Category Archives: Fraud and Phishing

Google Joins BIMI Working Group

If you haven’t heard the exciting news, as announced in late July, Google is joining the AuthIndicators Working Group, agreeing to pilot the Brand Indicators Message Identification (BIMI) standard. Google will beta the concept in Gmail soon, so now is the time to start getting prepared by adopting DMARC and soon BIMI.

What Does this mean to me?

Google’s decision to join the BIMI working group is a strong indicator that the BIMI standard will successfully make it out of draft stage and will likely be adopted as DMARC 2.0. For those new to BIMI, BIMI is a new authentication standard that will allow domain owners to display their company logos inside of email platforms like Gmail, Yahoo! Mail, and potentially Outlook.com/Office 365 inboxes.

The intention of BIMI is to add an additional trust layer to the validity of email senders to help thwart email phishing attacks, as domains who are DMARC and BIMI authenticated will have their logos displayed front and center in those inboxes. Beyond the boost to the fight against email phishing, domain owners should be excited by BIMI, as this will allow them to get their logos directly in email inboxes; a long sought after real estate for marketers.

What Is BIMI?

BIMI is an industry-wide standards effort to use brand logos as indicators to help email recipients recognize and avoid fraudulent messages. Essentially, it allows email inboxes like Google’s Gmail to securely display approved logos beside DMARC authenticated messages, signaling to users that the received emails are legitimate and safe to open.

The BIMI standard also allows domain owners control over which logos email recipients see. For example, an insurance company could use BIMI to display its logo next to authenticated messages sent from its domain or an alternative logo at its choosing. This gives the insurance company complete control over which images are displayed, providing brand exposure, as well as protection against spoofing.

Using BIMI requires DMARC authentication is to be implemented on the respective domain. In fact, the BIMI standard is considered an extension of the DMARC protocol, i.e. DMARC 2.0 to some. At the current time, BIMI is still in draft stage and is being beta tested in Verizon Media (Yahoo! Mail, AOL, etc.) and will be in beta in Gmail in the near future.  However, MxToolbox is here to help you get ahead with our own BIMI Lookup tool.  

For further reading about BIMI please click here

What Is the BIMI Working Group?

The AuthIndicators Working Group is responsible for developing the BIMI standards. Currently, the Working Group’s public members include Agari, Comcast, LinkedIn, Return Path, Valimail, Verizon Media, and now Google. With a shared goal of reducing email fraud, the Working Group committee of companies is aiming to help create a safer inbox experience for all email users. 

The Future of Email Delivery

With the DMARC protocol slowly becoming such a vital aspect of email delivery over the years, BIMI in combination with DMARC will only improve on the DMARC standard. Improving protection in the fight against email phishing and opening up a new and exciting avenue for brand advertising/awareness for domain owners, brands, and marketers may finally be boost needed to spark rapid DMARC adoption. With BIMI still in beta, this is a great opportunity to adopt DMARC if you haven’t yet or have been too afraid to. 

Learn more about BIMI here

Get started with DMARC here

MxToolbox BIMI Lookup

 

What is Business Email Compromise (BEC)?

 

Email fraud targeting companies is a rampant and global problem.  According to the Federal Bureau of Investigation (FBI), cybercriminals stole $12.5 billion worldwide from businesses between October 2013 and May 2018 by compromising their official email accounts and using them to initiate fraudulent wire transfers.1 The Internet Crime Complaint Center (IC3) and the FBI are asking individuals to be aware of scams targeting businesses that work with foreign suppliers.

What Is Business Email Compromise?

The FBI officially defines business email compromise (BEC) as “a sophisticated scam targeting businesses working with foreign suppliers and businesses that regularly perform wire transfer payments.” Formerly known as the man-in-the-email scams, these schemes compromise official business email accounts to conduct unauthorized fund transfers.  And, there has been a significant increase of computer intrusions linked to BEC scams in recent years.

How Do BEC Attacks Work?

The most common cons involve fraudsters impersonating high level executives, sending phishing emails from seemingly legitimate sources, and requesting wire transfers to alternate, fraudulent accounts.  BEC scams often begin with an online fraudster compromising a business executive’s email account or any publicly listed email they can get their hands on. This is usually done using keylogger malware or phishing methods—where attackers create a domain similar to the target company—or spoofing email that tricks the target victim into providing account details. Upon monitoring the compromised email account, the cybercriminal will try to determine who initiates wires and who requests them. The scammers often perform a fair amount of research, looking for a company that has had a change in leadership in the C-suite of the finance function, companies where executives are traveling, or by leading an investor conference call. The perpetrators recognize and use these as opportunities to execute the scheme.

There are five distinct versions of BEC scams:

  • Bogus Invoice Scheme/Supplier Swindle: Cybercriminal compromises employee email ► Compromised account used to send notifications to customers ► Payments transferred to cybercriminal’s account ► Cybercriminal receives money
  • CEO Fraud: Cybercriminal poses as company executive and emails finance employee ► Finance sends funds to cybercriminal’s account ► Cybercriminal receives money
  • Account Compromise: Compromised employee account used to request money ► Recipients transfer payments to cybercriminal’s account ► Cybercriminal receives money
  • Attorney Impersonation: Cybercriminal poses as lawyer and emails finance employee ► Finance sends funds to cybercriminal’s account ► Cybercriminal receives money
  • Data Theft: Cybercriminal compromises employee email ► Compromised account used to request PII of other employees/executives ► PII sent to cybercriminal’s account ► Cybercriminal receives PII, uses it for further compromise attacks

DMARC – Defending Against BEC Scams

To combat BEC scams from affecting your business, DMARC is your friend. Your inbound email servers should be configured to filter email that fails DMARC compliance, especially when it comes to email that purports to being from your own domain.

The DMARC protocol was designed to improve email quality: What should happen to messages that fail authentication and compliance test (SPF and DKIM)?  Should you Quarantine, reject, or approve?  How do you tell the purported sender that their email is failing compliance checks?  With DMARC implemented and correctly configured on your inbound servers, your company will have an advantage in reducing BEC attacks. Even with malware filtering, blacklist filtering and enhanced training/policies, DMARC reduces the threat of BEC attacks to your teams.

But what about your Customers, Suppliers and Partners?

DMARC really shines when it is configured correctly for outbound email as well as used to filter inbound email.  Outbound email leveraging DMARC, DKIM and SPF protocols protects your brand from being used in spam, phishing and malware attacks.  The key is to work with your internal and external email senders to properly configure SPF and DKIM.  Once your legitimate sent email is DMARC compliant, you can instruct recipient organizations to automatically reject non-compliant email.  Inbox Providers love DMARC because they can more easily screen for spam, malware and scam emails.  Senders love it because Inbox Providers are more likely to prioritize DMARC compliant email.

Aside from achieving DMARC compliance, businesses are advised to stay vigilant and educate staff on how to prevent being victimized by BEC scams and other similar attacks. Cybercriminals don’t discriminate on company size.  In fact, it is often easier to scam more small-to-medium companies than a single large organization. Additionally, online fraudsters don’t need to be highly technical as they have access to tools and services that cater to all levels of technical expertise in the cybercriminal underground. Because email is such a vital aspect of business communications, a single compromised account is all it takes to financially damage your company. Here are some tips on how to stay protected and secure:

  • Carefully scrutinize all emails. Be wary of irregular emails that are sent from C-suite executives, as they are used to trick employees into acting with urgency. Review emails that request transfer of funds to determine if the requests are irregular.
  • Educate and train staff. While employees are a company’s biggest asset, they’re also usually its weakest link when it comes to security. Commit to training them according to the company’s best practices. Remind all that adhering to company policies is one thing, but developing good security habits is another.
  • Confirm any changes in vendor payment location by using a secondary sign-off by company personnel.
  • Stay updated on your customers’ habits, including the details and reasons behind payments.
  • Verify requests for transfer of funds when using phone verification as part of two-factor authentication (use known numbers).
  • If you suspect that you have been targeted by a BEC email, immediately report the incident to law enforcement or file a complaint with the IC3.

Conclusion

Unfortunately, cybercriminals are a major threat to your business email. By devising malicious social engineering and computer intrusion schemes to fool employees into wiring money, cybercriminals create a serious risk for business whether large or small. This emerging global risk of business email compromise (BEC) has victimized thousands of companies around the world.

Fortunately, there are technologies, like DMARC, that help secure your company’s email  and fight against BEC and other phishing scams. By implementing DMARC and educating employees, the prevalence of online fraudsters and their BEC cons will be minimized. At MxToolbox, our knowledgeable team has over a dozen years helping companies improve their email delivery and protecting companies from email-based threats.  Our latest product, MxToolbox Delivery Center, leverages DMARC to protect your brand from fraud and phishing and improve your email deliverability.

1Information Security Media Group, Corp. https://www.bankinfosecurity.com/fbi-alert-reported-ceo-fraud-losses-hit-125-billion-a-11206

Delivery Center Events

At MxToolbox we strive to create features that improve your insight and control over email deliverability. Today, we are pleased to announce a new Events warning system in all versions of MxToolbox Delivery Center.  The new Events tab and associated emails provide ongoing updates regarding specific delivery activity.  Emails will alert Delivery Center customers to any current email delivery problems. Think of Events as an early warning system that helps your business avoid serious issues with email deliverability and online reputation.

Events will alert you to the following potential issues:

  • Large Outbound email volume changes (increase or decrease)
  • Email delivery DNS record issues (SPF/DKIM/DMARC)
  • Email authentication problems
  • Potential phishing campaigns posing as your business

Delivery Center provides keen insight into your company’s overall email delivery status and performance.  Any activity that has negative email delivery consequences will be detected by Delivery Center and you will be immediately alerted, allowing you to act quickly before issues become major problems.

Alerts can be configured to alert only within the Delivery Center application, and/or via email . This helps you receive vital intelligence, no matter where you are, which could save you from a business email nightmare down the road.

Currently, there are three alert types:

  • DMARC Record Configuration Problem – A critical alert that means you are missing DMARC delivery information.
  • Verified Volume Changed – Large changes in email volume can indicate a new campaign, issue with a sender or phishing/fraud being committed using your domain name.
  • Adaptive Blacklist Alert – Warning that your sending IP addresses have been  Blacklisted.
events1

Example 1 – one Active Event (Verified Volume Changed) and two Inactive Events (Adaptive Blacklist—Last 7 Days, DMARC Record) are noted, with a “Critical” designation for DMARC. 

events2

Example 2 – Message categories provides a helpful summary of each event’s current standing.

events3

Example 3 – The Date field indicates when the situation was last reported.

events4

Example 4 – There are two option: select either the “Notify in Delivery Center” option or the “Notify by Email” choice.

MxToolbox Delivery Center continuously scans for delivery issues and updates you when your email delivery might be compromised. With Delivery Center, your company stays ahead of bigger issues.

If you are an existing Delivery Center user, be sure to try this new feature!

If you’re not already a Delivery Center subscriber, you can learn more about how Delivery Center will help your business email deliverability.

Stay tuned! More events are coming!

What is Whale Phishing?

The number and type of malicious online attacks seems to be increasing daily.  Whaling/Whale Phishing is another in a long line of scams, this time leveraging and targeting senior executives.  The term “whaling” was coined because of the magnitude of the targets and attacks relative to those of typical phishing ploys.

What Is Whaling Phishing?

A whaling attack, also referred to as whaling phishing, is a specific form of phishing attack that explicitly targets high-profile employees—CEOs, CFOs, or other executives (known as whales)—in order to steal sensitive information from a company.  Executives/Whales can be either the target recipient or the spoofed origin of the phishing emails.  Whales are carefully chosen due to their overall authority and access to secure company information. The goal of a whaling attack is to con the executive or employee into exposing corporate credentials, customer information or sending money via wire transfer.

How Do Whaling Attacks Work?

Whaling attacks work on the trust of executives and employees.  When spammers impersonate an executive, an employee is unlikely to look deeper into the origin of the email and simply comply with the request.  When spammers target an executive as the victim, the goal is to get access to the power of that executive: credentials, authorization of funds, even confidential information that only the executive can access.

Whaling attack emails and websites are highly customized and personalized, and they often incorporate the target’s name, job title, or other relevant information collected from a variety of sources.  Due to this level of personalization and their highly targeted nature, whaling attacks are usually more difficult to detect than standard phishing attacks. Whaling phishing attacks rely on the same social engineering methods that traditional phishing uses, but in this highly targeted approach.  Attackers will send hyperlinks or attachments to infect their victims with malware or to solicit sensitive information. By targeting high-value victims, fraudsters might also persuade them to approve fraudulent wire transfers using business email compromise techniques. In some cases, the attacker impersonates the CEO or other corporate officers to convince employees to carry out damaging financial transfers.

Examples of Whaling Attacks

Perhaps the most notable whaling phishing attack occurred in 2016 when a high-ranking Snapchat employee received an email from a fraudster impersonating the company’s CEO. The employee was duped into giving the attacker confidential employee payroll information. The FBI subsequently investigated the attack.1

Another newsworthy whaling scam from 2016 involved a Seagate employee who unknowingly emailed the income tax data of several current and former company employees to an unauthorized third party. After reporting the phishing scam to the IRS and FBI, it was announced that thousands of peoples’ personal data was exposed in that whaling attack.2

How do you protect yourself?

Whaling phishing uses the same entry methods as traditional phishing methods: email, malware infected links and attachments, believable email addresses and well-replicated branding and logos.  To protect yourself from whaling, you need to be vigilant with every email and mindful of the financial or privacy implications of any response, even to your CEO.  We recommend improving both your information security awareness training and internal policies regarding financial and privacy data handling.  For example, add a corporate policy to require verbal authorizations in addition to the original email for financial or privacy transactions.   Many companies operate at break-neck speed, to protect your business, you often need to slow down and think through the implications of acting upon every emails.

As a corporate inbox provider, keeping up your incoming spam and malware filtering will help reduce the flow of potentially dangerous email, but it cannot prevent it.  Setting up your inbound email services so that they provide DMARC reports on email received to the original senders.  This information is invaluable to combating incoming spam and phishing attempts.  Also, ensure your that your inbound email services support senders restrictive DMARC policies (Quarantine or Reject) and process non-DMARC compliant email appropriately.  Rejecting email that is not DMARC compliant will greatly reduce the amount of spam and phishing attempts that arrive in your inboxes.

How do you protect your brand from being used in Whaling?

The trust your partners, vendors, and customers place in your email is directly related to the value of your email and the amount of spam, malware and phishing attacks that appear to come from your domain.  You cannot prevent fraudsters from creating spam and impersonating your domain, but, you can stop the spam and phishing from affecting your reputation.  To shutdown phishing that appears to come from your domain, you need to adopt DMARC for your outbound email and manage your DMARC compliance rate for outbound email.  Once your legitimate email is compatible, you can start instructing inbox providers to quarantine or reject non-compliant email.  At that point, the majority of non-compliant email should be spam and phishing attempts using your brand.  Managing your email is not a set it and forget it strategy, but an on-going process that requires regular monitoring and update.

MxToolbox’s Delivery Center

MxToolbox Delivery Center provides you with everything you need to setup, monitor and manage your DMARC compliance.  Email deliverability requires constant monitoring and tuning and MxToolbox has over 10 years experience working with companies large and small to improve email delivery.  Delivery Center gives you insight into Who is sending email on behalf of your domain, How Much of your email is DMARC compliant, Where email threats are coming from, How to improve your email configuration and When to make your DMARC policies more restrictive to prevent phishing using your domain.

https://www.scmagazineuk.com/snapchat-whaled-employee-payroll-released/article/1478171

2 https://krebsonsecurity.com/2016/03/seagate-phish-exposes-all-employee-w-2s/

Why DMARC is Not Set It and Forget It

Email DNS (Domain Name Service) records have become the linchpin for improved email delivery. Without the four major components (discussed below), your company’s outbound messages are at high risk of being rejected by inbox providers.  Worse, without proper Email DNS configurations, your brand is at risk of falling victim to phishing or spoofing scams.

To get email delivery to it’s highest levels, you need:

  • MX (Mail Exchanger): Resource record specifying mail server responsible for accepting email on behalf of a domain.  Without an MX record, no email is coming to your domain and most, if not all, recipients will check for an MX record before accepting email from a domain.
  • SPF (Sender Policy Framework): Email authentication method designed to detect spoofing via authorized domain list.  With SPF, you designate what IP addresses and domains can and cannot send on behalf of your domain.  Recipient systems check this list and may reject email from unlisted sources.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Email validation system designed to enable inbox providers to provide feedback on email that is sent from your domain.  DMARC enables senders to detect and prevent email spoofing (forged sender addresses used in phishing and spam efforts).
  • DKIM (DomainKeys Identified Mail): Email authentication method designed to enable senders to sign their emails so that inbox providers can easily detect spoofing via digital signature.

DMARC works best when senders have adopted both SPF and DKIM and achieving DMARC compliance using SPF and DKIM is a vital step in ensuring your emails are delivered.

How do you become DMARC Compliant?

The importance of reaching DMARC compliance can’t be overstated.  Essentially, your company’s email reputation, and email deliverability, relies on this protocol.

Once DMARC has been implemented, it allows you to:

  • Monitor, detect, and fix real-world problems with your email delivery
  • See the email volumes you’re delivering to inbox providers (including which providers)
  • Identify threat emails purporting to come from your domain (i.e., spoofing/phishing using your domain)
  • Defend your reputation against spoofing attacks using your domain.

Essentially, DMARC gives you the information and tools necessary to improve your email deliverability, defend your brand from spoofing, and even reduce the amount of spam on the Internet.  Without DMARC, inbox providers will begin to see your email as riskier than your DMARC-compliant competitors and more of your email will end up being classified as Bulk, Junk or even denied.  What you need is a way to decipher all of the information that DMARC reports provide.  Tools like MxToolbox Delivery Center give you that.

Set It and Forget It?

It is fair to assume that once you configure DMARC correctly, you’re done with the process and email will flow freely and without incident.   Unfortunately, this is not the case.  Your business will change and so will your email configuration.  If you want your company’s email delivery rates to stay consistently high, then you must routinely monitor and adjust your DNS records as your business evolves. There are several routine scenarios that can cause issues if you ignore your settings.

Adding a Sender

Your company’s Marketing Department adds a new email vendor, Sales adopts a new CRM or Support trials a new online support tool.  Now, you must add each of these providers to your SPF records, verify them, and setup DKIM with them otherwise emails from these systems will be rejected.  Next comes a breaking in period where you need to monitor delivery rates of email sent from these platforms.  You might have to temporarily lower your DMARC policy to Quarantine or None to ensure that email from these sources is accepted.  You need a tool to continually monitor your DMARC compliance and email deliverability to ensure that your email is reaching your customers and business partners.

A Trusted Sender is Blacklisted

The primary safe guard for email delivery is still blacklisting IP addresses and domains that are frequently used in spam, phishing and malware attacks.  An inbox provider doesn’t even process email from a blacklisted IP.  Blacklisted email is typically not delivered, even to junk.  If you or one of your email providers is sending from a blacklisted IP address, your email delivery is in jeopardy.  Inbox providers that utilize DMARC for feedback will only report on SPF, DKIM and DMARC compliance of emails sent, they do not report on blacklisted IPs!  You need to monitor your sending IP addresses for blacklisting to ensure your email deliverability.

Providers get Compromised

Hacks are a regular problem for every business and your email service providers could be a target as a legitimate source of email.  In fact, MxToolbox has seen individual inboxes compromised at major inbox providers several times in the last years.  If a provider is hacked, then any email sent via that provider will automatically pass SPF, DKIM and DMARC checks.  How would you know if this happens?  Only by monitoring your email deliverability and examining the forensic reports sent back by the recipients via DMARC reporting.

Fraudulent Email Volumes Dwarf Legitimate Email

With low outbound email volumes or with valuable brands, the fraudulent email volume could greatly exceed the legitimate volume of email.  In cases like this, monitoring DMARC reporting is invaluable so that your team can see the spike in message volume and change your email posture.  Even when using a Reject policy, some providers might report your domain to blacklists because of the overwhelming spam signal.  You need to monitor your domain as well as sending IP addresses for blacklisting.

Exceeding SPF Includes

As your organization grows, you will add new providers: CRMs. Market Automation, Support, Inbox, etc.  Each provider you add will need to be entered into you SPF record and each of these providers will have a range or ranges of IP addresses in their own SPF records.  The RFC on SPF allows for at maximum 10 includes in the tree, after which no other includes are read.  You might add a provider and exceed the limit of SPF includes or a provider might add a new range to their SPF and exceed the limit.  Without monitoring your email delivery and email configuration, you would never know until email fails to reach your customers.

How do I monitor email deliverability?

To monitor and manage email deliverability, you need a tool that constantly analyzes and reports upon:

  • SPF, DKIM and DMARC Compliance
  • Blacklisted Sending IP addresses and Domains
  • SPF, DKIM and DMARC Configuration
  • Known Senders, Forwarders and Email Threats like Fraud and Phishing
  • DMARC Forensic Information*

Only MxToolbox Delivery Center provides you with all the information you need to properly manage your email deliverability, from setting up email best practices to managing email delivery for the longterm.  Delivery Center Plus* even includes Foresnic information for detailed threat research.

MxToolbox has everything you need to improve email delivery with DMARC and only MxToolbox provides the Experts capable of managing your email delivery posture.  MxToolbox Managed Services can get you up and running quickly and manage your email delivery in the longterm.

Protecting your brand with DMARC

Let’s envision a potential nightmare for your brand:  Your database gets hacked and all of your customers’ private information is now on the dark web, potentially available to exploit.  Now, you need to notify all of your customers to the potential threat.  Instead of sending it out through your typical email channels, you decide to setup a special domain specifically for this purpose.  Sounds logical, right?  What could go wrong?

How about the rejection of this highly important email and a serious erosion of trust for your brand?

If this sounds far-fetched, it shouldn’t.  It really happened to a Fortune 500 brand in 2018 – Marriott.

The Full Story

Following a harmful data breach involving personal information of up to 500 million guests in late November of 2018, the hotel giant decided to send notifications to its customers using a new domain email-marriott.com, instead of marriott.com or starwood.com, the affected brands.  Traditionally, Marriott properties had used the domain of the brand for customer communications around reservations, for example courtyard.com for Courtyard by Marriott properties.

From a technology standpoint, this was a completely logical decision. Marriott had been transitioning email communications to the email-marriott.com domain for sometime.  However,  customers reacted with confusion for several reasons:

  1. The message sender name appeared to be email-marriott, not Marriott, or an identifiable brand.
  2. email-marriott.com looks strange to customers of other Marriott brands that may not use the Marriott name: Starwood, Westin and Ritz-Carlton for example.
  3. It is a common technique for spoofers to use a domain that uses similar names to the intended target.
  4. The topic of the message is about security, which automatically heightens customer attention to small details relating to security.

Missteps by Marriott

Not only did it backfire in terms of reaching the inboxes of their client base, it also created a major backlash and critically damaged their email reputation.  Particularly troubling is item #3, the email-marriott.com domain mimics a fraudster’s spoofing/phishing efforts, some receivers were undoubtedly leery of opening the message. Appending common words to a known brand name is a scammer’s go-to move. The following phishing domains have been used in recent cybercrime attempts:

  • support-appleinc.com
  • service-capitalone-com.tk
  • support-verificationaccount.com

Marriott’s failed to recognize the potential pitfalls of their notification strategy and ended up compounding a customer relations problem.

What’s in a Domain?

Your company’s email reputation, as well as your customers’ security and trust in your brand, rely on which domain you utilize. Selecting an identifiable sender domain name is a best practice for businesses that rely on email to regularly communicate with clients. Domain name reputation plays a vital role in email deliverability. Unfortunately, Marriott discovered the hard way that using a nonspecific domain to suddenly send hundreds of millions of emails isn’t a good idea.

Building your company’s domain reputation can be achieved in several ways, including the length of time the domain has been registered and using it to send messages to engaged recipients. Having legitimate contact information listed on your website also helps increase overall reputation and deliverability.

Protect Your Brand

Because online security is a legitimate concern for your customers, making sure all outgoing emails are safeguarded and delivered as intended should be a top priority for your business. At MxToolbox, we specialize in helping you achieve high message delivery rates. By improving your company’s domain reputation, situations such as the aforementioned Marriott fiasco will be of no concern. To discuss your brand’s options and learn about MxToolbox’s DMARC products to solidify domain reputation, please contact our team of experts. We look forward to helping you achieve future email success.

DMARC and Phishing

Businesses, like yours, rely heavily on email for internal and external business communication, so safeguarding your email is necessary to ensure your company’s interests are protected against harmful phishing attacks. Email phishing is when a third-party (usually a hacker or malicious website) uses the brand identity of a company to deceive a recipient into divulging sensitive information. The negative effects of a customer falling victim to a phishing scam are varied but damaging to your brand’s reputation. Thankfully, protocols such as DMARC and SPF are available to help combat email phishing attacks.

Why Using DMARC and SPF on Mail Servers Is Necessary

The original standards for email were written without much attention to security; the Internet of the time was a small community of scientists, not a commercial platform. This oversight meant email was sent in clear text with no encryption and anyone could pretend to send email from any domain with a simple change to the text wrapper of the email.  My coworkers used to enjoy sending emails to random coworkers from santaclaus@northpole.com around Christmas every year.

However, email authentication technology has made great strides in securing mail servers in the fight against hackers and online criminals. Blacklists started off as a means to detect and limit IP addresses and domains that were frequent bad actors.  And now, technologies such as SPF, DKIM and DMARC can recognize and halt the most convincing fraudulent emails in their tracks. SPF plays a key role in email delivery by letting you control who sends messages on your company’s behalf, while DKIM allows you to cryptographically sign an email, and DMARC ties them all together by allowing recipients to provide senders with information about email sent on their behalf.

By the Numbers

Industries as a whole are implementing these authentication tools to offset the increasing number of phishing scams, with 80% of all federal domains currently publishing a DMARC record. This rise in adoption reflects a positive shift in the way entities should treat email threats.  As a federally mandated security measure, it is clear that using DMARC for email security is becoming a necessity for doing business.

On the other hand, in the United States, only Fortune 500 companies and large technology businesses have a DMARC adoption rate of 50% or higher. This gap shows that IT departments lack the necessary skills to handle such a task. But, not all the news is bad – 28% of Fortune 500 companies were utilizing DMARC at the end of 2017,so the jump to nearly double that number is great progress. However, almost 50% of companies have yet to implement DMARC into their email security, an area for improvement.

Next Steps with MxToolbox

If your business domain is not DMARC compliant, MxToolbox recommends you begin to to evaluate and adopt this beneficial email technology to improve delivery rates and stop the onset of malicious phishing attacks. Start with ensuring your SPF setup is correct, a vital piece that DMARC depends upon.  Once you have SPF configured, move to adopting DMARC.  Phishing and other scams are preventable, so why not take the fight to them? After all, your brand reputation relies on keeping your customer communications secure and legitimate. Contact our expert team to discuss your DMARC and SPF options to safeguard your messages.