Tag: Email impersonation

Categories
Uncategorized

SPF, DKIM and DMARC: Are they mere acronyms or Useful Email Security?

Shield Icon Cyber Security, Digital Data Network Protection, Future Technology Digital Data Network Connection Background Concept.

Since the early days of the internet, spam has been a persistent and chronic problem. Gary Thuerk of Digital Equipment Corp (DEC) sent the first unsolicited mass e-mailing (later dubbed SPAM) on May 1, 1978, advertising the VAX T-series to 400 of the then 2600 ARPAnet users.

The SMTP email protocol, which we still use today, evolved from these early ARPANET mail protocols (Postel RFC788 and RFC821) in the early 1980s, and has changed very little since then. The SMTP protocol has had little to no security built in since its introduction, and when used to send email, it offers little defense against spoofing of email addresses or servers. However, several new tools have recently been added to the email security arsenal to protect against these threats.

SPF, DKIM, and DMARC are all similar features for detecting spoofed or spam emails, but they vary slightly.

SPF (RFC 7208)

SPF (Sender Policy Framework) specifies a list of servers that are permitted to send email for a particular domain using a DNS entry. Its security is based on the fact that only authorized domain administrators have access to the DNS zone records for the domain.

DKIM  (RFC 6376)

DKIM (DomainKeys Identified Mail) differs from SPF in that it verifies that the receiving server is allowed to send mail for the domain and that the quality of the mail has not changed since it was sent. Using DKIM keys stored in DNS and DKIM uses a public/private key signing mechanism.

The following steps are applied to the email process with DKIM:

  • Sending servers create a signature with their DKIM private key and insert it into the email header (DKIM-Signature).
  • Email recipients look up the DKIM public key in the sending domain’s DNS TXT record, which is then used to verify the DKIM-Signature attached to the email.

If the email body content is modified, the email signature will no longer match and validation will fail.

This process verifies that the email content has not been tampered with, as well as that the email was sent from a domain-approved server.

DMARC  (RFC 7489)

DMARC (Domain-based Message Authentication, Reporting, and Conformance) incorporates elements of both SPF and DKIM by stating a simple DMARC policy that can be used in both tools, as well as allowing the domain administrator to set an address that can be used to submit information about forged mail message statistics gathered by receivers against the same domain, for example:

  • Relative levels of spoofing of your domain(s).
  • Who is spoofing email purporting to be from your domain?

Does that mean your spam problem is resolved?

In an ideal world, all email servers would use these techniques, and SPAM would be significantly reduced. However, since making a mistake in configuring the necessary DNS TXT records can result in the loss of important emails, some domain owners have been hesitant to implement the methods. 

Despite this, major email domain owners such as Google, Microsoft, and Yahoo have implemented these approaches.

SPAM can still be transmitted via compromised accounts and servers, shared hosting email servers, and misconfigured servers, so multilevel email protection is the only way to ensure a clean and safe email feed.

How effective are DMARC, SPF, and DKIM?

These tools will undoubtedly have a significant effect on the fight against SPAM, and the more domains that use them, the better. However, caution should be exercised during DMARC implementation to ensure that all settings are right before going live. SPF, for example, allows you to set the changes in a test mode, which means that recipient domains will not block any mail that fails the test.

Wrapping Up

ProgIST believes in protecting both your and your clients’ email rights and privacy. ProDMARC helps you implement DMARC authentication to stop fraudsters from misusing your domain. Get Started with top-class cybersecurity solutions for your business at ProgIST.

Categories
Uncategorized

How can you block email based impersonation and phishing attacks with DMARC?

Hacker in front of his computer

It is a well-known fact that in most of the cyber-frauds, the cyber criminals impersonate trusted identities, mainly because the chances of the victim falling for such emails are high. These attacks are commonly called as email spoofing.

Let us look at some quick facts about email spoofing attacks:

  1. Over 70% of fraudulent emails are directly sent from a domain name of the victim organisation.
  2. According to a latest email security risk assessment, there is a surge in email spoofing attacks by over 22% as compared to previous quarter.

These attack types are highly sophisticated and it requires us to take a multi-layered approach to detect and stop such attacks

Types of Impersonation Attacks

The email spoofing attacks most commonly used for targeting the dependent parties of the organisation like their customers, partners and associates. The victims might be able to differentiate such emails from legitimate emails and might fall for such attacks

Another major attack exploiting identity theft is CEO/CFO frauds. Here the employees are tricked to make payments to fraudsters account or share confidential information of the organisation.

Why DMARC?

The only way to protect your dependent parties from falling for such attacks is to protect your mailing domain with Domain-based Message Authentication, Reporting & Conformance (DMARC) security control. It works by prohibiting anybody except expressly approved senders from using an organization’s domain (including internal and third-party mailing systems) to send an email. Additionally, DMARC reports also helps you to identify and appropriately configure all your legitimate email senders and also to visualize the threat targeting the organisation’s domain.

How does ProDMARC help you in DMARC journey?

ProDMARC is built on a mission to achieve a secure and spoofing free email channels across all of internet space; makes reporting of DMARC, providing volumes and trends of the outbound mails including that of phishing campaigns and yield confirmation for reliability of the outbound mails in terms of SPF, DKIM & DMARC conformance; smooth and uncomplicated. It helps in gaining visibility on your email domain getting used on your behalf by third parties. It’s important to gain visibility of unauthorized emails which might be getting sent from your brand; ensures that emails do not get blocked due to misconfigurations, making the best use of the customer email communication; generates actionable threat intelligence feeds for your security and transaction monitoring systems helping to block targeted attacks proactively and also helps in identification of lookalike domains for your brand.

To summarize, ProDMARC helps improve customer trust in email communications.

Get in touch with us or schedule your 15-day trial for the most advanced email security solutions.