Mail is a tool that continues to work very well for business: it is inexpensive, scalable, convenient, nearly ubiquitous and may be used for driving revenue generation. The popularity of email as a communication tool for business has made it an attractive target for cyber criminal activity. Indeed, email remains the number one vector for fraud and the delivery of malware. This is simply a symptom of the inherent insecurity of the simple mail transfer protocol (SMTP) which is the predominant email protocol.
Email fraud costs companies around the world billions of dollars and can hurt brand reputation and undermine consumer confidence. According to the CSO website, https://www.csoonline.com/article/2975807/ cyber-attacks-espionage phishing-is-a-37-million-annual-cost-for-average-large-company.htmllarge companies are incurring a $3.7 million price tag annually just to deal with phishing attacks.
The Domain-based Message Authentication Reporting & Conformance (DMARC) standard, which was unveiled in 2012, is a powerful andproactive countermeasure in the fight against phishing and spoofing. DMARC is an email authentication protocol that can make the “header from” domain (what you see in your email client) trustworthy. DMARC is built on two other extremely important email authentication standards, Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM).
SPF is an email authentication protocol that allows the owner of a domain to specify which mail servers they use when sending email from that domain. The domain owner lists the IP addresses of authorized senders in a domain name system (DNS) record. Here is an example of such a DNS record:
If the IP address sending email on behalf of the owner is not listed in that SPF record, the message fails SPF authentication.
DKIM is a protocol that allows an organization to transmit a message in a way that can be verified by email providers. Verification is possible through cryptographic authentication within the digital signature in the email. By using cryptographic authentication, DKIM can ensure that the message has not been intercepted during transit. An example of a DNS record for DKIM follows:
V=DKIM1; - MIGfMA0GCSqGSlb3DQEBAQUAA4GNADCBiQKBgQDfl0chtL4siFYCrSPxw43fqc4zOo3N
Further information on DKIM may be obtained from www.dkim.orghttp://www.dkim.org
DMARC ensures that legitimate email is properly authenticating against established DKIM and SPF standards and that fraudulent activity appearing to come from domains under the owner’s control is blocked before ever reaching the receiver’s inbox. Moreover, DMARC policy may be configured to allow the sender’s domain to indicate that emails are protected with SPF and DKIM and instruct the receiver on handling authentication failure. Here is an example of a DNS record for DMARC:
Web Spoofing is a security attack that allows an adversary to observe and modifyall web pages sent to the victim's machine, and observe all information entered into forms by the victim.
DMARC implementation is no easy task. Complexity comes from the fact that there are lots of legitimate email senders operating on an organization’s behalf, and if authentication is implemented incorrectly, legitimate email flow may be interrupted at great expense to the organization. The goal is to get to a reject policy without blocking legitimate email and this requires full visibility into the email ecosystem of the organization.
As an authorized Proofpoint partner, TRUSTWORTHY Systems Inc. has access to the resources to help organizations get protection against email fraud. Proofpoint’s Email Fraud Defense leverages the power of DMARC email authentication to help organizations authorize all legitimate senders and block fraudulent emails before they reach employees, partners, vendors, suppliers or customers.
Let TRUSTWORTHY Systems Inc. be the catalyst for risky behavior, change and development of a better digital experience within your organization.