Businesses, like yours, rely heavily on email for internal and external business communication, so safeguarding your email is necessary to ensure your company’s interests are protected against harmful phishing attacks. Email phishing is when a third-party (usually a hacker or malicious website) uses the brand identity of a company to deceive a recipient into divulging sensitive information. The negative effects of a customer falling victim to a phishing scam are varied but damaging to your brand’s reputation. Thankfully, protocols such as DMARC and SPF are available to help combat email phishing attacks.

Why Using DMARC and SPF on Mail Servers Is Necessary

The original standards for email were written without much attention to security; the Internet of the time was a small community of scientists, not a commercial platform. This oversight meant email was sent in clear text with no encryption and anyone could pretend to send email from any domain with a simple change to the text wrapper of the email.  My coworkers used to enjoy sending emails to random coworkers from santaclaus@northpole.com around Christmas every year.

However, email authentication technology has made great strides in securing mail servers in the fight against hackers and online criminals. Blacklists started off as a means to detect and limit IP addresses and domains that were frequent bad actors.  And now, technologies such as SPF, DKIM and DMARC can recognize and halt the most convincing fraudulent emails in their tracks. SPF plays a key role in email delivery by letting you control who sends messages on your company’s behalf, while DKIM allows you to cryptographically sign an email, and DMARC ties them all together by allowing recipients to provide senders with information about email sent on their behalf.

By the Numbers

Industries as a whole are implementing these authentication tools to offset the increasing number of phishing scams, with 80% of all federal domains currently publishing a DMARC record. This rise in adoption reflects a positive shift in the way entities should treat email threats.  As a federally mandated security measure, it is clear that using DMARC for email security is becoming a necessity for doing business.

On the other hand, in the United States, only Fortune 500 companies and large technology businesses have a DMARC adoption rate of 50% or higher. This gap shows that IT departments lack the necessary skills to handle such a task. But, not all the news is bad – 28% of Fortune 500 companies were utilizing DMARC at the end of 2017,so the jump to nearly double that number is great progress. However, almost 50% of companies have yet to implement DMARC into their email security, an area for improvement.

Next Steps with MxToolbox

If your business domain is not DMARC compliant, MxToolbox recommends you begin to to evaluate and adopt this beneficial email technology to improve delivery rates and stop the onset of malicious phishing attacks. Start with ensuring your SPF setup is correct, a vital piece that DMARC depends upon.  Once you have SPF configured, move to adopting DMARC.  Phishing and other scams are preventable, so why not take the fight to them? After all, your brand reputation relies on keeping your customer communications secure and legitimate. Contact our expert team to discuss your DMARC and SPF options to safeguard your messages.