Categories
Uncategorized

DMARC Deployment Mistakes Companies Make During Implementation

Domain-based Message Authentication Reporting & Conformance, or DMARC, protects an organization’s trusted domains from email spoofing. Due to the exponential growth of email fraud, and the fact that domain spoofing attacks account for a significant percentage of these attacks, it’s no wonder that many businesses are looking to introduce DMARC authentication to ensure that emails sent on their behalf are legitimate.

In fact, the Department of Homeland Security recently required that all civilian government agencies complete the DMARC implementation within a short timeframe, and urged private companies to do the same.

Many companies have not yet adopted DMARC because it is difficult to enforce and there is a high risk of DMARC problems, such as blocking legitimate email. To better help companies and agencies protect their trusted domains, we have identified five common mistakes made when deploying DMARC authentication.

Mistake #1: Don’t account for all legitimate mail streams, including third-party senders

Many senders, including third parties, send emails on behalf of other organizations. It can be difficult to recognize all of the legitimate senders, particularly when various departments within a company use third party email senders, such as marketing, sales, and human resources. 

However, if all legitimate senders are not detected and allowed to send an email on behalf of the company, essential communications may be blocked, causing business disruption. Stakeholders from all related agencies should be consulted and active.

Mistake #2: Let a subdomain inherit the top-level domain’s policy

DMARC implementation is usually focused on the top-level domain (ex: acme.com), and organizations can neglect the importance of configuring unique policies for each of their subdomains (ex: mail.acme.com). The DMARC policy that is applied to the top-level domain is immediately applied to subdomains. If all subdomains are separately accounted for, this can result in accidental blocking of legitimate email.

Mistake #3: Don’t have a system or tool in place to parse the data from DMARC records

The receiving email service providers’ DMARC aggregate reports provide important details about your email ecosystem, but they are not easy to understand. If you can arrange data in a way that adds meaning, it’s just data. Furthermore, keeping up with the sheer volume of reports sent and collating all of the data in a timely way can be difficult.

Mistake #4: Don’t understand SPF and DKIM alignment

DMARC alignment prevents spoofing of the “header from” address by:

  1. Matching the “header from” domain name with the “MFROM” domain name used during an SPF check, and
  2. Matching the “header from” domain name with the “d=domain name” in the DKIM signature.

Proper alignment guarantees that the transmitting identity is authenticated in relation to the domain that it appears to be. Third-party email senders, once again, present additional obstacles. Third-party vendors, for example, typically have their own “MFROM” domain. As a result, they pass SPF but not SPF alignment. DKIM is in the same boat. DKIM can be passed by third-party vendors, but not DKIM alignment.

Mistake #5: Use improper DMARC syntax or content

Although there are instructions for generating DMARC records, they can be confusing at times. Improper formatting and/or content, as well as incorrect policy values, are also popular. To prevent DMARC issues, keep the following in mind:

  • Don’t forget to use “_dmarc.”
  • If you have multiple reporting addresses – separate with a comma, don’t include a space after the comma, and ensure the second address starts with MailTo:
  • Use correct policy values (example: use “none” instead of “monitor”)
  • Check for typos
  • Missing characters or extra characters

Mistake #6: Believing in the myth of “partial enforcement”

Unless a percentage is defined with the pct= tag, a DMARC policy applies to 100% of all mail by default. Unfortunately, if you use p=quarantine and set a percentage lower than 100, some spoofed messages will still get through. There is no such thing as DMARC compliance that is “partial.” While there are ways to use percentages usefully, don’t fall into the trap of thinking you’re fully protected if your pct= tag specifies anything less than 100%.

Mistake #7: Immediately going to a full ‘Reject’ policy

We often see businesses implement DMARC and then instantly switch to a complete “Reject” policy. Going to a complete “Reject” policy right away is a common blunder because it will almost certainly result in the loss of valid email. We suggest deploying DMARC policies in phases. Begin by tracking your traffic and searching for anomalies in your files, such as unsigned messages or whether you’re being spied on. 

Adjust your strategy to dmarc quarantine in small steps until you’re satisfied with the outcome. Once again, keep an eye on the results, this time in both your spam capture and your DMARC files. Adjust your policy to ‘Reject’ until you are certain that all of your messages have been signed. Be sure to keep an eye on all reviews to ensure that the results are satisfactory.

Mistake #8: Forgetting about subdomains

Subdomains are set to follow the key regulation (e.g. p=reject) by default. Domain owners often concentrate on bringing their main domain to DMARC compliance while deferring the work required to bring subdomains into enforcement by setting a subdomain policy of “sp=none.” Unfortunately, this means that spoofing of certain subdomains is still possible. Phishing emails sent from whatever@example.com won’t get through, but xyzz@mail.example.com will. To be at enforcement, subdomains need to be protected, just like the main organizational domain.

Mistake #9: Omitting a reporting address

One of the most critical features of DMARC is that it provides domain owners with aggregate data reports on email authentication status, including passes and failures. You won’t get this data if you don’t provide a reporting address (via a rua= tag), and you won’t know about authentication failures or potential domain impersonation (spoofing) attacks. The reporting address makes it possible for the DMARC record to specify how to report these failures.

Mistake #10: Misconfigured SPF records

The SPF record is a DNS txt record that includes a list of approved senders’ IP addresses, rules referring to other forms of DNS records, and instructions referencing SPF records from other territories. Although there are several ways to set up an SPF record incorrectly, one of the most common errors is creating a record that allows the receiving domain to perform more than 10 domain lookups for each message it receives. If a domain’s SPF record requires too many lookups, some or all emails sent from that domain may not authenticate successfully.

Some domain owners “flatten” their SPF record by pulling all the IP addresses of authorized sending services forward into the primary SPF record to get around this restriction in the standard. Instead of including identical DNS lookups, a flattened SPF record lists a bunch of IP addresses directly. However, this presents a new issue: the need to keep the flattened list of IP addresses updated in case the email-sending service you’re using adds or eliminates IP addresses.

Conclusion

DMARC authentication is a useful method for preventing email theft in organizations. The method of implementing a DMARC implementation plan is a journey, but the benefits of preventing phishing and email spoofing attacks are numerous.

ProDMARC is a DMARC email protection solution that gives companies the visibility, resources, and services they need to easily and confidently incorporate DMARC.

Categories
Uncategorized

DMARC: Help Protect Your Brand Against Email Fraud

It is a well-known fact that in order to commit fraud, cyber criminals impersonate trusted contacts. 70% of all email fraud is directly sent from a domain name that does not fit the one in the email header.

This approach is based on the fact that email clients do not immediately verify if the domain from which they appear to come, actually comes from individual messages.

There is, however, a way for emails that claim to come from your domain to be independently checked.

This approach is called Domain-based Message Authentication, Reporting, and Conformance-DMARC, and it protects your brand from spammers forging email addresses that appear to come from your domain even though they are not from your validated Outbound SMTP server.

Types Of Domain Name Abuse

The most common definition of domain abuse means domains registered for phishing, malware, botnets, and spam-advertised domains. These practices (email phishing) are generally known as illegal or at least dangerous in most countries and jurisdictions. However, it is important to remember that many Internet stakeholders consider other forms of domain abuse to be just as abusive and illegal in some cases. Common examples include intellectual property infringement, copyright violations, and certain types of highly offensive content display.

Email Spoofing

Email spoofing is a tactic that is used to trick users into believing that a message comes from a person or individual they either know or can trust, in spam and phishing attacks. The sender forges email headers in spoofing attacks so that the fake sender address, which most users take at face value, is displayed by client apps. 

They are more likely to trust it if it is a name they acknowledge. So they can click on malicious links, open attachments to malware, send personal information, and even wire corporate funds.

Owing to the way email systems are designed, email spoofing is possible.

The client application assigns a sender address to outgoing messages; outgoing email servers have no way of knowing if the sender address is valid or spoofed.

In order to detect and filter spoofed messages, recipient servers and antimalware applications will help. Not every email provider, unfortunately, has security protocols in place. Still, users can review email headers packaged with every message to determine whether the sender address is forged.

Domain Spoofing

A common type of phishing, domain spoofing, occurs when an intruder seems to use the domain name of a company to impersonate a company or one of its employees.

This can be achieved by sending emails that appear legitimate with fake domain names, or by setting up websites that read as right with slightly altered characters.

In order to effectively mimic the styling and branding of a legitimate company or corporation, a spoof website or email will typically use logos or some other kind of specific graphic design. Users are generally allowed to enter financial details or other personal information, believing they are sent to the right location.

Business Email Compromise (BEC)

Business Email Compromise (BEC) is an exploit in which an attacker gains access to a business email account and mimics the identity of the owner in order to defraud the business and its workers, clients, or partners. An attacker would also build an account with an email address nearly identical to one on the corporate network, depending on the alleged trust between the victim and their email. BEC is sometimes described as a “man-in-the-email attack”.

Phishing Scams

In order to trick recipients into sharing their financial and personal details or installing malware, phishing scams send emails that imitate trustworthy institutions such as banks, online services, and credit card companies. The targets may also be led to malicious websites that are legitimate sites where they are required to enter login credentials and other personal data that can be used by attackers to commit identity theft.

With domain spoofing and lookalike emails designed to defraud consumers, user phishing impersonates your brand. Consumers lose faith when your brand is used. You could be looking at blocked mail and low results in email marketing campaigns by not defending your email-sending domains.

Must-know Email Security Standards To Protect Businesses From Domain Vulnerability

Sender Policy Framework (SPF)

This verifies whether a particular IP is allowed to send mail from a specified domain. SPF can lead to false positives, and the receiving server still needs to do the work of verifying and validating the email sender for an SPF record.

DKIM (Domain Key Integrated Mail)

A pair of cryptographic keys used to sign outgoing messages and validate incoming messages are used in this process. However, since DKIM is only used to sign unique pieces of a message, it is possible to forward the message without breaking the signature’s validity. This is a tactic known as a “replay attack.”

DMARC (Domain-Based Message Authentication, Reporting, and Conformance)

This method gives a sender the option to let the recipient know if their email is SPF or DKIM safe, and what actions to take when dealing with unsuccessful mail. It is not yet commonly used by DMARC.

7 Reasons Why DMARC Can Help Protect Your Brand

70 percent of the world’s inboxes have DMARC allowed and the most security-forward brands have embraced it (i.e. Facebook, Apple, JPMorgan, Chase, and PayPal). As per a recent survey, 1.89 million DMARC compliant policies implemented to defend domains by the end of 2019. 

The only solution that allows Internet-scale email security is DMARC, which prohibits fraudulent use of legitimate emails for brands. 

DMARC enables you to authenticate all legitimate email messages and sources for your email-sending domains, including your company-owned and third-party domains.

DMARC is built to fit into the current inbound email authentication mechanism of your company and lets email recipients decide if a message “aligns” with what the receiver knows about the sender.

DMARC helps you to post an explicit policy instructing mailbox providers about what to do with unauthorized email messages. These messages can either be sent to a junk folder or rejected outright, protecting unsuspecting recipients from exposure to attacks.

DMARC sends daily updates to you, the domain owner, about how your mail domains are being used and how their authentication records are viewed by ISPs. This domain-level data can help you identify risks to your clients, and it can help you discover legitimate senders that you are not aware of. For example, if the domains are often used by other teams/departments.

How to Implement DMARC?

A third-party implementation provider is the best way to implement DMARC. For low-volume email users interested in protecting a single domain, vendors such as ProgIST offer ideal reporting services.

You would need to use an enterprise-level authentication service if your company has several domains sending a high number of emails on a regular basis.

If you wish to implement DMARC manually, you need to access your Domain Name Server (DNS) and publish a text like the following:

v=DMARC1; p=quarantine; pct=100;

rua=mailto:yourmail@yourdomain.com

This tells email clients that receive your messages the following:

  • DMARC (v=DMARC1) is used
  • Messages that fail DMARC are treated as spam (p=quarantine)
  • 100 percent of your messages should be treated in this way (pct=100)
  • The address that the reports must be sent back to (rua=yourmail@yourdomain.com)

You must publish your SPF record and your DKIM record as well in your outbound SMTP service for this code to function. You then need to make sure that your emails have a DKIM signature matching the one in the DKIM record.

Conclusion

Without email, life, as we understand it, will not be feasible, but its ease and ubiquity is also a breeding ground for cyberattacks that spoof brand domains. DMARC email security is a tool that helps businesses secure their goods online and helps make the web a safer place. It ensures that the emails received by the consumers, staff, or prospects of a brand are genuine, all while maintaining the credibility of a brand. The more brands use DMARC, the more secure every email user is from the threats concealed in spoofed emails.

ProDMARC by PROGIST is an email validation protocol based on two SPF (Sender Policy Framework) and DKIM authentication protocols that are internationally recognized (DomainKeys Identified Mail). Get in touch with us to avail of our full range of cyber security solutions.

Categories
Uncategorized

Why Is DMARC Critical To Reducing The Spread Of Malicious Emails?

Email is a fantastic way for companies to advertise their brand and gain customers. Email, on the other hand, aids the dissemination of spam, phishing, malware, viruses, and other forms of fraud because it is difficult to say whether the sender is who they claim to be.

A new email authentication standard was adopted by email senders and receivers to help email senders deliver valid emails to recipients while also blocking phishing and fraud messages.

What is DMARC?

DMARC stands for Domain-based Message Authentication, Reporting & Conformance. It is an email validation system designed to protect your company’s email domain from being used for email spoofing, phishing scams, and other cybercrimes. Its aim is to prevent email spoofing, phishing scams, and other malware from being sent from the company’s email domain.

SPF (Sender Policy Framework) and DKIM (DomainKeys Defined Mail) are two existing email authentication techniques that DMARC uses (Domain Keys Identified Mail). DMARC introduces a crucial feature: reporting. When a domain owner adds a DMARC record to their DNS record, they’ll be able to see who’s sending an email on their behalf. This data may be used to obtain more specific information about the email channel. 

A domain owner can gain control over emails sent on his behalf using this information. DMARC can be used to shield the domains from phishing and spoofing attacks.

Why Does Your Business Need DMARC?

There is no medium with a broader scope than email, which has nearly 5 billion accounts worldwide. As a result, cybercriminals choose this channel for their malicious purposes. Despite the fact that improved security measures have been implemented in recent years to secure this platform, crime continues to rise year after year. 95% of all cyber-attacks and data breaches involve emails.

DMARC adds value in this field. DMARC not only gives you complete visibility into your email channels but also renders phishing attacks noticeable. DMARC is more powerful: DMARC will reduce the impact of phishing and malware attacks, prevent spoofing, protect against brand misuse and scams, and protect business email from being compromised. DMARC Check enables organizations to deploy DMARC and simplify their DMARC setup.

Where Does DMARC Help?

Malicious emails sent on their behalf threaten organizations and their clients; DMARC will stop these attacks. A company may gain insights into their email channel using DMARC. Organizations will focus on deploying and executing a DMARC policy based on the information provided.

Organizations are shielded from the following threats when the DMARC policy is set to p=reject:

  • Phishing on customers of the organization
  • Brand abuse & scams
  • Malware and Ransomware attacks
  • Employees from spear phishing and CEOs from fraud

Organizations will gain complete insight into their email channel using ProDMARC. Since companies could historically only learn about phishing attacks after they had already occurred, DMARC’s ability to gain complete visibility into the email channel is a significant benefit. It is possible to gain insight into phishing attacks using DMARC. Customers will be told ahead of time in this manner, resulting in a more positive experience. This way, customers are aware of these attacks in advance.

DMARC in Practice

DMARC’s primary aim is to identify and avoid email spoofing. Phishing scams, for example, use bank domains to send emails on their behalf. Customers of that bank believe they have received a legitimate email informing them that their bank card is no longer valid. The connection you are supposed to click will take you to a fake website.  This website is exactly the same as the real website and logging in will provide cybercriminals the possibility of using your credentials.

Originally, email authentication strategies such as DKIM and SPF were used to secure the domains from such scams. Cybercriminals, on the other hand, can get around these safeguards. DMARC will establish a connection between SPF and DKIM in order to completely protect your domain and email channel. When you add DMARC to your DNS record, you gain control over your email channel. 

On a regular basis, ISPs can provide Aggregate (RUA) and Forensic (RUF) DMARC reports, which can be sent to the email address mentioned in your DMARC log. Aggregate Reports (RUA) and Forensic DMARC Reports (RUF) are the two forms of DMARC reports available:

Aggregate DMARC reports (RUA) are

  • Sent on a daily basis
  • Provide an overview of email traffic
  • Include all IP addresses that have attempted to transmit email to a receiver using your domain name

Forensic DMARC reports (RUF) are

  • Real-time
  • Only sent for failures
  • Include original message headers
  • May include the original message

SPF, DKIM, and DMARC outcomes can all be monitored and analyzed using ProDMARC’s dashboard. Adding a DMARC record to your DNS isn’t enough to keep your domains secure. DMARC works for three different DMARC rules, allowing you to choose what happens to your addresses. The ‘none’ policy is only used to gather data and keep track of your latest email channel. 

There are two more DMARC policies to enforce your email channel. The DMARC ‘quarantine‘ policy would send a malicious email to the recipient’s spam folder, while the ‘reject’ policy will not deliver the email at all.

Why is DMARC Important?

To tie all of these, DMARC provides the following benefits to domain owners:

Prevention of fraud emails

You can tell email receivers to reject any email that appears to come from your domain but fails the DMARC check if you use DMARC and ensure all of your valid email sources follow DMARC alignment. DMARC is an anti-phishing control that has been used to prevent massive quantities of email fraud.

Simplified delivery to the recipient’s Inbox

DMARC makes it easy for email recipients to recognize a letter. To combat spam, email recipients devote a significant amount of time, money, and resources to the development of technology that filters out unwanted messages. The DMARC implementation helps email receivers streamline their filtering rules, easily identify and distribute emails. If an email passes DMARC authentication, it means it truly comes from the domain displayed in the From address.

Protection of the domain and brand reputation

You can detect unauthorized senders using your domain by reviewing DMARC reports, and you can tell recipients to reject emails sent from your domain if they fail the DMARC search. This will reduce the number of unsolicited emails from your domain, which will damage your sender’s credibility, brand, and ROI.

Email traffic control

The use of DMARC gives you complete control over your email sources, ensuring that they only deliver valid messages to your subscribers. You can verify whether your valid sending sources pass the SPF and DKIM checks, and you can resolve any authentication problems that arise. 

DMARC allows businesses to monitor how their partners send emails on their behalf to ensure that everything is sent correctly. This lowers the chances of your sending IP/domain being blacklisted for sending spam emails.

Easier email visibility and brand recognition

You will use the BIMI standard to show your logo next to your messages in the recipient’s inbox if you use DMARC enforcement. BIMI assists the recipient in recognizing your emails in a crowded inbox and ensuring that the email was sent by you and not by anyone posing as you. 

The BIMI standard is currently only endorsed by Yahoo and Gmail’s mailbox provider.

For those concerned about email deliverability, DMARC has become a “must-have.” If your emails are not DMARC compliant, they can compete for a user’s Inbox with spam and fraud emails.

ProDMARC For Protecting Emails

ProDMARC offers user-friendly DMARC services as well as professional guidance to help you get to a reject policy as quickly as possible. ProDMARC is a DMARC email protection and SaaS solution that allows businesses to handle complex DMARC deployments with ease. The solution offers 360-degree visibility and governance across all email channels. Contact us to improve your email authentication services through ProDMARC.

Categories
Uncategorized

What Is DMARC And Why Does It Matter To You?

DMARC is the acronym for Domain-Based Message Authentication, Reporting, and Conformance.

It is a security practice in the world of email that allows people to determine which messages are from legitimate sources such as businesses, and which are from fraudsters seeking to take advantage of them.

DMARC is used by organizations in a number of industries for a variety of purposes that we will address later, but the overarching aim is to defend against spam and reduce cybercrime.

The definition of DMARC is not entirely new. Instead, it employs DKIM and/or SPF to conduct a more detailed review of each email received.

A domain owner may define its own authentication protocol with DMARC using a DMARC policy

The DMARC policy is used to signal to an incoming server what to do if a message fails the DMARC test. Finally, the policy will produce reports that detail each review to help enhance processes and provide early warning if the account is spam.

Let us take a look at how the other two methods for authenticating emails operate to get a better understanding of this process.

How does DMARC work?

The best way to understand DMARC is that it is a method of evaluating whether or not an email is authentic. Companies may use this standard to publish policies or regulations within their email system, causing messages that do not follow particular criteria to be discarded.

Anyone studying DMARC should be familiar with the acronyms SPF and DKIM, which stand for Sender Policy Framework and DomainKeys Defined Mail, respectively. Before DMARC can be implemented, each of these protocols must be defined.

SPF

The Sender Policy Framework is a process that allows you to accept messages sent on your behalf. Each email contains a communication between the recipient’s DNS server and the sender’s DNS server.

By introducing an SPF, your DNS will only be able to send messages from IP addresses that have been authorized (essentially, devices).

Emails from other IP addresses are blocked, so no one in another country can send messages on your behalf.

There are many tools available to help you set up an SPF. Although each domain provider will typically have its own set of rules to follow, ProDMARC’s version of the DMARC setup process is relatively simple.

DKIM

DKIM, on the other hand, is relatively straightforward to describe but substantially more difficult to implement than SPF.

Each email will be marked with an invisible stamp that works similarly to a signature on a letter. This information is stored in the header and decrypted by the recipient’s server, which enables it to authorize the sender based on what it knows about them.

Many tech experts also note the use of DKIM to ensure that an email has not been tampered with on the way to the recipient’s inbox, similar to how people line out blank spaces on checks to prevent further information from being added.

DKIM is a little difficult to set up. It requires the development of a public key (the system that enables a mail server to decrypt your signature) as well as a private key (which encrypts it, therefore hiding it from others).

Your domain provider should have instructions that will allow you to set up both.

Why should your organization use DMARC?

By now, you should have a clear idea of why it is important to have DMARC records associated with your messages. To drive home the point, we will go over each gain one by one, beginning with security.

DMARC’s reporting function means that receivers activated by DMARC can tell you:

Email Spoofing

There are several types of fraud, and email is arguably one of the worst-affected fields.

According to the Herjavec Group, cybercrime would cost the world $6 trillion by 2021; although it is difficult to predict how much of that would come from spoofing techniques, a simple glance through your junk mail can reveal how many people are trying to cheat you for financial benefit.

Of course, it is less about data breaches and network infiltrations that drill holes in the networks and steal money in this case. DMARC is used to check the company’s own identity, stopping actual consumers from communicating with people posing as you.

Damage To Your Brand’s Reputation

If one of your customers gives money or information to an imposter, the outcome will almost always be a negative experience.

DMARC is an extra security mechanism intended to keep out criminals who are becoming more innovative in their tactics.

That said, you should possibly say goodbye to any large orders from customers who were caught in the crossfire. They will be unsure of which senders they can trust, and even the mention of your brand can conjure up unpleasant memories.

Awareness

Many small businesses are unaware of how vulnerable they are to cybercriminals.

It is the same if you are a regular person with a small savings account. You should not want someone to steal your prize money because the criminals have bigger fish to fry.

Email authentication

If you send email messages that you think could be spoofed, you can inform recipients that if the SPF/DKIM checks fail, they can reject or quarantine the post. Rejection or DMARC quarantine is useful if you want your recipients to be 100% positive that an email from one of your receiving domains really came from you. This will ensure that your domains and brand are still trusted.

Feedback and reporting

There are two types of DMARC reports. Aggregate reports show you the email message header data as well as the recorded information, such as the message disposition, which indicates what the recipient did with the messages.The harassment reports that go through the email server Feedback Loops are close to forensic reports. They are modified versions of email messages that failed SPF, DKIM, or both. These are useful for finding any snags that may occur during the DMARC implementation.

Final Thoughts- Why is DMARC important?

We hope we have clarified the benefits of adopting a DMARC policy clearly, but cybersecurity professionals are taking their time to spread the word.

Although 47 percent of government domains have adopted this feature ahead of time, research reveals that just 0.5 percent of the world’s top one million domains have done so, despite the fact that 76 percent of email clients support it.

Worse still, according to research 77 percent of domains with a DMARC policy may not be sufficiently covered due to DMARC configuration issues.

It is important to set things up with the aid of an expert if you want to defend your organization from cybercrime.

ProDMARC is a convenient and secure DMARC email protection that has been specifically developed to meet the changing business needs of organizations. We provide 100 percent DMARC security by blocking phishing attempts, notifying you as soon as possible, and reducing false positives to 0%. As a consequence, the organization’s efficiency and deliverability will increase. Get Started with top-class cybersecurity solutions for your business at ProgIST.

Categories
Uncategorized

How can DMARC prevent the misuse of your domain?

The ability to create fake emails has long been used by cybercriminals as a tool for the deployment of spam, phishing attacks, or malware, and has been so since email was invented. DMARC is an easy way to give an email recipient the opportunity to verify an email’s validity with additional security that makes it easier to recognize.

It is understood that cybercriminals copy well-known brands and use the trusted reputation of the brand to send emails to recipients and orchestrate an impostor. The offenders end up giving away confidential data such as credit card pins, passwords or even end up making payments to the impostors.

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is an email protection service that enables the identification and prevention of email spoofing. The aim of DMARC is to wage war on email phishing scams, where the address of the sender has been forged to look as if it came from a legitimate organization.

How does DMARC protect your domain emails?

For an organization that sends emails to its customers, DMARC guarantees that valid emails are authenticated and the identity of the sender is checked by the email service provider of the recipients. Fraudulent emails that tend to be originating from domains under the jurisdiction of the company are blocked. In its DMARC policy, the organization can also include domains that do not send emails or even defensively registered domains.

Inbound emails that fail DMARC authentication do not enter the inbox of the recipient, so phishing emails are filtered out. So, if you get an Income Tax Department email with a “From” address with intimations@cpc.gov.in, did cpc.gov.in really approve the message?

DMARC is built on two existing and widely deployed email authentication techniques, the Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).

SPF- enables domain owners to approve hosts who can use the “MAIL FROM” or “HELLO” identifier with their domain name. A list of hosts that are permitted to use a specific domain name is published as a specially formatted TXT record in the Domain Name System (DNS) records of that domain.

DKIM– allows a digital signature for a domain owner tag and email message. Email authentication is performed using the public key of the signer, which is published in the DNS. A valid signature ensures that, since the signature was attached, at least some parts of the email have not been changed.

While SPF and DKIM helped identify fake emails, neither of these protocols included a way to report what and why messages were denied. DMARC addresses this issue by enabling domain owners to tag sent messages to prove validity with certain domain identifiers.

It provides instructions for receiving email servers on how to deal with messages that fail authentication tests for SPF and DKIM; and also provides a reporting system to convey what activities were taken under the policies.

Benefits of DMARC

What separates DMARC from other protocols for email authentication is its reporting feature. You can see who sends emails on behalf of your domain, your brand, with DMARC, and stop spammers from using it to send fake emails.

DMARC’s reporting function means that receivers activated by DMARC can tell you:

  • How many messages they’ve received using your domains in the From address
  • Where the messages come from
  • If they passed DKIM and SPF tests on these messages

Other advantages:

  • Before DMARC, receiving email servers did their best to decide whether or not the email was legitimate. It was never perfect and users had to search for lost emails in spam folders.
  • DMARC offers visibility dealing with messages that fail to authenticate.
  • By preventing unauthorized hosts from sending mail on your domain’s behalf, publishing a DMARC record protects your brand.
  • Valid emails are easily recognized after setting up your DMARC Record. This means you can advise all recipients to reject emails from anyone who imitates your business. This was DMARC’s original goal-to stop domain harassment.
  • DMARC reports give you an insight into who is sending mail from your domain.

It is easier to decide that the messages are not bad for inbox providers. Such emails are more likely to be sent easily and without errors to the recipient’s mail. Setting up a DMARC policy and finding the best service provider to deliver your emails would only help improve the credibility of your company.

Conclusion

We at ProGIST suggest getting a well-implemented DMARC setup to avoid emails reaching end-users who spoof your domain. This is a highly successful way to avoid the sending of both general phishing emails to your customers and spear phishing emails to your employees.

ProDMARC hand holds you during the entire life cycle of implementing DMARC including domains that do not send emails or even defensively registered domains. We study your outbound email traffic trend including marketing communications sent by third-party email campaign tools, by configuring SPF and DKIM records in your DNS for all your domains and configuring the DMARC record in your DNS with the right policies from the “monitoring” to “blocking” modes. Contact our experts for advanced cyber security solutions for your business.

Categories
Uncategorized

ProDMARC – Mastering email security with DMARC

We all know the greatest way for hackers to access our networks is through phishing attacks and email phishing scams. If a single user clicks on any malicious email attachment, ransomware, crypto-jacking, data leaks or privilege escalation vulnerabilities may compromise an entire enterprise. To try to minimize these opportunities, a variety of security protocols have been invented over the years.

This is particularly needed today when a lot of us are working from home and need all the security we can for our email.

The good news is that you now have options for implementing enhanced security protocols that will shield you from malicious emails for a long time. Perhaps better, whether you are the recipient or the sender, these enhanced protocols will shield you.

The different solutions are actually very complementary to each other. Chances are high that all three of them will be needed by the average business. The three solutions are:

  • Sender Policy Framework (SPF), which hardens the DNS servers and limits who can send your domain emails.
  • DomainKeys Defined Mail (DKIM), which guarantees that your email content remains trustworthy and has not been manipulated or compromised.
  • Domain-based Message Authentication, Reporting and Conformance (DMARC), which links the first two protocols together with a consistent set of protocols.

What is SPF?

The Sender Policy Framework (SPF) hardens and limits who can send emails from your domain to your DNS servers. SPF can prevent spoofing of domains. This helps the mail server to evaluate when a letter is sent from the domain it uses. SPF has three key elements: a policy structure as the name suggests, a system of authentication, and specialized headers that express this information in the actual email itself.

What is DKIM?

DomainKeys Defined Mail (DKIM) guarantees that your email content remains trusted and has not been manipulated or compromised. It was first proposed in 2007 and has been revised on many occasions, most recently last month with IETF standard 8301. SPF and DKIM were both revised in 2014 to the IETF standard 7372.

What is DMARC?

Domain-based Message Authentication, Reporting, and Conformance, DMARC configuration connects the first two protocols together with a standard set of policies. It also connects the domain name of the sender with what is specified in the From header and has some better reporting from mail recipients as well. It was proposed in 2015 as IETF standard 7489.

Not only for recipients, DMARC protects the outgoing emails for senders in businesses too. A sender address is allocated to outgoing messages by the client application; outgoing email servers have no way of knowing whether the sender address is legitimate or spoofed.

Recipient servers and email phishing tools like DMARC can help detect and filter the spoofed messages.

Reasons for these protocols

Phishing attack prevention is a part of the explanation for the three different protocols. It has to do with the fact that each one solves a very different piece of the email puzzle. This is done by a combination of standard authentication and encryption tools, such as signing public and private keys and inserting unique DNS records to authenticate emails from your domains.

The evolution of the Internet email protocols themselves is another reason. It was mainly used by university researchers back in the early days of the Internet, where everyone knew the other’s name and trusted each other. Unfortunately, those days are long gone.

The message headers (such as the addresses To: and From: and Bcc:) were intentionally isolated from the actual message content itself. This was an attribute. But for IT administrators of the modern age, the separation has brought new worlds of pain.

You can be sure that messages can not be easily forged and that you can block them from ever darkening the inboxes of your users if your email infrastructure implements all three protocols properly.

Some complications…

Let’s look at the complicating factors.

First are the disappointing surveys on usage. While a Google survey showed that some security was used by 85 percent of received emails in its Gmail infrastructure, that is not true for the average email user of the company. A consultancy study by a leading email analytics and deliverability platform analyzed 21,000 of the top global domains and found that two of the three protocols have been implemented by just 20 percent. This agrees with another study, which indicates that DMARC implementation is properly used by just 15 percent of the F500, although the amount has doubled from a year ago.

Next, it is not easy to set up DMARC and the implementation is prone to a lot of operator errors. For example, you have to set it up for any domain and subdomain you own for SPF and DMARC email protection to operate. The configuration can become repetitive very quickly if your organization runs a lot of domains or subdomains. And you have to make sure that the correct DNS entries also protect every subdomain.

They have instructions about DKIM and how to create your domain key if you are using Google for your email. They have suggestions about how to configure the different DNS records if you are using cPanel to administer your domain. When you think you are done, you can use an online tool to verify that your email headers contain the appropriate DKIM keys.

Although there are resources to support it, it will take very advanced skills to get it configured. Even your corporate DNS guru might not be familiar with the commands needed by each protocol, since they are not commonly used and their syntax can be difficult to get exactly right. Setting up the protocols in a particular order can help.

All your email-consuming apps need to be monitored. You will not know how many different parts of your own infrastructure communicate with your email system when you first begin implementing these protocols.

Why are authentication protocols so important?

Many organizations think that a perfect way to serve their clients is by sending them bulk emails. Bulk emails containing significant service changes, recall notices, upgrade alerts, and other essential business details are efficient ways to keep clients up-to-date about how they will continue to profit from your business. Legitimate telemarketers seeking to hit their client targets with useful sales details are other organizations invested in sending bulk emails.

Unfortunately, as phishing attacks and spam emails are constantly growing, many organizations take an over-protective role in terms of incoming emails, particularly if they appear to be part of a mass mailing. This can contribute to the sending of significant, legitimate emails to spam folders where they will remain unread, or be fully rejected.

These protocols are being applied to their filtering methods by several email providers, including Google and Microsoft. It is expected that this will go a long way towards strengthening a safe and secure email environment. Logging into your domain registrar to configure your DNS settings requires setting up the files required for these protocols.

This might need the help of technical professionals. If your in-house IT team is unprepared to handle this, contact any professional help you have an agreement with, or consult for assistance with a managed IT service provider. ProgIST believes in protecting both your and your clients’ email rights and privacy. ProDMARC helps you implement email authentication with DMARC to stop fraudsters from misusing your domain. Get Started with top-class cybersecurity solutions for your business at ProgIST.

Categories
Uncategorized

What is DKIM & It’s Best Practices?

DKIM stands for DomainKeys Identified Mail and is used for the authentication of an email that is being sent. It is an email security standard designed to make sure messages are not altered in transit between the sending and recipient servers.

It uses public-key cryptography to sign email with a private key as it leaves a sending server. Recipient servers then use a public key published to a domain’s DNS to verify the source of the message, and that the body of the message has not changed during transit. Once the signature is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.

Difference between DomainKey & DKIM

DomainKeys is a deprecated email authentication system designed by Yahoo to verify the domain name of an email sender and the message integrity. Aspects of DomainKeys(DK), along with parts of Cisco ‘s Identified Internet Mail (IIM), were combined to create DKIM (DomainKeys Identified Mail) which provides more security and flexibility.

What are the DKIM best practices?

Key Length: Use a minimum of a 1024-bit key length to increase key complexity. This is because shorter keys, such as 512-bit, have a higher vulnerability and can be cracked within 72 hours using inexpensive cloud services.

Rotation: Keys should be rotated at least twice per year to reduce the period of time the key could be maliciously used to compromise the integrity of email.

Monitoring: To be able to monitor how receivers are accepting email signed with DKIM, it is recommended to implement DMARC with a “p=none” policy (also referred to as “monitoring mode”). Use DNS to monitor how frequently keys are queried. DMARC standardizes how email receivers perform email authentication using the well-known SPF and DKIMmechanisms.

Hashing Standards: Deprecate the use of SHA1 for hashing and move to SHA256

Third Party Mailers: Organizations should be engaged with anyone that sends mail on their behalf to ensure that their third-party vendor (i.e., their email service provider) complies with these best practices

Points to keep in mind while creating DKIM Key

  • Make sure that the sending systems you use support DKIM.
  • Make sure that the emails are DKIM signed.
  • Make sure that the signing domain aligns with the “From” domain.
  • Make sure that you use a DKIM key size over 1024 bits (a 2048-bit key is advisable).
  • Make sure, where possible, that the DKIM selectors you choose closely identify the sending service so you can distinguish between them
  • Make sure to revoke any keys that have bee compromised.
  • Make sure that the DKIM keys you manage are rotated on regular basis.
  • Make sure that the DKIM key syntax is correct.
  • Make sure that there exists a public key for each corresponding private key that signs your email
Categories
Uncategorized

What is SPF & it’s best practices?

What is SPF?

The Sender Policy Framework (SPF) is an email-authentication technique which defines a way to validate whether an email was sent from an authorized mail server in order to prevent spam. SPF allows the receiving mail server to check whether a mail claiming to come from a specific domain is submitted by an IP address authorized by that domain’s administrators. Together with the DMARC related information, this gives the receiver (or receiving systems) information on how trustworthy the origin of an email is. The list of authorized sending hosts and IP addresses for a domain is published in the DNS (Domain Name Service) records for that domain.

What does SPF DO?

Suppose a spammer forges a hotmail.com address and tries to spam you. They connect from somewhere other than Hotmail. When his message is sent, you see MAIL FROM: , but you don’t have to take his word for it. You can ask Hotmail if the IP address comes from their network. (In this example) Hotmail publishes an SPF record. That record tells you (your computer) how to find out if the sending machine is allowed to send mail from Hotmail. If Hotmail says they recognize the sending machine, it passes, and you can assume the sender is who they say they are. If the message fails SPF tests, it’s a forgery. That’s how you can tell it’s probably a spammer.

What are the best practices for SPF?

DNS lookup for SPF record should not exceed 10 DNS lookup. If you have more than ten lookups in your record, a permanent error could be returned during the SPF authentication process. DMARC treats that as fail since it’s a permanent error, and all SPF permanent errors are interpreted as fail by DMARC.

SPF was the first email authentication scheme to achieve widespread adoption, but it’s not the only one out there. SPF authentication is most effective when deployed in combination with other anti-fraud techniques such as DMARC.

Categories
Uncategorized

What Does DMARC Do That SPF Doesn’t?

Adversaries commonly conduct social engineering and spear phishing attacks against organisations using fake emails. By modifying the sender’s address, or other parts of an email header to appear as though the email originated from an intended source, an adversary can increase the likelihood of their target complying with a request, such as opening a malicious attachment or disclosing information.

Organisations can reduce the likelihood of their domains being used to support fake emails by implementing Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM) and Domain-based Message Authentication, Reporting and Conformance (DMARC) records in their Domain Name System (DNS) configuration.

SPF, DKIM and DMARC records are publicly visible indicators of good cyber hygiene. The public can query a DNS server and see whether an organisation has SPF, DKIM and/or DMARC protection.

SPF Stands for Sender Policy Framework

SPF is an email verification system designed to detect fake emails. As a sender, a domain owner publishes SPF records in DNS to indicate which mail servers are allowed to send emails for their domains.

When an SPF-enabled mail server receives email, it verifies the sending mail server’s identity against the published SPF record. If the sending mail server is not listed as an authorized sender in the SPF record, verification will fail.

SPF ‘from’ header weakness

SPF has a known weakness. Mail servers applying SPF policies check the RFC5321.Mailfrom header (commonly called the ‘envelope from header’) while email clients typically display the RFC5322.Mailfrom header (commonly called the ‘message/letter from header’) to the users as the source of an email.

Adversaries are aware of this weakness and use it to bypass SPF checks by using a domain they control in the envelope from header, and the domain they wish to spoof (but don’t control) in the message/letter from header.

DMARC addresses this weakness by checking that these two headers align.

Domain-based Message Authentication, Reporting and Conformance (DMARC)

DMARC enables domain owners to advise recipient mail servers of policy decisions that should be made when handling inbound emails claiming to come from the owner’s domain.

DMARC’s alignment feature prevents spoofing of the “header from” address by:

  • Matching the “header from” domain name with the “envelope from” domain name used during an SPF check, and
  • Matching the “header from” domain name with the “d= domain name” in the DKIM signature.

To pass DMARC, A message must pass SPF authentication and SPF alignment and/or DKIM authentication and DKIM alignment.

A message will fail DMARC if the message fails both (1) SPF or SPF alignment and (2) DKIM or DKIM alignment.

DMARC allows senders to instruct email providers on how to handle unauthenticated mail via a DMARC policy, removing any guesswork on how they should handle messages that fail DMARC authentication. Domain owners can request that recipients:

  • Allow, quarantine, or reject emails that fail SPF and DKIM verification
  • Collect statistics and notify the domain owner of emails falsely claiming to be from their domain
  • Notify the domain owner how many emails are passing and failing email authentication checks
  • Send the domain owner data extracted from a failed email, such as header information and web addresses from the email body

,ProDMARC as a product built on a mission to achieve a secure and spoofing free email channels across all of internet space; makes reporting of DMARC, providing volumes and trends of the outbound mails including that of phishing campaigns and yield confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance; smooth and uncomplicated. Summarizing, ProDMARC helps improve customer and third party trust in email communications.

Sign up for your 1 month ProDMARC trial by writing to us on ,,info@progist.net ,So that while you stay home safe from COVID-19, your email domains are safe from email spoofing !!

Categories
Uncategorized

Why DMARC is important?

With the rise of the social internet and the ubiquity of e-commerce, spammers and phishers have a tremendous financial incentive to compromise user accounts, enabling theft of passwords, bank accounts, credit cards, and more. Email is easy to spoof and criminals have found spoofing to be a proven way to exploit user trust of well-known brands. Simply inserting the logo of a well known brand into an email gives it instant legitimacy with many users.

Users can’t tell a real message from a fake one, and large mailbox providers have to make very difficult (and frequently incorrect) choices about which messages to deliver and which ones might harm users. Senders remain largely unaware of problems with their authentication practices because there’s no scalable way for them to indicate they want feedback and where it should be sent. Those attempting new SPF and DKIM deployment proceed very slowly and cautiously because the lack of feedback also means they have no good way to monitor progress and debug problems.

DMARC addresses these issues. DMARC (Domain-based Message Authentication Reporting and Conformance) is an email validation system designed to protect your company’s email domain from being used for email spoofing, phishing scams and other cyber-crimes. DMARC take the advantage of the existing email authentication techniques SPF (Sender Policy Framework) DKIM (Domain Keys Identified Mail). DMARC adds an important function, reporting. When a domain owner publishes a DMARC record into their DNS record, they will gain insight in who is sending email on behalf of their domain. This information can be used to get detailed information about the email channel. With this information a domain owner can get control over the email sent on his behalf.

At ,,ProDMARC, we’re here to help you ensure DMARC compliance for your organization and your third party vendors. ProDMARC as a product built on a mission to achieve a secure and spoofing free email channels across all of internet space; makes reporting of DMARC, providing volumes and trends of the outbound mails including that of phishing campaigns and yield confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance; smooth and uncomplicated. Summarizing, ProDMARC helps improve customer and third party trust in email communications.

Our ,,ProDMARC platform and managed services ensure that customers are able to identify, inventorize, and achieve DMARC compliance for all third party partners of the organization. ProDMARC is chosen by top organizations across industry verticals including banking, insurance, stock markets, healthcare & pharmaceutical, telecom, energy etc.

With the economy in slump, ,,ProDMARC announces a limited-time offer during the ongoing pandemic — 15 days of DMARC health assessment report, completely free for all organizations who wish to gain visibility of the mail based phishing threats which are at an all-time high.

Sign up for your 15 day ProDMARC trial by writing to us on ,info@progist.net
So that while you stay home safe from COVID-19,
your email domains are safe from email spoofing !!