Delivery Center Events

At MxToolbox we strive to create features that improve your insight and control over email deliverability. Today, we are pleased to announce a new Events warning system in all versions of MxToolbox Delivery Center.  The new Events tab and associated emails provide ongoing updates regarding specific delivery activity.  Emails will alert Delivery Center customers to any current email delivery problems. Think of Events as an early warning system that helps your business avoid serious issues with email deliverability and online reputation.

Events will alert you to the following potential issues:

  • Large Outbound email volume changes (increase or decrease)
  • Email delivery DNS record issues (SPF/DKIM/DMARC)
  • Email authentication problems
  • Potential phishing campaigns posing as your business

Delivery Center provides keen insight into your company’s overall email delivery status and performance.  Any activity that has negative email delivery consequences will be detected by Delivery Center and you will be immediately alerted, allowing you to act quickly before issues become major problems.

Alerts can be configured to alert only within the Delivery Center application, and/or via email . This helps you receive vital intelligence, no matter where you are, which could save you from a business email nightmare down the road.

Currently, there are three alert types:

  • DMARC Record Configuration Problem – A critical alert that means you are missing DMARC delivery information.
  • Verified Volume Changed – Large changes in email volume can indicate a new campaign, issue with a sender or phishing/fraud being committed using your domain name.
  • Adaptive Blacklist Alert – Warning that your sending IP addresses have been  Blacklisted.
events1

Example 1 – one Active Event (Verified Volume Changed) and two Inactive Events (Adaptive Blacklist—Last 7 Days, DMARC Record) are noted, with a “Critical” designation for DMARC. 

events2

Example 2 – Message categories provides a helpful summary of each event’s current standing.

events3

Example 3 – The Date field indicates when the situation was last reported.

events4

Example 4 – There are two option: select either the “Notify in Delivery Center” option or the “Notify by Email” choice.

MxToolbox Delivery Center continuously scans for delivery issues and updates you when your email delivery might be compromised. With Delivery Center, your company stays ahead of bigger issues.

If you are an existing Delivery Center user, be sure to try this new feature!

If you’re not already a Delivery Center subscriber, you can learn more about how Delivery Center will help your business email deliverability.

Stay tuned! More events are coming!

What is Whale Phishing?

The number and type of malicious online attacks seems to be increasing daily.  Whaling/Whale Phishing is another in a long line of scams, this time leveraging and targeting senior executives.  The term “whaling” was coined because of the magnitude of the targets and attacks relative to those of typical phishing ploys.

What Is Whaling Phishing?

A whaling attack, also referred to as whaling phishing, is a specific form of phishing attack that explicitly targets high-profile employees—CEOs, CFOs, or other executives (known as whales)—in order to steal sensitive information from a company.  Executives/Whales can be either the target recipient or the spoofed origin of the phishing emails.  Whales are carefully chosen due to their overall authority and access to secure company information. The goal of a whaling attack is to con the executive or employee into exposing corporate credentials, customer information or sending money via wire transfer.

How Do Whaling Attacks Work?

Whaling attacks work on the trust of executives and employees.  When spammers impersonate an executive, an employee is unlikely to look deeper into the origin of the email and simply comply with the request.  When spammers target an executive as the victim, the goal is to get access to the power of that executive: credentials, authorization of funds, even confidential information that only the executive can access.

Whaling attack emails and websites are highly customized and personalized, and they often incorporate the target’s name, job title, or other relevant information collected from a variety of sources.  Due to this level of personalization and their highly targeted nature, whaling attacks are usually more difficult to detect than standard phishing attacks. Whaling phishing attacks rely on the same social engineering methods that traditional phishing uses, but in this highly targeted approach.  Attackers will send hyperlinks or attachments to infect their victims with malware or to solicit sensitive information. By targeting high-value victims, fraudsters might also persuade them to approve fraudulent wire transfers using business email compromise techniques. In some cases, the attacker impersonates the CEO or other corporate officers to convince employees to carry out damaging financial transfers.

Examples of Whaling Attacks

Perhaps the most notable whaling phishing attack occurred in 2016 when a high-ranking Snapchat employee received an email from a fraudster impersonating the company’s CEO. The employee was duped into giving the attacker confidential employee payroll information. The FBI subsequently investigated the attack.1

Another newsworthy whaling scam from 2016 involved a Seagate employee who unknowingly emailed the income tax data of several current and former company employees to an unauthorized third party. After reporting the phishing scam to the IRS and FBI, it was announced that thousands of peoples’ personal data was exposed in that whaling attack.2

How do you protect yourself?

Whaling phishing uses the same entry methods as traditional phishing methods: email, malware infected links and attachments, believable email addresses and well-replicated branding and logos.  To protect yourself from whaling, you need to be vigilant with every email and mindful of the financial or privacy implications of any response, even to your CEO.  We recommend improving both your information security awareness training and internal policies regarding financial and privacy data handling.  For example, add a corporate policy to require verbal authorizations in addition to the original email for financial or privacy transactions.   Many companies operate at break-neck speed, to protect your business, you often need to slow down and think through the implications of acting upon every emails.

As a corporate inbox provider, keeping up your incoming spam and malware filtering will help reduce the flow of potentially dangerous email, but it cannot prevent it.  Setting up your inbound email services so that they provide DMARC reports on email received to the original senders.  This information is invaluable to combating incoming spam and phishing attempts.  Also, ensure your that your inbound email services support senders restrictive DMARC policies (Quarantine or Reject) and process non-DMARC compliant email appropriately.  Rejecting email that is not DMARC compliant will greatly reduce the amount of spam and phishing attempts that arrive in your inboxes.

How do you protect your brand from being used in Whaling?

The trust your partners, vendors, and customers place in your email is directly related to the value of your email and the amount of spam, malware and phishing attacks that appear to come from your domain.  You cannot prevent fraudsters from creating spam and impersonating your domain, but, you can stop the spam and phishing from affecting your reputation.  To shutdown phishing that appears to come from your domain, you need to adopt DMARC for your outbound email and manage your DMARC compliance rate for outbound email.  Once your legitimate email is compatible, you can start instructing inbox providers to quarantine or reject non-compliant email.  At that point, the majority of non-compliant email should be spam and phishing attempts using your brand.  Managing your email is not a set it and forget it strategy, but an on-going process that requires regular monitoring and update.

MxToolbox’s Delivery Center

MxToolbox Delivery Center provides you with everything you need to setup, monitor and manage your DMARC compliance.  Email deliverability requires constant monitoring and tuning and MxToolbox has over 10 years experience working with companies large and small to improve email delivery.  Delivery Center gives you insight into Who is sending email on behalf of your domain, How Much of your email is DMARC compliant, Where email threats are coming from, How to improve your email configuration and When to make your DMARC policies more restrictive to prevent phishing using your domain.

https://www.scmagazineuk.com/snapchat-whaled-employee-payroll-released/article/1478171

2 https://krebsonsecurity.com/2016/03/seagate-phish-exposes-all-employee-w-2s/

Why DMARC is Not Set It and Forget It

Email DNS (Domain Name Service) records have become the linchpin for improved email delivery. Without the four major components (discussed below), your company’s outbound messages are at high risk of being rejected by inbox providers.  Worse, without proper Email DNS configurations, your brand is at risk of falling victim to phishing or spoofing scams.

To get email delivery to it’s highest levels, you need:

  • MX (Mail Exchanger): Resource record specifying mail server responsible for accepting email on behalf of a domain.  Without an MX record, no email is coming to your domain and most, if not all, recipients will check for an MX record before accepting email from a domain.
  • SPF (Sender Policy Framework): Email authentication method designed to detect spoofing via authorized domain list.  With SPF, you designate what IP addresses and domains can and cannot send on behalf of your domain.  Recipient systems check this list and may reject email from unlisted sources.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Email validation system designed to enable inbox providers to provide feedback on email that is sent from your domain.  DMARC enables senders to detect and prevent email spoofing (forged sender addresses used in phishing and spam efforts).
  • DKIM (DomainKeys Identified Mail): Email authentication method designed to enable senders to sign their emails so that inbox providers can easily detect spoofing via digital signature.

DMARC works best when senders have adopted both SPF and DKIM and achieving DMARC compliance using SPF and DKIM is a vital step in ensuring your emails are delivered.

How do you become DMARC Compliant?

The importance of reaching DMARC compliance can’t be overstated.  Essentially, your company’s email reputation, and email deliverability, relies on this protocol.

Once DMARC has been implemented, it allows you to:

  • Monitor, detect, and fix real-world problems with your email delivery
  • See the email volumes you’re delivering to inbox providers (including which providers)
  • Identify threat emails purporting to come from your domain (i.e., spoofing/phishing using your domain)
  • Defend your reputation against spoofing attacks using your domain.

Essentially, DMARC gives you the information and tools necessary to improve your email deliverability, defend your brand from spoofing, and even reduce the amount of spam on the Internet.  Without DMARC, inbox providers will begin to see your email as riskier than your DMARC-compliant competitors and more of your email will end up being classified as Bulk, Junk or even denied.  What you need is a way to decipher all of the information that DMARC reports provide.  Tools like MxToolbox Delivery Center give you that.

Set It and Forget It?

It is fair to assume that once you configure DMARC correctly, you’re done with the process and email will flow freely and without incident.   Unfortunately, this is not the case.  Your business will change and so will your email configuration.  If you want your company’s email delivery rates to stay consistently high, then you must routinely monitor and adjust your DNS records as your business evolves. There are several routine scenarios that can cause issues if you ignore your settings.

Adding a Sender

Your company’s Marketing Department adds a new email vendor, Sales adopts a new CRM or Support trials a new online support tool.  Now, you must add each of these providers to your SPF records, verify them, and setup DKIM with them otherwise emails from these systems will be rejected.  Next comes a breaking in period where you need to monitor delivery rates of email sent from these platforms.  You might have to temporarily lower your DMARC policy to Quarantine or None to ensure that email from these sources is accepted.  You need a tool to continually monitor your DMARC compliance and email deliverability to ensure that your email is reaching your customers and business partners.

A Trusted Sender is Blacklisted

The primary safe guard for email delivery is still blacklisting IP addresses and domains that are frequently used in spam, phishing and malware attacks.  An inbox provider doesn’t even process email from a blacklisted IP.  Blacklisted email is typically not delivered, even to junk.  If you or one of your email providers is sending from a blacklisted IP address, your email delivery is in jeopardy.  Inbox providers that utilize DMARC for feedback will only report on SPF, DKIM and DMARC compliance of emails sent, they do not report on blacklisted IPs!  You need to monitor your sending IP addresses for blacklisting to ensure your email deliverability.

Providers get Compromised

Hacks are a regular problem for every business and your email service providers could be a target as a legitimate source of email.  In fact, MxToolbox has seen individual inboxes compromised at major inbox providers several times in the last years.  If a provider is hacked, then any email sent via that provider will automatically pass SPF, DKIM and DMARC checks.  How would you know if this happens?  Only by monitoring your email deliverability and examining the forensic reports sent back by the recipients via DMARC reporting.

Fraudulent Email Volumes Dwarf Legitimate Email

With low outbound email volumes or with valuable brands, the fraudulent email volume could greatly exceed the legitimate volume of email.  In cases like this, monitoring DMARC reporting is invaluable so that your team can see the spike in message volume and change your email posture.  Even when using a Reject policy, some providers might report your domain to blacklists because of the overwhelming spam signal.  You need to monitor your domain as well as sending IP addresses for blacklisting.

Exceeding SPF Includes

As your organization grows, you will add new providers: CRMs. Market Automation, Support, Inbox, etc.  Each provider you add will need to be entered into you SPF record and each of these providers will have a range or ranges of IP addresses in their own SPF records.  The RFC on SPF allows for at maximum 10 includes in the tree, after which no other includes are read.  You might add a provider and exceed the limit of SPF includes or a provider might add a new range to their SPF and exceed the limit.  Without monitoring your email delivery and email configuration, you would never know until email fails to reach your customers.

How do I monitor email deliverability?

To monitor and manage email deliverability, you need a tool that constantly analyzes and reports upon:

  • SPF, DKIM and DMARC Compliance
  • Blacklisted Sending IP addresses and Domains
  • SPF, DKIM and DMARC Configuration
  • Known Senders, Forwarders and Email Threats like Fraud and Phishing
  • DMARC Forensic Information*

Only MxToolbox Delivery Center provides you with all the information you need to properly manage your email deliverability, from setting up email best practices to managing email delivery for the longterm.  Delivery Center Plus* even includes Foresnic information for detailed threat research.

MxToolbox has everything you need to improve email delivery with DMARC and only MxToolbox provides the Experts capable of managing your email delivery posture.  MxToolbox Managed Services can get you up and running quickly and manage your email delivery in the longterm.

What is Spear Phishing?

Phishing attacks have become an unfortunately common occurrence.  A relatively new wrinkle is called spear phishing where the phishing email targets a specific individual, business, or organization.  Spear phishing is used for two main purposes:

  1. Steal data for malicious purposes
  2. Install malware on the target’s computer for use in against another organization

Regardless of intention, if executed properly, a spear phishing ploy is bad news for your company.

How Are Spear Phishing Attacks Performed?

Here’s a general rundown of how spear phishing scams work:

  • An email arrives in a colleague’s inbox, seemingly from a trustworthy source like a supplier, vendor or even your own corporate website. Spear phishing emails often use clever tactics like matching logos, verbiage and even similar looking URLs to those you would find normal to get the victim’s attention.)
  • The message leads the unsuspecting recipient to a well-designed bogus website either with a login portal or with a hidden cache of malware that they attempt to download and install.
  • Hackers will then sell the login credentials or malware networks to governments, private entities or other hackers for further exploitation.

Cybercriminals use tailored approaches that leverage social engineering techniques to encourage victims to act before they think to personalize messages and websites used in their scams. According to a March report on spear phishing from cybersecurity firm Barracuda Networks, these attacks are frequently researched in advance and intended to capture data, such as login credentials or other highly sensitive information. Analyzing 360,000 emails that involved spear phishing over a three-month period, the company’s researchers found that 83% of these attacks involve brand impersonation of companies users know and trust.1

Moreover, to increase success rates, spear phishing messages often contain urgent explanations on why sensitive information is needed. The combination of realistic branding and urgent need to act pushes users to act before they think.  This kind of social manipulation is “becoming the key ‘attack vector’ in cybersecurity attacks.”2  Victims are usually asked to open a malicious attachment or click on a link that takes them to a spoofed website where active passwords, account numbers, PINs, or access codes are requested. 

How to Fight Spear Phishing

Since spear phishing attacks are becoming more difficult to detect, protecting your business email is even more important. Traditional security can stop some of these scams but not all because of the clever customization. A single mistake enables fraudsters to gain access to commercially sensitive intel, forever damaging your company’s brand. In addition, spear phishing attacks can deploy malware to hijack computers, organizing them into enormous networks (botnets) that can be used for denial of service attacks.

To fight spear phishing scams, employees need to be aware of the threats, such as the possibility of bogus messages landing in their inbox. It’s a simple answer, but informed employees are the first line of defense in combatting malicious online attacks. Besides education, technology that focuses on email security is necessary.

In addition, it is important for email senders to protect their brands from use in spear phishing attempts.  Big brands like American Express, Amazon.com and PayPal were once often leveraged by fraudsters because of their wide usage, credibility and access to financial and personal information.  Now, large corporations are deploying technologies to prevent use of their brands so fraudsters are forced to use smaller, less protected brands.

Protecting Your Brand – MxToolbox Delivery Center

To protect your brand from use in phishing and fraud emails, you need to deploy new technologies like SPF, DKIM, DMARC and actively manage the information your receive from inbox providers about your email delivery status.  MxToolbox’s Delivery Center  provides your business with the email deliverability insight you need.  Our Experts combine best practices on email delivery with new technologies and our own experiences to give you best-in-class incite into the deliverability of your known email senders and early warning on emerging threats emails like spearphishing.  We can even manage your email delivery with our Managed Services program.

1, 2 Gizmodo, Privacy and Security. https://gizmodo.com/spear-phishing-attacks-are-on-the-rise-security-firm-s-1833455812

BIMI Record – What is it? How Does it Add to DMARC?

Brand Indicator Message Identification (BIMI) is an industry-wide standards effort to use brand logos as indicators to help email recipients recognize and avoid fraudulent messages. This standard is still currently in beta with only several brands from Oath (Yahoo!, AOL, etc.) testing this concept in front of their mailbox users.

If this standard comes to full fruition, it should be a win-win for both businesses who send email and all individual users of email. Email users will have a robust means to visually identify phishing/spam emails posing as businesses upon their arrival to the email inbox and businesses will have the added benefits of:

  • Their brand images prominently displayed in their audience’s inboxes bringing positive attention to the brand at near zero cost
  • Improved delivery rates via the adoption of DMARC and reduced spam classifications

How BIMI Records Work

A fairly recent improvement, most of today’s email shows your brand’s initials in the customers’ inboxes (e.g., R signals Redbox, DT means Discount Tire). This helps current and potential clients identify and trust messages received by these recognizable companies. With BIMI records, that trust factor significantly increases because an actual logo is used in place of mere initials. By publishing a DNS Record, the inbox provider automatically integrates your brand into every email sent from your domain (e.g., Best Buy logo displayed instead of BB).  This allows message recipients to recognize and have confidence in clicking the message in question.

Requirements of BIMI Records

Using BIMI requires ensuring DMARC authentication is set up on the domain. In fact, the BIMI concept is viewed as an extension of DMARC. Both protocols are highly beneficial to ensuring a domain’s messages are delivered and to help crack down on phishing and spoofing attempts. If you haven’t setup DMARC yet, you can learn about more of the benefits here. If you already have setup DMARC (great job!) keep checking back with us, as we’ll let you know when this beta concept gets rolled out to everyone.

Steps to Publish BIMI Records

After getting DMARC setup and ensuring it’s running smoothly for your domain, integrating the added bonus of BIMI looks to be as simple as creating a BIMI Record, a type of TXT DNS Record. We will post the full details when the standard gets out of beta.

MxToolbox is currently monitoring BIMI records in beta for the purposes of helping customers adopt technology if this development is proven beneficial for our users.

If there has been something holding you back from implementing DMARC our Delivery Center tool will put your company on the right path to enabling and enforcing DMARC. If you have already setup DMARC, we recommend discussing your specific situation with one of our email delivery experts to ensure your business is setup correctly and optimized for the best email delivery. You might be missing key DMARC insights or accidentally overlooking important email delivery problems. MxToolbox products have all you need to employ DMARC and increase email delivery rates for your brand. After all, your company’s reputation depends on it.

Keeping your Verified Sender List updated

Did your accounting department add a new billing vendor? Or, did your Marketing department decide to try out a new email marketing solution?

These common situations often lead to email delivery problems that can go unnoticed until after you learn that no one has been receiving your email for some time. In many cases, those making these changes are unaware of the importance of maintaining and updating their business’s email focused DNS records, let alone understanding what DNS records are.

Now, imagine those two examples repeated over and over again as new vendors come and go, other departments expand, or business infrastructure changes. The result? Unknown email delivery problems that will cost time and money and hurt your brand.

Manage your SPF Record

If your business sends email, then we hope you have an SPF Record setup for your domain. If you don’t have SPF and you are sending email you will need to get a record setup asap!  If your business utilizes third parties to send email, SPF is mandatory for your email to reach it’s destination. Keeping SPF updated and correct across all email domains is an important task that needs attention. If the SPF Record is missing a sender or is mis-configured,  a receiving mail server or cloud-based email service (e.g., G Suite, Microsoft Office 365) may block the message from being delivered.

One of the most challenging aspects of email is managing this ever expanding list of senders that are used across multiple departments and/or vendors of your business. This has a real work impact as most businesses only realize too late that their SPF record needs to be constantly updated with each vendor or internal service they add over time. Until customers start asking where your emails are or your email revenue drops you probably won’t even think to ask questions like: Did our administrators start using a third-party email provider without telling us? Are the sales team still using that lead software or did they switch to Salesforce? Better yet, probably almost no one will ask…has anyone updated the SPF record to be current?

Basically, the “too many cooks in the kitchen” expression applies to this situation. This is where having an email partner like MxToolbox makes a lot of sense. Taking MxToolbox’s years of email expertise and Delivery Center service, your team will immediately know  when these type of problems occur, long before you notice the revenue drop or get customers calling in.

Can You Have Too Many Senders?

In the 2019 world of email, most businesses send email through a number of vendors (think Office 365, MailChimp, Salesforce, etc.) along with their own systems. After a certain point having too many senders becomes a major problem. To put it bluntly, email servers will reject your mail, every single piece of it. Known to email admins, the 10 lookup rule with SPF records has become a real problem for businesses that use multiple email services.

Use Outlook.com? That will be three (6) lookups. Send marketing email with Sendgrid? Thats another one (1). Send trouble tickets via Zendesk or website status updates through Status.io? Thats another two (2). We’re already at nine (9) lookups and thats only using a small subset of vendors. With all these vendors, now that limit of 10 doesn’t seem so hard to hit.

The really scary part is that nearly all businesses are unaware there is a limit and when they exceed it. This lets good mail get rejected, losing your business valuable revenue from your email program. To prevent situations like this from happening, MxToolbox monitors your senders as part of the Delivery Center service. Add too many vendors – we’ll alert you to that instantly.

Sending from Subdomains too?

Often overlooked when sending email is the importance of unique SPF records for every subdomain that sends email. Do your marketing campaigns come from marketing.domain.com? Then you might require a unique SPF record.

For example, a business sends email via two (2) domains: mail.domain.com and accounting.domain.com. To ensure that email will be delivered, both of the two subdomains need to have their own SPF record. Failing to add a SPF record for one of the domains may lead to delivery problems. This requirement continues in the event the business decides send email from other domains, such as the company’s marketing department decides to start sending marketing promotions via marketing.example.com.

This problem with subdomains often occurs from how easy it is to spin up a subdomain for a unique campaign or maybe a department function. Do your customers get invoices from invoices.domain.com? For this reason many businesses hit this pitfall with SPF and only later learn about the problem, after revenue has been lost in the process. With those three (3) examples plus your business’s primary domain that’s four (4) domains that need unique SPF records.

Summary

Keeping an eye to all the scenarios described above can seem a daunting task. This is where a partner like MxToolbox comes in to help.  With our years of email expertise and Delivery Center software, we can make sure your business is alerted to these types of situations long before they become email crippling problems.

 

Why are my messages not getting delivered?

Unless you’re an IT professional, you might not understand the ins and outs of email delivery. As your business continues to grow, it’s important to ensure your messages are delivered as planned to the intended inboxes. For companies that rely on email correspondence to expand their brand, knowing the intricacies of email delivery is a necessity. MxToolbox is your expert on an often-overlooked aspect of electronic communication deliverability: functioning SPF and DKIM.

Importance of SPF and DKIM

For your email delivery rates to be as high as possible, your first need to keep your sending IP addresses off of blacklists.  Now, correctly implementing Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) is crucial to email delivery. The SPF protocol is an email validation method designed to limit spoofing. SPF allows you to publish a list of IP addresses that are authorized to send on behalf of your domain.  Receiving mail exchanges verify that incoming mail sent from a domain comes from an IP address authorized by that domain’s administrators.  Major inbox providers, like Gmail, Yahoo! and Outlook.com, scan email to validate that the sending IP is included a sender’s SPF record.  If not, the email can be rejected.

DKIM allows a sender to cryptographically sign an email, essentially claiming ownership.  DKIM also helps to combat spoofing.  When a recipient inbox provider receives an email, they can check the signature against a public key published by the sender.  If everything checks out, then the inbox provider knows the sender authorized the email.  Failed emails may be rejected.

By keeping an updated list of active outbound domains/providers that your company uses to send messages, you will be practicing good email hygiene.  You are removing one of the key reasons email is rejected – senders not listed in your SPF records.  Knowing which senders are and are not utilized creates a more organized approach to email deliverability and enables you to configure SPF and DKIM more accurately.  In addition, you cannot ignore the importance of monitoring your IP blacklist reputation.

If you accidentally misconfigure your SPF and/or DKIM protocols, your messages may be quarantined or outright rejected by inbound providers.  Incomplete/erroneous records, new senders missing from SPF implementation, and providers not handling DKIM properly are just a few of the issues that could derail your email delivery efforts if the SPF/DKIM mechanisms aren’t correctly applied. Identifying and resolving these issues equates to a simplified workload for inboxes to recognize your emails are legit and they come from a trusted domain.

MxToolbox is the Email Delivery Expert

MxToolbox provides everything you need to curate your outbound email provider list, analyze your email reputation, and setup SPF, DKIM and DMARC moving forward.  With a variety of insightful and comprehensive products available, MxToolbox is the clear choice to address your email delivery needs. Contact our experienced team to discuss how to best maximize your message delivery rates and expand your company’s brand.