With a battle against COVID-19 worldwide, a different sort of battle is being waged in the electronic conduits of the internet. People around the world have fallen prey to email scams supposedly from trusted organizations during the coronavirus pandemic.
Click here to read our article on one such Coronavirus themed phishing attack.
In the most recent high-profile coronavirus scam, an email supposedly from the World Health Organization (WHO) was sent around the world requesting donations. The sender’s address was ‘donate@who.int’, where ‘who.int’ is the real domain name for WHO. The email was confirmed to be a phishing scam, but at first glance, all signs pointed to the sender being genuine, as the domain belonged to the real WHO.
Although, this is one in a growing series of phishing scams that use emails related to coronavirus to steal money and sensitive information from people. But if the attackers are using a real domain name, how can we distinguish a legitimate email from a fake one? How are the attackers able to employ email domain spoofing on such a large organisation with such efficiency? And how do entities like WHO find out when someone is using their domain to launch a phishing attack?
The answer is DMARC !
Email is the most widely used business communication tool in the world, and still it’s a completely open protocol. On its own, there’s very little to monitor on who sends what emails and from which email address. This becomes a huge problem when attackers disguise themselves as a trusted brand or public figure, asking people to give them their money and personal information. As per statistics, over 90% of all company data breaches in recent years have involved email phishing in one form or the other. And email domain spoofing is one of the most leading causes of it. In an effort to secure email, protocols like Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) were developed.
What are SPF and DKIM ?
SPF cross-checks the sender’s IP address with an approved list of IP addresses, and DKIM uses an encrypted digital signature to protect emails. While these are both individually effective, they have their own set of blemishes.
To learn more about SPF, DKIM and DMARC, click here
THE UNIFIED COMBATANT : DMARC
DMARC, developed in 2012, is a protocol that uses both SPF and DKIM authentication to secure email, and additionally has a mechanism that sends the domain owner a report whenever an email fails DMARC validation. This means the domain owner is notified whenever an email sent by an unauthorized third party.
Also decisively helping out the email receivers how to handle unauthenticated mail: whether to let it reach inbox, quarantine it or reject it outright. In theory, this should stop bad email from flooding people’s inboxes and reduce the number of phishing attacks. So why doesn’t it?
Email authentication requires sender domains to publish their SPF, DKIM and DMARC records to the Domain Name System (DNS). There’s a lack of serious implementation of DMARC across the business landscape, and it’s not gotten much better over the years. Many large scale private, public and not-for-profit organizations are yet to implement DMARC with their domains.
Here are some of the most serious concerns cited by major companies and businesses to implement DMARC authentication:
1. Deployment challenges
The strict enforcement of security protocols often means a high level of coordination in large institutions, which they often don’t have the resources for. Beyond that, many organisations don’t have much control over their DNS, so publishing DMARC records becomes even more challenging.
2. Risk of breaking the existing system
The relative novelty of DMARC makes it more prone to improper implementation, bringing up the real risk of legitimate emails unable to pass through. Businesses that rely on email circulation can’t afford to have that happening, and hence don’t bother adopting DMARC at all.
3. Concerns for returns on investment
DMARC authentication has direct benefits to the recipient of the email rather than the domain owner. The lack of serious motivation to adopt the protocol has kept many companies from incorporating DMARC into their systems.
Recognizing the need to implement DMARC
While the concerns expressed by businesses have merit, it doesn’t make DMARC implementation any less imperative to email security. The longer businesses continue to function without a DMARC-authenticated domain, the more all of us expose ourselves to the very real danger of email phishing attacks.
As the coronavirus email spoofing scams continue to teach us, no one is safe from being targeted or impersonated. Think of DMARC as a vaccine — as the number of people implementing it grows, the chances of catching an infection go down dramatically.
There are real & viable solutions to the problems expressed that might overcome people’s concerns over DMARC adoption. Here are just a few that could boost implementation by a large margin:
1. Reducing friction in the implementation process
The biggest hurdle standing for a company adopting DMARC are the overheads such as identifying the business processes which use third party mailing services for aspects such as marketing, CRM, HRMS, invoice generation etc., coordinating with such third parties for ensuring they become DMARC compliant, monitoring the steady state compliance levels etc. ProDMARC, through its automated platform and managed services ensures that the DMARC compliance is achieved quickly and maintained.
2. Streamlined deployment
By automating the compliance checks for the DMARC anti-spoofing authentication (SPF / DKIM) and ensuring sufficient learning curve in the “only-monitoring” but “no-blocking” phase of DMARC deployment, the project team can assess the impact it has on organization’s mailing ecosystem before going for a full deployment i.e. “block-everything” but “the-whitelisted”. ProDMARC, through its highly scalable automated platform ensures sufficient visibility of all mail senders of the organization from a SPF / DKIM and thereby DMARC compliance.
3. Improving usefulness
For the DMARC project team to justify the ROI for the DMARC project, they need to provide the requisite insights to the management in terms of improved mail deliverability as well as mitigation of spoofed mails impacting their brand. ProDMARC’s highly scalable data analytics setup provides large number of visually appealing dashboards for justifying the ROI.
Click here to read our article to learn more about the DMARC deployment roadmap.
Every new invention brings its new challenges. Every new challenge pushes us to find a new way to overcome it. DMARC has been around for some years now, still phishing has existed for much longer. In recent times, the coronavirus pandemic has only given it a new face.
At ProDMARC, we’re here to help you meet this new challenge with all guns blazing! ProDMARC as a product built on a mission to achieve a secure and spoofing free email channels across all of internet space; makes reporting of DMARC, providing volumes and trends of the outbound mails including that of phishing campaigns and yield confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance; smooth and uncomplicated. Summarizing, ProDMARC helps improve customer and third party trust in email communications.
The economy being in slump and resources scarce. Here’s where ProDMARC announces a limited-time offer during the Coronavirus pandemic — 3 months of DMARC health assessment report, completely free for all organizations who wish to gain visibility of the mail based phishing threats which are at an all-time high.
Sign up for your 3-month ProDMARC trial by writing to us on info@progist.net so that while you stay home safe from coronavirus, your domain is safe from email spoofing.