How to prevent company domain email spoofing using DMARC

We live in a technological world where we're always having to look over our shoulders, be on our guard and take whatever steps are necessary to protect ourselves - and our affiliates from hacks, viruses and scams.

We have all received phishing emails purporting to be from reputable companies, some of which are very sophisticated but are, in fact, created by cyber criminals in order to gain access to sensitive information in order to steal or defraud. So how can companies combat this rising trend and protect their domains from being used for spoof attempts?

Let's take a lead provided by HMRC as a good starting point. The hmrc.gov.uk domain was previously the target for an estimated half a billion scam emails per year sent to UK taxpayers in attempts to fool the recipient. HMRC implemented the DMARC (Domain-based Message Authentication, Reporting and Conformance) protocol to great success and effectively eradicated the problem. For now, at least, cyber criminals are more likely to target organisations that do not have DMARC implementation as they are softer targets.

DMARC ensures that legitimate emails are authenticated against SPF records (Sender Framework Policy) and DKIM (Domain Keys Identified Mail) standards and can block emails which appear to come from domains controlled by these records unless they align correctly. Only if an email passes the relevant checks will it be delivered correctly because DMARC determines which email servers can send messages on behalf of any given domain. A successful DMARC policy tells the receiving mail server how to treat an inbound email from its domain - whether to pass or fail the SPF or DKIM checks (or a combination of the two) and what to do with the email depending on how it fares - pass, quarantine, or reject altogether.

Implementing DMARC can be tricky. Whilst setting up an SPF record is relatively easy, DKIM requires a little more knowledge of DNS and the use of encryption keys, and DMARC involves setting up a policy, monitoring reports and eventually setting up permanent rules. Commonly used mail platforms like Office 365 takes out a lot of the headaches from DKIM setup but others may be more cumbersome. Any organisation implementing DMARC needs to have an inventory of all the locations from where legitimate company emails could be sent from – i.e. mail server; CMS; web server; Mailchimp or other third parties. The records for all of these locations need to be added to the records in order to successfully pass the checks.

Speak to us if your company is the target of email spoofing and you are interested in implementing DMARC.

Comments

Add new comment