Monthly Archives: July 2019

Why DMARC is Not Set It and Forget It

Email DNS (Domain Name Service) records have become the linchpin for improved email delivery. Without the four major components (discussed below), your company’s outbound messages are at high risk of being rejected by inbox providers.  Worse, without proper Email DNS configurations, your brand is at risk of falling victim to phishing or spoofing scams.

To get email delivery to it’s highest levels, you need:

  • MX (Mail Exchanger): Resource record specifying mail server responsible for accepting email on behalf of a domain.  Without an MX record, no email is coming to your domain and most, if not all, recipients will check for an MX record before accepting email from a domain.
  • SPF (Sender Policy Framework): Email authentication method designed to detect spoofing via authorized domain list.  With SPF, you designate what IP addresses and domains can and cannot send on behalf of your domain.  Recipient systems check this list and may reject email from unlisted sources.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Email validation system designed to enable inbox providers to provide feedback on email that is sent from your domain.  DMARC enables senders to detect and prevent email spoofing (forged sender addresses used in phishing and spam efforts).
  • DKIM (DomainKeys Identified Mail): Email authentication method designed to enable senders to sign their emails so that inbox providers can easily detect spoofing via digital signature.

DMARC works best when senders have adopted both SPF and DKIM and achieving DMARC compliance using SPF and DKIM is a vital step in ensuring your emails are delivered.

How do you become DMARC Compliant?

The importance of reaching DMARC compliance can’t be overstated.  Essentially, your company’s email reputation, and email deliverability, relies on this protocol.

Once DMARC has been implemented, it allows you to:

  • Monitor, detect, and fix real-world problems with your email delivery
  • See the email volumes you’re delivering to inbox providers (including which providers)
  • Identify threat emails purporting to come from your domain (i.e., spoofing/phishing using your domain)
  • Defend your reputation against spoofing attacks using your domain.

Essentially, DMARC gives you the information and tools necessary to improve your email deliverability, defend your brand from spoofing, and even reduce the amount of spam on the Internet.  Without DMARC, inbox providers will begin to see your email as riskier than your DMARC-compliant competitors and more of your email will end up being classified as Bulk, Junk or even denied.  What you need is a way to decipher all of the information that DMARC reports provide.  Tools like MxToolbox Delivery Center give you that.

Set It and Forget It?

It is fair to assume that once you configure DMARC correctly, you’re done with the process and email will flow freely and without incident.   Unfortunately, this is not the case.  Your business will change and so will your email configuration.  If you want your company’s email delivery rates to stay consistently high, then you must routinely monitor and adjust your DNS records as your business evolves. There are several routine scenarios that can cause issues if you ignore your settings.

Adding a Sender

Your company’s Marketing Department adds a new email vendor, Sales adopts a new CRM or Support trials a new online support tool.  Now, you must add each of these providers to your SPF records, verify them, and setup DKIM with them otherwise emails from these systems will be rejected.  Next comes a breaking in period where you need to monitor delivery rates of email sent from these platforms.  You might have to temporarily lower your DMARC policy to Quarantine or None to ensure that email from these sources is accepted.  You need a tool to continually monitor your DMARC compliance and email deliverability to ensure that your email is reaching your customers and business partners.

A Trusted Sender is Blacklisted

The primary safe guard for email delivery is still blacklisting IP addresses and domains that are frequently used in spam, phishing and malware attacks.  An inbox provider doesn’t even process email from a blacklisted IP.  Blacklisted email is typically not delivered, even to junk.  If you or one of your email providers is sending from a blacklisted IP address, your email delivery is in jeopardy.  Inbox providers that utilize DMARC for feedback will only report on SPF, DKIM and DMARC compliance of emails sent, they do not report on blacklisted IPs!  You need to monitor your sending IP addresses for blacklisting to ensure your email deliverability.

Providers get Compromised

Hacks are a regular problem for every business and your email service providers could be a target as a legitimate source of email.  In fact, MxToolbox has seen individual inboxes compromised at major inbox providers several times in the last years.  If a provider is hacked, then any email sent via that provider will automatically pass SPF, DKIM and DMARC checks.  How would you know if this happens?  Only by monitoring your email deliverability and examining the forensic reports sent back by the recipients via DMARC reporting.

Fraudulent Email Volumes Dwarf Legitimate Email

With low outbound email volumes or with valuable brands, the fraudulent email volume could greatly exceed the legitimate volume of email.  In cases like this, monitoring DMARC reporting is invaluable so that your team can see the spike in message volume and change your email posture.  Even when using a Reject policy, some providers might report your domain to blacklists because of the overwhelming spam signal.  You need to monitor your domain as well as sending IP addresses for blacklisting.

Exceeding SPF Includes

As your organization grows, you will add new providers: CRMs. Market Automation, Support, Inbox, etc.  Each provider you add will need to be entered into you SPF record and each of these providers will have a range or ranges of IP addresses in their own SPF records.  The RFC on SPF allows for at maximum 10 includes in the tree, after which no other includes are read.  You might add a provider and exceed the limit of SPF includes or a provider might add a new range to their SPF and exceed the limit.  Without monitoring your email delivery and email configuration, you would never know until email fails to reach your customers.

How do I monitor email deliverability?

To monitor and manage email deliverability, you need a tool that constantly analyzes and reports upon:

  • SPF, DKIM and DMARC Compliance
  • Blacklisted Sending IP addresses and Domains
  • SPF, DKIM and DMARC Configuration
  • Known Senders, Forwarders and Email Threats like Fraud and Phishing
  • DMARC Forensic Information*

Only MxToolbox Delivery Center provides you with all the information you need to properly manage your email deliverability, from setting up email best practices to managing email delivery for the longterm.  Delivery Center Plus* even includes Foresnic information for detailed threat research.

MxToolbox has everything you need to improve email delivery with DMARC and only MxToolbox provides the Experts capable of managing your email delivery posture.  MxToolbox Managed Services can get you up and running quickly and manage your email delivery in the longterm.

What is Spear Phishing?

Phishing attacks have become an unfortunately common occurrence.  A relatively new wrinkle is called spear phishing where the phishing email targets a specific individual, business, or organization.  Spear phishing is used for two main purposes:

  1. Steal data for malicious purposes
  2. Install malware on the target’s computer for use in against another organization

Regardless of intention, if executed properly, a spear phishing ploy is bad news for your company.

How Are Spear Phishing Attacks Performed?

Here’s a general rundown of how spear phishing scams work:

  • An email arrives in a colleague’s inbox, seemingly from a trustworthy source like a supplier, vendor or even your own corporate website. Spear phishing emails often use clever tactics like matching logos, verbiage and even similar looking URLs to those you would find normal to get the victim’s attention.)
  • The message leads the unsuspecting recipient to a well-designed bogus website either with a login portal or with a hidden cache of malware that they attempt to download and install.
  • Hackers will then sell the login credentials or malware networks to governments, private entities or other hackers for further exploitation.

Cybercriminals use tailored approaches that leverage social engineering techniques to encourage victims to act before they think to personalize messages and websites used in their scams. According to a March report on spear phishing from cybersecurity firm Barracuda Networks, these attacks are frequently researched in advance and intended to capture data, such as login credentials or other highly sensitive information. Analyzing 360,000 emails that involved spear phishing over a three-month period, the company’s researchers found that 83% of these attacks involve brand impersonation of companies users know and trust.1

Moreover, to increase success rates, spear phishing messages often contain urgent explanations on why sensitive information is needed. The combination of realistic branding and urgent need to act pushes users to act before they think.  This kind of social manipulation is “becoming the key ‘attack vector’ in cybersecurity attacks.”2  Victims are usually asked to open a malicious attachment or click on a link that takes them to a spoofed website where active passwords, account numbers, PINs, or access codes are requested. 

How to Fight Spear Phishing

Since spear phishing attacks are becoming more difficult to detect, protecting your business email is even more important. Traditional security can stop some of these scams but not all because of the clever customization. A single mistake enables fraudsters to gain access to commercially sensitive intel, forever damaging your company’s brand. In addition, spear phishing attacks can deploy malware to hijack computers, organizing them into enormous networks (botnets) that can be used for denial of service attacks.

To fight spear phishing scams, employees need to be aware of the threats, such as the possibility of bogus messages landing in their inbox. It’s a simple answer, but informed employees are the first line of defense in combatting malicious online attacks. Besides education, technology that focuses on email security is necessary.

In addition, it is important for email senders to protect their brands from use in spear phishing attempts.  Big brands like American Express, Amazon.com and PayPal were once often leveraged by fraudsters because of their wide usage, credibility and access to financial and personal information.  Now, large corporations are deploying technologies to prevent use of their brands so fraudsters are forced to use smaller, less protected brands.

Protecting Your Brand – MxToolbox Delivery Center

To protect your brand from use in phishing and fraud emails, you need to deploy new technologies like SPF, DKIM, DMARC and actively manage the information your receive from inbox providers about your email delivery status.  MxToolbox’s Delivery Center  provides your business with the email deliverability insight you need.  Our Experts combine best practices on email delivery with new technologies and our own experiences to give you best-in-class incite into the deliverability of your known email senders and early warning on emerging threats emails like spearphishing.  We can even manage your email delivery with our Managed Services program.

1, 2 Gizmodo, Privacy and Security. https://gizmodo.com/spear-phishing-attacks-are-on-the-rise-security-firm-s-1833455812

BIMI Record – What is it? How Does it Add to DMARC?

Brand Indicator Message Identification (BIMI) is an industry-wide standards effort to use brand logos as indicators to help email recipients recognize and avoid fraudulent messages. This standard is still currently in beta with only several brands from Oath (Yahoo!, AOL, etc.) testing this concept in front of their mailbox users.

If this standard comes to full fruition, it should be a win-win for both businesses who send email and all individual users of email. Email users will have a robust means to visually identify phishing/spam emails posing as businesses upon their arrival to the email inbox and businesses will have the added benefits of:

  • Their brand images prominently displayed in their audience’s inboxes bringing positive attention to the brand at near zero cost
  • Improved delivery rates via the adoption of DMARC and reduced spam classifications

How BIMI Records Work

A fairly recent improvement, most of today’s email shows your brand’s initials in the customers’ inboxes (e.g., R signals Redbox, DT means Discount Tire). This helps current and potential clients identify and trust messages received by these recognizable companies. With BIMI records, that trust factor significantly increases because an actual logo is used in place of mere initials. By publishing a DNS Record, the inbox provider automatically integrates your brand into every email sent from your domain (e.g., Best Buy logo displayed instead of BB).  This allows message recipients to recognize and have confidence in clicking the message in question.

Requirements of BIMI Records

Using BIMI requires ensuring DMARC authentication is set up on the domain. In fact, the BIMI concept is viewed as an extension of DMARC. Both protocols are highly beneficial to ensuring a domain’s messages are delivered and to help crack down on phishing and spoofing attempts. If you haven’t setup DMARC yet, you can learn about more of the benefits here. If you already have setup DMARC (great job!) keep checking back with us, as we’ll let you know when this beta concept gets rolled out to everyone.

Steps to Publish BIMI Records

After getting DMARC setup and ensuring it’s running smoothly for your domain, integrating the added bonus of BIMI looks to be as simple as creating a BIMI Record, a type of TXT DNS Record. We will post the full details when the standard gets out of beta.

MxToolbox is currently monitoring BIMI records in beta for the purposes of helping customers adopt technology if this development is proven beneficial for our users.

If there has been something holding you back from implementing DMARC our Delivery Center tool will put your company on the right path to enabling and enforcing DMARC. If you have already setup DMARC, we recommend discussing your specific situation with one of our email delivery experts to ensure your business is setup correctly and optimized for the best email delivery. You might be missing key DMARC insights or accidentally overlooking important email delivery problems. MxToolbox products have all you need to employ DMARC and increase email delivery rates for your brand. After all, your company’s reputation depends on it.