CATEGORY: DMARC: What it is and why you need it

DMARC: What it is and why you need it

With over 300 billion of sent and received emails per day worldwide, there’s no channel with a wider reach than email, so you can understand why it is also the favoured choice for cyber criminals to use for malicious purposes. Indeed, 95% of all hacking attacks and data breaches involve email. 

This explains why technology and security experts are constantly enhancing the tools to fight this type of popular cybercrime. 

DMARC, which stands for ‘Domain-based Message Authentication, Reporting & Conformance’, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email. (Source: dmarc.org) 

It adds value by not only providing full insight to how your sending domain is used worldwide, but it also makes phishing attacks visible. It is powerful in helping to mitigate the impact of phishing and malware attacks, preventing spoofing, protecting against brand abuse, scams and avoiding Business Email Compromise (BEC) attacks that have been on constant rise over the last few years. 

Technically, DMARC is a DNS-based (domain name system) authentication standard that publishes who is allowed to send emails as you. It enables email gateways across the world to adhere to your security specification and permission policy as well as send you or your security providers reports for analysis to identify unauthorised sources. 

You can specify the actions to the receiving mail server based on three options: none (don’t do anything), quarantine (temporary protection for later action) and reject (strict, do not deliver!). 

DMARC provides the domain owner with the option to protect their sending domains both internally and externally. In other words, it stops criminals from sending your employees fake emails claiming to be a colleague, executive or employee and it helps prevent the abuse of your brand and domain name outside your company. 

How will DMARC protect me and my data? 

DMARC is an outbound security protocol, meaning it simultaneously protects recipients and your brand reputation from being exploited. It is important to remember that bad actors who use your domain to trick people into opening emails are not doing so innocently or by chance, they are piggybacking off the weight of your brand reputation and relying on it to encourage email opens.  

DMARC helps to stop this impersonation, by telling mail servers not to accept emails that are not from a source authorised to deliver for you. So, bad actors cannot use your domain to send phishing emails and carry out Business Email Compromise (BEC), resulting in reduced: 

• Invoice fraud  

• CEO fraud 

• Vendor fraud  

• Ransomware  

• Whaling 

• Spoofing emails  

• Supply chain attacks 

When the DMARC policy is set to p=reject, mail servers are told not to accept emails and deliver to their users when the email does not come from the authorised server and or include the correct digital signature. This will help with better protection from data compromise and fraud across the board. 

What are the benefits of implementing DMARC? 

In the words of the National Cyber Security Centre: When you implement anti-spoofing measures and secure your email while in transit, you: 

• Help protect the individuals and organisations you do business with by making it difficult for cyber criminals to spoof your email address 

• Help protect your brand and reputation 

• Reduce phishing fraud, down-time of essential services (e.g., NHS, Utility companies, banks, etc.) 

 

Online industries most targeted by phishing attacks as of 1st Quarter 2021: 

 

The NCSC Mail Check service 

Along with our in-house tools such as the deliverability dashboard, we promote the use of Mail Check to assess email security compliance and adopt best practice and secure email standards. We can work with your technical and compliance teams to ensure that your sending is configured correctly whether we are managing a domain on your behalf or assisting your team with appropriate designation of a subdomain.  

Why is DMARC so important? 

For email senders it is essential to have ALL the methods of authentication correctly configured and set up to ensure that all your emails are delivered to the inbox. 

ALL major email providers including Gmail, Outlook, Hotmail, Microsoft365, Yahoo, etc. check for the correct authentication, configuration and DMARC policies. By not having this alignment of authentication methods and policies, your reputation will suffer and your ability to successfully deliver your comms to your recipients will be severely compromised. 

What else might I need to know? 

According to Proofpoint’s resident CISO, organisations choosing to navigate the DMARC journey without outside assistance, using internal resources, tend to stumble. This is why the expert operations team of e-shot will set it up for you or guide you through the configuration as well as continuously monitor it through our internal systems while giving you visibility in the e-shot Deliverability Dashboard.