install malware on the victim’s computer, has long been a problem that has plagued financial institutions, the healthcare industry, law firms and others. The concept is simple: an e-mail is sent that appears to the recipient as if from an individual or entity it knows and trusts. The user opens the message and follows the instructions contained in it, whether it’s to download and open an attachment, which often contains a virus that installs itself onto the victim’s computer that will record keystrokes (including the user’s login credentials for various Web sites or the computer itself), replicates itself throughout the user’s network, thus infecting potentially an unlimited number of machines, acts as a gateway for other attacks, and more. Or the e-mail may warn users that their bank accounts had been compromised and that they need to reset their account passwords. The user is then directed, via a link contained in the e-mail, to the attacker’s Web site that’s made to look like the login portal of the user’s bank. Users then proceed to log in with their account credentials and the attacker now has the information it needs in order raid the user’s account.
Since it was introduced to the public in 2012, the Domain-based Message Authentication, Reporting, & Conformance (DMARC) specification has proven its value in combating fraudulent email. Email is an essential channel of communication but to be effective, the recipient must trust that it comes from the identified sender. Combating fraudulent email requires coordination among senders, receivers, and security professionals. Working together, they have created an effective defense that helps authenticate email as being legitimate.
There are following statistics for +ve Response:
- 35% of messages received by large mailbox providers are from domains protected by DMARC
- 50% increase in sending domains publishing DMARC records over the course of 2014
- 200% increase in messages protected by a DMARC “reject” policy over the course of 2014
- 6 times as many sources sending DMARC reports over the course of 2014
- 7 of the top 10 US FDIC banks protect their primary domain with DMARC
Email professionals have known for years that authentication helps to protect their customers, but with DMARC they finally have actionable information about email that uses and abuses their domains. Part of the reporting offered by DMARC includes visibility into legitimate email that fails to authenticate, enabling them to take corrective action. Receivers are also able to improve their email filtering systems to take advantage of the technology.
Looking beyond customer protection, companies are turning to DMARC as an additional defense against attacks targeting their employees. Such attacks, known as spear phishing, are insidious attempts to trick employees into revealing sensitive information. Companies that fully authenticate their email can apply DMARC to incoming email, rejecting unauthenticated messages, lowering the risk of spear phishing.
All of this protection is transparent for customers and employees as email is authenticated between the servers themselves. End users have enough to think about, and wondering if an email in their inbox is legitimate shouldn’t be one of them. When using a mailbox provider that supports DMARC, a user can rely on fraudulent email being handled according to the sender’s DMARC policy. As more mailbox providers support DMARC around the world, protection continues to expand.
While having SPF and DKIM on a given domain is all fine and nice, the challenge is that receiving organizations don’t know if they should look for those items. Additionally, if SPF or DKIM fail for one reason or another, impacting the delivery of email, the sending organization might not be aware of the error.
DMARC policy aims to solve both those issues.
A DMARC policy is included in a DNS record for a given domain, enabling the sender to specify if messages are protected by SPF or DKIM. DMARC policy also integrates an email address that can be used to for sending compliance reports for non-delivery of emails due to DMARC policy violations.
The DMARC policy itself is flexible, allowing organization to set different parameters and tolerance for non-compliance.
DMARC is not a panacea for all that is wrong with modern email. It does, however, provide an authentication layer that could help to cut down on spam and fraudulent emails. Without DMARC policy, recipients have no easily assured way of knowing if a given email actually came from or was authorized by the domain it claims to come from.
DMARC is an important component of modern IT security hygiene in 2018.
If you want to explore the solution for the same. please connect with us at firstname.lastname@example.org