Meet the cyber security protocol that reduces phishing attacks and improves email deliverability.
Email: The easy way in?
According to a recent report published by LinkedIn, phishing is the top cyber security concern for organisations.
Email security measures come in many forms but ultimately all forms are intended to keep the volume of spam emails to a minimum and to detect unwanted content (from malware to suspicious links) to prevent them reaching the user’s mailbox.
But what if the email comes from a legitimate domain?
All email security measures, other than DMARC, are likely to be virtually ineffective where an email comes from a legitimate domain.
Not all email security measures are created equal
Email impersonation: Your evil twin
Anyone with even the most limited knowledge of coding can learn the basic steps required to impersonate someone’s email identity. All it takes is a quick Google search. The result is an email that looks legitimate and does not have the typical indicators of a phishing attack, such as a suspicious email address. An email server will allow such an email into a user’s inbox if the appropriate security measures are not in place, making it difficult for the user to identify whether the email is a phishing attack.
Email impersonation bypasses the following security measures:
It is not surprising that many users are deceived by phishing emails. Although there will not have been any wrongdoing by the organisations and a spammer does not need to access their systems, many governments and regulators consider that organisations have a responsibility to safeguard their customers against phishing attacks. As such, organisations which have not taken appropriate measures to safeguard their customers may be liable for a data breach.
In the last decade, a series of email protocols have been introduced by industry leaders to provide email authenticity and to block phishing emails, as well as to increase the deliverability of genuine emails
What is DMARC and how it can help tackling the worldwide issue of phishing attacks?
In 2011, several of the major global email providers came together in an attempt to put an end to phishing. Although there were already two email security protocols in place at that time (Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM), neither protocol effectively prevented phishing.
SPF - This protocol verifies emails which are sent from a valid IP address.
DKIM - This protocol verifies emails which have been signed by the domain they were sent from or on behalf of (by using encryption in the header of an email). While these protocols had been accepted by the major global email providers, a secondary layer was required to block the phishing emails which were being identified by the protocols.
DMARC - In 2015, the Domain-based Messaging, Authentication and Reporting Conformance (DMARC) was ratified to report on these individual protocols, accurately validate emails and block phishing attacks.
Why you should you prioritise adopting DMARC?
Most of the email security solutions currently available do not give organisations total protection against email impersonation. This is because they focus on preventing security breaches which result in spam emails being sent from within an organisation’s network boundary. They do not prevent attacks which originate outside the organisation’s network and which will not cross the network boundary. The DMARC protocol is the only way to close this loophole by ring fencing an organisation’s domain and preventing spammers from impersonating it.
DMARC is fundamental to cyber security. The UK’s National Cyber Security Centre declared that,“Widespread adoption of the DMARC protocol is essential to defend against targeted cyber threats.” An organisation that spends money on complex security measures but fails to deploy DMARC is analogous to a homeowner installing a high-tech burglar alarm but leaving the front door unlocked.
Deploying DMARC should be a logical and iterative process, however it does rely on a certain level of expertise about email security. A good DMARC provider, such as OnDMARC, will massively simplify this process and help you to reach full protection mode.
You can deploy DMARC at no cost by configuring your own reports, interpreting the results and then adjusting your SPF and DKIM configurations accordingly. However, DMARC XML reports are very lengthy and require staff resourcing to interpret the data and make adjustments. DMARC providers, such as OnDMARC, provide support in interpreting these reports and guidance on the appropriate DMARC configuration to get to the stage of being able to implement p=quarantine or p=reject policies more quickly.
Get in touch with Sprout to explore your options for your DMARC implementation strategy
Sprout IT's software partner is OnDMARC, an easy and intuitive way to deploy and maintain DMARC protection across your domains. By analysing the dense and complex DMARC reports OnDMARC not only gives you insight into what's happening across your domains but also what to do about it. Give us a call on 44 (0) 20 7036 8530 (Choose option 2) or get in touch here.
For more information on phishing and DMARC download our DMARC guide.