Email Security Protocol
When compared to the late 90’s when the first major Phishing attack occurred on AOL, there are many tools and mechanisms that are now available at your disposal to keep suspicious email from reaching into your inbox. Although M365 and Microsoft Azure offer a plethora of offerings, there is yet another one which should not be ignored: DMARC.
What Is DMARC?
It is an acronym that stands for “Domain-based Message Authentication, Reporting and Conformance”. Simply put, it is like any other email protocol that you may have encountered before, but it is unique in the sense that it does a highly effective job in blocking suspicious email from entering your email system. It is powerful enough that even traditional Spam based filters will reject any acceptance of it, and just ignore it.
But a huge benefit of it is that DMARC can be installed and custom configured for your own business domains, thus cutting down on the reliance of your ISP or Cloud provider to do this for you. The primary objective of it is to minimize the risk of an imminent Business Email Compromise (BEC) or any other form of Phishing attack to your business.
It also prevents a Cyberattacker from heisting your business domain, and using that in a large-scale spoofing campaign.
The Components Of DMARC
DMARC has two major parts to it, which are as follows:
- DKIM:
This is an acronym that stands for “Domain Keys Identified Mail”. Essentially, this is a mechanism that checks for the integrity of an email message. Foe example, each and every time that you send an email, it is digitally signed by what is known as a Private Key. Once the recipient of the email message receives it, it is then further validated by making use of a Public Key. The idea here is that this provides a way to make sure that the content of the original email has remained intact and has not been altered in any way by a malicious third party. Using DKIM has the added benefit of enhancing your domain’s reputation. This improvement in reputation helps build trust with the email providers that handle your emails as they are transmitted to their final destination. An illustration of DKIM can be seen below:
(SOURCE: 1).
- The SPF:
This is an acronym that stands for the “Sender Policy Framework”. With this protocol, you are actually whitelisting those email providers that can send email from your business domain. However, there is one caveat here. You can only use one SPF protocol for one business domain. But despite this one shortcoming, using the SPF is especially important to you if you rely heavily upon email marketing efforts to get new prospects, but it is also useful to have if you are working with other email intermediaries that send emails on your behalf. Examples of these include Constant Contact, Zoho, Hubspot, Marketo, etc. An example of the SPF can be seen below:
(SOURCE: 1).
Other Facets Of DMARC
One of the unique features of DMARC is that you can actually create your own policies from within it, in order to specify what kinds of email should reach your inbox and those which should be quarantined for further inspection. This is all triggered from the results of both DKIM and the SPF. An example of this is PayPal. They continue to be one of the hottest targets for both spoofing attacks and Phishing based emails.
As a result, PayPal implemented DMARC about 10 years ago, and ever since then, the company has been able to block well over 25,000,000 attacks (SOURCE: 2). Another nice benefit of DMARC is that it will publish detailed reports on your behalf, assuming that your email service will provide this kind of information to you. This particular log file will detail the following for you:
*The sending source of the email;
*Which emails have failed getting through both the SPF and DKIM;
*Which emails have passed both through the SPF and DKIM.
This gives you the granular data that you need in order to make sound decisions when it comes to protecting your business domain.
Conclusions
Clients can call us for help if you have questions. A key thing to remember here is to not rely upon the default settings when you first install it, as you will more than likely reject legitimate emails from coming into your inbox.
Sources