Category Archives: Email Delivery

Microsoft Office 365 Requires DMARC Compliance

Microsoft is taking more proactive steps to ensure email security by rolling out a new feature for Office 365 called Unverified Sender.  It allows users to keep their Outlook inbox safer and reduce fraudulent mail by flagging email that are not DMARC compliant .  If you send email to Outlook.com users or Office 365 users, this could severely impact your email deliverability!

How Does the Unverified Sender Feature Work?

According to their official Microsoft Roadmap, the Unverified Sender feature is described as follows:

“Unverified sender is a new Office 365 feature that helps end users identify suspicious messages in their inbox. In order to help customers identify suspicious messages in their inbox, we’ve added an indicator that demonstrates Office 365 spoof intelligence was unable to verify the sender.”

The Unverified Sender feature checks if the sender of an email can be verified. If its origin is found and identified as harmful/fraudulent, this feature works by providing Outlook users with a distinct visual indicator. 

When an Unverified Sender is detected, Outlook customers will see a “?” next to a message you sent to their Office 365 inbox, which means it is considered unverified. 

For example:

message-did-not-pass-verification

Once Unverified Sender is enabled by the user, the warning indicator will alert Office 365 customers about the potential risk that the email poses, especially phishing attacks or sender spoofing attempts

What Criteria Is Used?

To be Verified, your email must pass either SPF or DKIM authentication and also achieve DMARC compliance. When Outlook can’t verify if the identity of the sender is DMARC compliant, the “?” indicator is displayed in the sender photo field, as shown in the above visual. With this update from Microsoft, DMARC should now be at the top of your priority list if you haven’t adopted it yet.

How Does the Feature Affect My Business?

If your business sends email to Office 365 and Outlook users (which most businesses do today), it’s critical to avoid being marked as an unverified sender.  Adopting DMARC and getting all your legitimate senders to DMARC compliance is now a business necessity. Without DMARC, you run the risk of having Microsoft’s new Unverified Sender feature label your outbound messages as suspicious threats customers, vendors and partners, impacting your email deliverability and potentially your business.

MxToolbox is here to guide your company through the DMARC process and help optimize your email deliverability.  We offer several solutions to help you get your email DMARC compliant and monitor the on-going DMARC compliance of your email:

  • Delivery Center is our base package that allows you to monitor the SPF, DKIM and DMARC compliance of your email while giving you insight into emerging email threats.
  • Delivery Center Plus gives you all the great reporting of Delivery Center combined with deeper reporting on Phishing and Fraud using your domain.
  • Delivery Center Managed Services gives you access to our Email Experts who manage your DMARC compliance and free you to focus on your business.

 

Using MxToolbox to setup SPF, DKIM and DMARC

A few months ago, our friends over at BEMO cybersecurity paid us a huge compliment  by blogging on two of our favorite topics, MxToolbox and implementing DMARC.  Their blog, MxToolbox: How to Enable SPF, DMARC, and DKIM, is a great guide for setting up SPF, DKIM and DMARC in a single outbound email sender Office 365 configuration.  If you’re getting started with SPF, DKIM and DMARC, this is a great guide to using our free tools and improving your Office 365 configuration for better email delivery.  

Since not all outbound email configurations are the same, our delivery experts had a few thoughts to add…

Do you have Multiple Outbound Senders?

Most companies send corporate email from a centralized set of servers.  Office 365 and Gmail do this for many companies, but you could also have an internal email setup like MS Exchange.  However, many companies also employ one or many 3rd party email senders.  For example:

  • Marketing Automation (Marketo, Eloqua, Hubspot, etc.)
  • Email Campaign Tools (MailChimps, Constant Contact, etc.)
  • Customer Relationship Managers (Salesforce, Zoho, Microsoft Dynamics, etc.)
  • Support Ticketing Systems (LiveAgent, ZenDesk, etc.)
  • Order Management and Fulfillment

You will want these services to send email “from” your domain, so they need to be included in your SPF, DKIM and DMARC configurations.  This will mean additional IP address ranges in your SPF record, additional DKIM keys setup and monitoring DMARC compliance for all your outbound email senders.

Do you send email from Multiple Domains?

Whether your company has acquisitions or other brands you wish to send email from, you may operate and email from multiple domains.  For this type of configuration, you’ll need to configure SPF, DKIM and DMARC for each domain you send from.  Similarly, MxToolbox Experts are finding that it has become more common to send email from a dedicated subdomain, like email.yourdomain.com.  This also requires careful thought and may need additional SPF, DKIM and DMARC configuration.

Everyone should be looking at DMARC Reports

When you configure DMARC records there are two important tags that you can use to elicit feedback on your sent email from inbox providers – RUA and RUF.

mxtoolbox-dmarc-record

RUA – List the email addresses you would like to receive SPF, DKIM and DMARC compliance information from inbox providers.

RUF – List the email addressed you would like to receive Forensic data on failed email from your domain.

These RUA and RUF reports are sent in XML format by each individual inbox provider.  The information sent is highly valuable to protecting and improving your email deliverability.  However, to gain insight from them, you need some way to aggregate these reports across all these inbox providers.

Go slowly on your road to Quarantine or Reject Policies

If you have a single sender setup, then you can go straight to Quarantine or Reject policies on DMARC without concern for a portion of your email being unfairly rejected.  Most companies, though, have multiple outbound email senders.  Before you commit to Quarantine or Reject, you need to ensure that all of your legitimate outbound email senders are sending SPF, DKIM and DMARC compliant email.  If not, email from these sources may miss the inbox.  It takes some time and effort to:

  1. Examine DMARC reports
  2. Uncover non-compliant senders
  3. Update each non-compliant configuration
  4. Evaluate the changes you made

Once you are confident that your legitimate email is getting through, the DMARC record enables you to set a percentage of your email to the Quarantine policy.  Starting with a small fraction, like 10%, gives you the opportunity to detect any email that might go missing from customers’ inboxes.  MxToolbox recommends a slow, iterative approach through Quarantine to Reject policies.  Once you are at 100% Reject, MxToolbox recommends continual evaluation of your senders DMARC compliance.

Leverage MxToolbox SPF and DMARC record generators

As part of our suite of free tools, MxToolbox provides an SPF Record Generator and DMARC Record Generator tool.  Use these to help you get the syntax of your DNS records correct, then use our check tools to that your DNS entries are properly detectable by the outside world.

BIMI Lookup Tool

MxToolbox is excited to announce the unveiling of another free tool for your use: the new BIMI Lookup tool. This innovative tool enables you to test your Brand Indicator for Message Identification (BIMI) records, ensuring that your BIMI record is correct and adheres to the current standards.  A missing or incorrectly formatted BIMI record means your customers may not see your domain’s logo in their inboxes. 

What’s BIMI and Why’s It Such a Big Deal?

BIMI is an industry-wide standards effort to display brand logos next to the brand’s email messages in their customer’s inboxes as indicators of trust to help message recipients recognize and avoid fraudulent emails delivered to their inboxes. This new standard, which is currently in beta testing, is important to email senders and their customers alike. Businesses get a prime opportunity to add trust to the emails they send and increase the visibility and ROI of their email programs, while recipients also benefit from senders deploying DMARC and other BIMI authentication standards to reduce the success of phishing attacks.

BIMI builds off of DMARC, with some outlets calling it DMARC 2.0, and will only display if you have deployed DMARC. Several Oath brands (Yahoo!, AOL, etc.) are currently beta testing the BIMI standard with their mailbox users. Gmail will also be rolling out their own beta test of the BIMI protocol in 2020. With Gmail’s current 1.2 billion worldwide users able to see a company’s logo displayed within a year’s time, adopting the BIMI standard will be highly beneficial to your business email practices. As DMARC and BIMI work in tandem to improve message delivery, it becomes imperative your brand utilizes these pioneering email technologies and standards.

How MxToolbox’s BIMI Lookup Tool Works

The new BIMI Lookup tool allows you to check for any errors included in your BIMI record published content, syntax check content, DMARC record format, or image format content. By entering your company’s domain name and clicking the “BIMI Lookup” button, this diagnostic tool will parse the BIMI record for the supplied domain, display its BIMI record, and run a series of diagnostic checks against that specific record. The provided results will help you recognize any current issues in your BIMI record’s setup that may prevent your logo from being displayed in Yahoo!, AOL, and Gmail (early 2020) inboxes.

To learn more about BIMI and how it’ll benefit your business, please click here.

Ultimate Combo

MxToolbox’s free BIMI Lookup tool is a great way to ensure your BIMI record is setup correctly and displays your logo as intended. BIMI provides your business an opportunity to grow your brand and protect your customers. Implementing this standard and monitoring it with our new tool are positive steps in improving your business email delivery. Don’t let your messages be sent to the Junk folder anymore.

How to Create a BIMI Record

Brand Indicators for Message Identification (BIMI) is a standardized way for companies to use their logo as a visible indicator to help email recipients recognize and avoid fraudulent messages. BIMI builds on the DMARC email authentication protocol to develop trust with current and potential customers. For a closer look at the new BIMI standard, please click here.

Creating a BIMI Record

The following steps outline how to create a BIMI record for your domain:

1. Create Image in SVG Format

First, you’ll need to obtain a copy of your logo and convert it to SVG format. For those steps, please click here.

2. Visit DNS Hosting Provider and Select Create Record

Now that you’re ready to create a BIMI record for your domain, visit your DNS hosting provider. After logging in, locate the prompt to create a new record.

3. Add Host Value

In this field, you’ll likely input the value _bimi and the hosting provider will append the domain/subdomain following that provided value. (ex: default._bimi.example.com)

4. Select TXT DNS Record Type

Based on provider, you’ll likely see a dropdown list of DNS record types. Because a BIMI record is a kind of TXT DNS record, be sure to select the “TXT” option.

5. Add “Value” Information

There are two required tag-value pairs that MUST be present on every BIMI record: v and l.

  • The only tag-value pair for v (version) is v=BIMI1
  • Confirm l (location) tag is present and followed by a full URL of your logo using HTTPS (l is lowercase L)

6. Publish BIMI Record

Click “Save Record Set” button to generate your new BIMI record.

7. Test BIMI Record for Errors

The last step you will want to perform is to Run a BIMI Record Check to verify the record you just created has the correct values and syntax. This tool will also render how your logo will appear in email clients.

Note: Creating your BIMI record and publishing it to the DNS per the above steps doesn’t automatically display your logo in all customer inboxes. Currently, several Oath brands (Yahoo!, AOL, etc.) are testing the BIMI standard in beta with their mailbox users, and the inbox providers that participated in developing the protocol and are likely to add BIMI support soon. Gmail will also be rolling out their own beta test of the BIMI standard in 2020. By having your BIMI record and associated logo published in the DNS, your brand will easily be recognized and trusted by current and future customers. For details on all BIMI technical specifications, please click here.

Summation

Creating a BIMI record for your company’s logo to be visible in customers’ inboxes is a simple way to enhance your brand. Not only are current and prospective clients confident that your emails are legitimate, they also gain a level of trust by seeing your approved logo in their inbox. Each time a customer receives a message from your domain using the BIMI standard, at least three potential unique brand impressions are made—message list, email address in message, and within message itself. The quicker your business decides to adopt BIMI (when available via your outbound email provider), the more recognized your brand will be.

MxToolbox is here to Help!

MxToolbox Delivery Center is the most effective email deliverability solution for your business. With MxToolbox you get our decades of experience helping businesses just like yours manage your online reputation and improve your email delivery.

MxToolbox Delivery Center Features:

  • Insight into your SPF, DKIM and DMARC (and BIMI!) configuration to ensure your sending email properly
  • DMARC Compliance checks for all of your reported email
  • Adaptive Blacklist Monitoring of all your email senders
  • Recommendations for improving DMARC compliance and DMARC policies
  • Event-based reminders for emergent issues and on-going maintenance

DMARC is a necessity for your business!  Improve your Email Delivery!

Google Joins BIMI Working Group

If you haven’t heard the exciting news, as announced in late July, Google is joining the AuthIndicators Working Group, agreeing to pilot the Brand Indicators Message Identification (BIMI) standard. Google will beta the concept in Gmail soon, so now is the time to start getting prepared by adopting DMARC and soon BIMI.

What Does this mean to me?

Google’s decision to join the BIMI working group is a strong indicator that the BIMI standard will successfully make it out of draft stage and will likely be adopted as DMARC 2.0. For those new to BIMI, BIMI is a new authentication standard that will allow domain owners to display their company logos inside of email platforms like Gmail, Yahoo! Mail, and potentially Outlook.com/Office 365 inboxes.

The intention of BIMI is to add an additional trust layer to the validity of email senders to help thwart email phishing attacks, as domains who are DMARC and BIMI authenticated will have their logos displayed front and center in those inboxes. Beyond the boost to the fight against email phishing, domain owners should be excited by BIMI, as this will allow them to get their logos directly in email inboxes; a long sought after real estate for marketers.

What Is BIMI?

BIMI is an industry-wide standards effort to use brand logos as indicators to help email recipients recognize and avoid fraudulent messages. Essentially, it allows email inboxes like Google’s Gmail to securely display approved logos beside DMARC authenticated messages, signaling to users that the received emails are legitimate and safe to open.

The BIMI standard also allows domain owners control over which logos email recipients see. For example, an insurance company could use BIMI to display its logo next to authenticated messages sent from its domain or an alternative logo at its choosing. This gives the insurance company complete control over which images are displayed, providing brand exposure, as well as protection against spoofing.

Using BIMI requires DMARC authentication is to be implemented on the respective domain. In fact, the BIMI standard is considered an extension of the DMARC protocol, i.e. DMARC 2.0 to some. At the current time, BIMI is still in draft stage and is being beta tested in Verizon Media (Yahoo! Mail, AOL, etc.) and will be in beta in Gmail in the near future.  However, MxToolbox is here to help you get ahead with our own BIMI Lookup tool.  

For further reading about BIMI please click here

What Is the BIMI Working Group?

The AuthIndicators Working Group is responsible for developing the BIMI standards. Currently, the Working Group’s public members include Agari, Comcast, LinkedIn, Return Path, Valimail, Verizon Media, and now Google. With a shared goal of reducing email fraud, the Working Group committee of companies is aiming to help create a safer inbox experience for all email users. 

The Future of Email Delivery

With the DMARC protocol slowly becoming such a vital aspect of email delivery over the years, BIMI in combination with DMARC will only improve on the DMARC standard. Improving protection in the fight against email phishing and opening up a new and exciting avenue for brand advertising/awareness for domain owners, brands, and marketers may finally be boost needed to spark rapid DMARC adoption. With BIMI still in beta, this is a great opportunity to adopt DMARC if you haven’t yet or have been too afraid to. 

Learn more about BIMI here

Get started with DMARC here

MxToolbox BIMI Lookup

 

SPF Tool and IPv6 Updates

SPF Tool and IPv6 Updates

To continue our support of Email Delivery and Deliverability, MxToolbox is adding IPv6 support (Internet Protocol Version 6) to our SPF Tool, with more tools to come online later. When a user runs an SPF lookup, this update changes the lookup behavior for MX and A records that are specified within an SPF record (as tags).  Now,  SPF lookups will also check for AAAA DNS records and their resulting IPv6 addresses. Previously, the SPF tool only looked for IPv4 addresses when MX and A tags were present in an SPF record.  

Background

IPv6 is the most recent version of the Internet Protocol—the communications protocol that provides an identification and location system for computers on networks and routes traffic across the Web. It was ratified as an Internet Standard in 2017 and allows for larger addressing space. Every computer, smartphone, and any other device connected to the Internet needs a numerical IP address in order to communicate with other devices. Compared to its predecessor, IPv6 can handle packets more efficiently, improve performance, and increase security.

While, IPv6 has been around for decades, IPv6 addresses are now being actively used in email delivery.  MxToolbox is here to help with the transition to IPv6.  MxToolbox’s research of the current outbound email space shows that adoption has largely been among the free webmail providers such as Gmail and Outlook.com.  Additionally, 25% of the Alexa Top 1000 websites are currently reachable over IPv6 networks.

1 https://www.worldipv6launch.org/measurements/

 

The ROI of Implementing DKIM on Outbound Email

For any business that sends email, becoming DMARC compliant should be a top priority. DomainKeys Identified Mail (DKIM) is a protocol that contributes to DMARC compliance and enables a company to take responsibility for sent messages by signing them cryptographically.  Recipients of DKIM-compliant email can then verify incoming email by the signature.  Essentially, DKIM establishes a trusted relationship – recipients know who the sender is because the sender is taking responsibility for the email.   While implementation might be complicated, if your company has not implemented DKIM for all active domains/subdomains and with all sending systems, you may be risking your email deliverability.

Benefits of DKIM

DKIM is all about ownership. If your business isn’t cryptographically signing its outbound messages, why should message recipients trust you? You aren’t taking ownership of what you send.  In today’s environment, there is too much risk in email.

On the other hand, if you are currently DKIM signing emails, your email is more likely to be delivered.  Recipient email servers are more confident allowing DKIM-signed messages to be delivered to the inbox, as DKIM is notoriously difficult to spoof.  With DKIM implemented, your business is in a better position and more protected from harmful spoofing and phishing attacks, which also safeguards your customer base.

In recent years, the DKIM protocol has become increasingly popular with many ISPs.  Major inbox providers like Yahoo! and Gmail were early adopters for outbound emailing.  Now, many ISPs use DKIM authentication as a method to filter incoming mail. In this case, a sender adds a digital signature within the email header that’s verified against a published key for the domain in question.

When a mail server receives an email, it evaluates the DKIM signature in the message header and then performs the following tasks:

  1. Retrieve the public key of the sending domain via DNS lookup
  2. Use the key to decrypt the electronic signature in the email header
  3. Verify the hash value for the content

In that sense, DKIM is a beneficial method of increasing both your company’s email deliverability and sender reputation since it allows the receiving mail server to verify your reliability. As DKIM’s prevalence grows, it’s wise (and advantageous) to adopt this technology.

DKIM Tools

At MxToolbox, email delivery is our passion. We provide a wide assortment of tools to help your business achieve optimal message deliverability to protect your brand and reach customers as intended. Our DKIM Record Lookup tool will test a domain name and selector for a valid published DKIM key record. Looking for a more comprehensive analysis?  Our Email Deliverability tool is a comprehensive deliverability report that analyzes your headers, blacklist reputation of outbound IP address, and SPF records. MxToolbox helps you identify any known issues related to DKIM. To receive achieve high delivery rates, implement DKIM today. As always, we’re here to help.

A Little Blacklist History

History of Blacklists

Blacklist – in the context of technology, a list of items, such as usernames or IP addresses, that are denied access to a certain system protocol. When a blacklist is used for security purposes or access control, all entities are allowed access, minus those actually listed in the blacklist. Moreover, an email blacklist is a real-time database that utilizes criteria to determine if an IP is sending email it considers to be spam. There are many operable blacklists, and each has a unique way of accepting inbound mail and determining if messages are considered spam. Needless to say, blacklists directly impact the deliverability of your company’s emails.

Note: A Whitelist or whitelisting is NOT the opposite of a blacklist.  A whitelist is a connection or group of IP addresses that will always be accepted, typically bypassing many other security controls.  Do not ask for someone to whitelist you.

The first Domain Name System-based Blackhole List (DNSBL) was the Real-time Blackhole List (RBL) created in 1997 as a Border Gateway Protocol (BGP) list. Interestingly, the initial version of the RBL was not published using DNS, but rather a list of networks transmitted via BGP to routers owned by subscribers so that network operators could drop all TCP/IP traffic for machines used to send spam/host spam supporting services, such as a website. The term “blackhole list” is often interchanged with “blacklist” and “blocklist.”

Overview of Blacklists

Generally speaking, a DNSBL or RBL is an effort to stop email spamming. It is a blacklist of locations on the Internet believed to actively send email spam. The locations consist of IP addresses, which are typically  linked to spamming. Most mail server software can be configured to reject or flag messages that have been sent from a site listed on one or more of these lists.

Furthermore, a DNSBL is a software mechanism, rather than a specific list or policy. There are many DNSBLs in existence, which use a wide array of criteria for listing and delisting addresses. For example:

  • The IP addresses of zombie computers or other machines being used to send spam (some RBLs specialize in spam in different languages)
  • Internet service providers (ISPs) who willingly host spammers, or those which have sent spam to a honeypot system.
  • List of the IP addresses of email systems that openly relay mail (which could be used by spammers)
  • List of dynamic IP addresses at ISPs
  • List of domain names typically used in spam emails.

In order to operate a DNSBL three things are needed: a domain to host it under, a nameserver for that domain, and a list of addresses to publish.

In addition, based on data received about your IP address, there are three places for your email to end up. If your company is on a blacklist, outbound messages could end up in spam or not delivered. If in good standing, your business emails will be then go through secondary processing by the inbox provider.  Most will be delivered and show up in the inbox as intended. Most blacklist services set up their own specific methods, algorithms and honeypots and have websites that detail the reasons for listing along with delisting options.  Delisting may be requested or may be automatic in some cases (keep reading).  Note: Some less savory blacklists require a payment for delisting; Mxtoolbox does not approve of this type of business model.

What Is an IP or Domain Blacklist Problem?

Most businesses learn that their IP address is blacklisted when a customer reports missing an important email.  After multiple reports, someone usually contacts IT who looks into the problem.  Without proper monitoring of your blacklist status, your business could be at risk.

MxToolbox to the Rescue

An early innovator in addressing blacklist issues, MxToolbox built started with a free online Blacklist Check tool to help email admins, marketers, and business owners monitor their sending reputation. Since then, we have focused on email delivery solutions, introducing the most comprehensive Blacklist Monitoring service on the Internet and, now, providing DMARC-based email deliver solutions.

The Future of Blacklist Monitoring

MxToolbox believes in continually delivering innovative tools and services to help our customers who face an ever changing email world.  Recently, we released Adaptive Blacklist Monitoring, expanding the frontier of blacklist monitoring beyond traditional blacklist monitoring for businesses to answer the following questions:

  1. How do you maintain lists of all internal and external sender’s IP addresses?
  2. How do you update IP addresses being monitored when they change?
  3. How do you monitor cloud email services sending from large pools of IPs?

MxToolbox Adaptive Blacklist Monitoring leverages new technologies like SPF and DMARC to monitor your blacklist status and email deliverability across all of your senders: internal, external and cloud-based.

Automatic Monitoring

MxToolbox automatically detects all your Outbound IP addresses that you actively send email from and monitors them for blacklistings.  Add a new 3rd party sender? MxToolbox automatically monitors those new IP addresses as well. With this solution you no longer need to maintain IP lists and update monitoring.

Sender/Cloud Email Reputation

Send email through Office 365 or GSuite, etc.? MxToolbox detects the IP addresses those services are actively using to send your messages and if they are blacklisted. You can even view your sender’s reputation via MxRep to gauge how well their services are functioning.

 

What is Business Email Compromise (BEC)?

 

Email fraud targeting companies is a rampant and global problem.  According to the Federal Bureau of Investigation (FBI), cybercriminals stole $12.5 billion worldwide from businesses between October 2013 and May 2018 by compromising their official email accounts and using them to initiate fraudulent wire transfers.1 The Internet Crime Complaint Center (IC3) and the FBI are asking individuals to be aware of scams targeting businesses that work with foreign suppliers.

What Is Business Email Compromise?

The FBI officially defines business email compromise (BEC) as “a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments.” Formerly known as the man-in-the-email scams, these schemes compromise official business email accounts to conduct unauthorized fund transfers.  And, there has been a significant increase of computer intrusions linked to BEC scams in recent years.

How Do BEC Attacks Work?

The most common cons involve fraudsters impersonating high level executives, sending phishing emails from seemingly legitimate sources, and requesting wire transfers to alternate, fraudulent accounts.  BEC scams often begin with an online fraudster compromising a business executive’s email account or any publicly listed email they can get their hands on. This is usually done using keylogger malware or phishing methods—where attackers create a domain similar to the target company—or spoofing email that tricks the target victim into providing account details. Upon monitoring the compromised email account, the cybercriminal will try to determine who initiates wires and who requests them. The scammers often perform a fair amount of research, looking for a company that has had a change in leadership in the C-suite of the finance function, companies where executives are traveling, or by leading an investor conference call. The perpetrators recognize and use these as opportunities to execute the scheme.

There are five distinct versions of BEC scams:

  • Bogus Invoice Scheme/Supplier Swindle: Cybercriminal compromises employee email ► Compromised account used to send notifications to customers ► Payments transferred to cybercriminal’s account ► Cybercriminal receives money
  • CEO Fraud: Cybercriminal poses as company executive and emails finance employee ► Finance sends funds to cybercriminal’s account ► Cybercriminal receives money
  • Account Compromise: Compromised employee account used to request money ► Recipients transfer payments to cybercriminal’s account ► Cybercriminal receives money
  • Attorney Impersonation: Cybercriminal poses as lawyer and emails finance employee ► Finance sends funds to cybercriminal’s account ► Cybercriminal receives money
  • Data Theft: Cybercriminal compromises employee email ► Compromised account used to request PII of other employees/executives ► PII sent to cybercriminal’s account ► Cybercriminal receives PII, uses it for further compromise attacks

DMARC – Defending Against BEC Scams

To combat BEC scams from affecting your business, DMARC is your friend. Your inbound email servers should be configured to filter email that fails DMARC compliance, especially when it comes to email that purports to being from your own domain.

The DMARC protocol was designed to improve email quality: What should happen to messages that fail authentication and compliance test (SPF and DKIM)?  Should you Quarantine, reject, or approve?  How do you tell the purported sender that their email is failing compliance checks?  With DMARC implemented and correctly configured on your inbound servers, your company will have an advantage in reducing BEC attacks. Even with malware filtering, blacklist filtering and enhanced training/policies, DMARC reduces the threat of BEC attacks to your teams.

But what about your Customers, Suppliers and Partners?

DMARC really shines when it is configured correctly for outbound email as well as used to filter inbound email.  Outbound email leveraging DMARC, DKIM and SPF protocols protects your brand from being used in spam, phishing and malware attacks.  The key is to work with your internal and external email senders to properly configure SPF and DKIM.  Once your legitimate sent email is DMARC compliant, you can instruct recipient organizations to automatically reject non-compliant email.  Inbox Providers love DMARC because they can more easily screen for spam, malware and scam emails.  Senders love it because Inbox Providers are more likely to prioritize DMARC compliant email.

Aside from achieving DMARC compliance, businesses are advised to stay vigilant and educate staff on how to prevent being victimized by BEC scams and other similar attacks. Cybercriminals don’t discriminate on company size.  In fact, it is often easier to scam more small-to-medium companies than a single large organization. Additionally, online fraudsters don’t need to be highly technical as they have access to tools and services that cater to all levels of technical expertise in the cybercriminal underground. Because email is such a vital aspect of business communications, a single compromised account is all it takes to financially damage your company. Here are some tips on how to stay protected and secure:

  • Carefully scrutinize all emails. Be wary of irregular emails that are sent from C-suite executives, as they are used to trick employees into acting with urgency. Review emails that request transfer of funds to determine if the requests are irregular.
  • Educate and train staff. While employees are a company’s biggest asset, they’re also usually its weakest link when it comes to security. Commit to training them according to the company’s best practices. Remind all that adhering to company policies is one thing, but developing good security habits is another.
  • Confirm any changes in vendor payment location by using a secondary sign-off by company personnel.
  • Stay updated on your customers’ habits, including the details and reasons behind payments.
  • Verify requests for transfer of funds when using phone verification as part of two-factor authentication (use known numbers).
  • If you suspect that you have been targeted by a BEC email, immediately report the incident to law enforcement or file a complaint with the IC3.

Conclusion

Unfortunately, cybercriminals are a major threat to your business email. By devising malicious social engineering and computer intrusion schemes to fool employees into wiring money, cybercriminals create a serious risk for business whether large or small. This emerging global risk of business email compromise (BEC) has victimized thousands of companies around the world.

Fortunately, there are technologies, like DMARC, that help secure your company’s email  and fight against BEC and other phishing scams. By implementing DMARC and educating employees, the prevalence of online fraudsters and their BEC cons will be minimized. At MxToolbox, our knowledgeable team has over a dozen years helping companies improve their email delivery and protecting companies from email-based threats.  Our latest product, MxToolbox Delivery Center, leverages DMARC to protect your brand from fraud and phishing and improve your email deliverability.

1Information Security Media Group, Corp. https://www.bankinfosecurity.com/fbi-alert-reported-ceo-fraud-losses-hit-125-billion-a-11206

Email on the Cloud: Does it solve your deliveryability issues?

What is “the Cloud”?

“The Cloud” is simply a term for using data storage, email, infrastructure, or applications as a service without the need for installing software and maintaining servers in your own data centers.  Cloud-based services were made possible by cheap RAM, multi-cored processors and the easy availability of network bandwidth.

What is Cloud-based email?

Cloud-based email has been around since the early days of the Internet, where individual users could sign up for a Yahoo!, Hotmail or Gmail email account.  Now, cloud-based email is associated with the same providers: Google G Suite Business and Office365/Outlook.com.  The difference is that businesses, not consumers, migrate email processing for their domains from traditional on-premise email servers to these online service providers.  This improves accessibility to email since employees only need an Internet connection to retrieve email (not a VPN to firewall-protected corporate servers) and reduces overhead costs for the company, while also improving email security, because a large team is now dedicated to the topic.  One of the many selling points of cloud-based email is that it automatically improves your domain’s email deliverability.  However, this is not entirely true.  With cloud-based email set to double in size in the next few years1, managing email deliverability is now even more important.

Email Deliverability with the Cloud

While inbox providers, like Google and Microsoft, dominate cloud-based email, many other cloud services send email from their own servers, for example: CRMs, Marketing Automation, Email Campaign Management, Support systems, ERPs and Order Management/Fulfillment systems.  Managing all of these different vendors requires careful thought, information and leveraging email deliverability standards like SPF, DKIM and DMARC.  Email deliverability does not automatically improve by migrating to the cloud, but the cloud can help.

DMARC Is Essential

Regardless of what email services you use, adopting DMARC is the single most important step you can take to improving email deliverability.  DMARC leverages two important standards, SPF and DKIM, to enable you to delegate legitimate sources of email and cryptographically sign your messages so that recipients know the email is from your domain.  When properly implemented and monitored, DMARC helps businesses by:

  • Improving Email Delivery – Sending email that is DMARC compliant can improve email delivery to your customers because inbox providers prioritize properly compliant emails.
  • Increasing Email Visibility – Imagine getting feedback on the compliance of your email from recipients?  DMARC enables email inbox provider to report on ALL outbound messages sent “from” your company and any third-party providers utilized (Sendgrid, Marketo, etc.)
  • Identifying Delivery Problems – Gives your business insight into providers and email sources that have email authentication issues with SPF and DKIM that affect email delivery.
  • Preventing Spoofing/Phishing Attacks – Once properly implemented, DMARC can prevent fraudsters from targeting your customers using your domain reputation.

Even with DMARC, SPF and DKIM implemented you need to continuously monitor the feedback you receive from your email recipients’ inbox providers and act on the data.  DMARC reports can be confusing to interpret and they also do not contain information about blacklisting, the most fundamental email hygiene issue.

Adaptive Blacklist: A New Ally

Email delivery is still dependent upon the blacklist status of the sending IP address.  Email from an IP address that is blacklisted will typically be blocked even before DMARC compliance checks are made.  After you have outsourced email distribution to 3rd parties, how do you keep track of their blacklist status?  How do you know these providers are performing?

You need blacklist monitoring for your senders.  MxToolbox has developed a revolutionary approach to check blacklist status of 3rd party vendors – Adaptive Blacklist Monitoring.  MxToolbox’s Adaptive Blacklist Monitoring leverages DMARC reports to understand what IP addresses your 3rd party vendors are using to send your email and then constantly analyzes the blacklist status of your sending IPs.  Adaptive Blacklist monitoring even adapts to the addition of new providers and reports on email threats. With MxToolbox, you get expert insight into your DMARC compliance combined with unique Adaptive Blacklist Monitoring.  No other DMARC delivery solution does the same.