Introduction
Email fraud costs companies around the world billions, and can destroy brand reputation and consumer trust in a matter of minutes. Highly-targeted, low volume business email compromise (BEC) scams are arguably the most dangerous, costing organisations around the globe $26.2 billion since 2016, according the FBI. The DMARC standard is one of the most powerful and proactive weapons to date in the fight against phishing and spoofing.
What Is DMARC?
Unveiled in 2012 by an industry consortium, DMARC—Domain- based Message Authentication Reporting and Conformance—is an open email authentication protocol that enables domain-level protection of the email channel. It has reshaped the email fraud landscape, disrupting long standing phishing strategies and forcing cybercriminals to abandon preferred targets. DMARC has the potential to nullify an entire class of fraud within the next few years. DMARC allows email senders to:
- Reclaim control by authenticating legitimate email messages for their email-sending domains.
- Setup and instruct mailbox providers on how to treat messages that fail authentication, via an explicit policy setting
- Gain insights into the email threat landscape to help you identify threats against your customers and better protect your brand against phishing and spoofing.
At a glance
Email Authentication Methods
SPF
Sender Policy Framework (SPF) allows brands to specify who can send email on behalf of their domain. Brands list the IP addresses of authorised senders in a DNS record. If the IP address sending email on behalf of the brand isn’t listed in that SPF record, the message fails SPF authentication. Other failings of SPF include:
- Keeping SPF records updated as brands change service providers and add mail streams is difficult.
- Just because a message fails SPF, doesn’t mean it will always be blocked from the inbox.
- SPF breaks when a message is forwarded.
- SPF does nothing to protect brands against cyber criminals who spoof the Display Name or “header from” address in their message.
DKIM
DomainKeys Identified Mail (DKIM) allows an organisation to take responsibility for transmitting a message in a way that can be verified by the email provider. This verification is made possible through cryptographic authentication within the digital signature of the email. However failings of DKIM include:
- DKIM is more difficult to implement, thus fewer senders adopt it.
- This spotty adoption means that the absence of a DKIM signature does not necessarily indicate the email is fraudulent.
- DKIM alone is not a universally reliable way of authenticating the identity of a sender.
- The DKIM domain is not visible to the non-technical end user, and does nothing to prevent the spoofing of the visible “header from” domain.
DMARC
Domain-based Message Authentication Reporting & Conformance (DMARC) ensures that legitimate email is properly authenticating against established DKIM and SPF standards, and that fraudulent activity appearing to come from domains under a brand’s control is blocked before ever reaching the customer’s inbox. However DMARC is not perfect.
- While essential, DMARC is not a complete solution.
- DMARC only protects your brand from 30 percent of email attacks (direct domain threats).
- DMARC does not protect against brand spoofing (including Display Name spoofing and look alike domains).
How DMARC Works
DMARC is the first and only widely deployed technology that can make the “header from” domain (what users see in their email clients) trustworthy.
The Benefits of DMARC
DMARC empowers senders to gain visibility into who is sending on your behalf, what email is authenticating, what email is not, and why. It also empowers receivers to distinguish between legitimate senders and malicious senders. Additional benefits of DMARC also include being able to:
Benefit
Protect employees, partners, and consumers
DMARC eliminates an entire class of fraudulent email before it reaches your employees, partners, and customers. Every user in your organisation should know how they can be more cyber-aware. A broad, organisation-wide security awareness training programme will help you do that.
Benefit
Gain immediate insights into threats
You can’t control what you can’t see! Implementing and setting up DMARC gives you instant visibility into the threats targeting your company. It effectively shines a light on domain phishing and spoofing attacks putting your customers and brand reputation at risk.
Benefit
Increase email deliverability and engagement
Approximately one in five phishing attacks results in reduced deliverability and one in three results in reduced email engagement. DMARC increases both deliverability and engagement of legitimate email programmes.
Benefit
Reduce customer service costs
By blocking phishing attacks, DMARC dramatically reduces customer service costs. Scandinavian retailer Blocket saw a 70 percent drop in customer service tickets after implementing DMARC.
Time to Start Your DMARC Journey
BEC and its close relative, email account compromise (EAC) are complex and multi-faceted. That’s why they require a complete solution that addresses all attackers’ tactics—not just some of them.
While there’s no silver bullet for BEC and EAC, deploying and setting up DMARC is a good start. It’s a critical component in defending against impostor threats, especially those that spoof trusted email domains. DMARC is the most effective way to protect against domain spoofing and stopping fraudulent emails from using your domain.
To successfully deploy DMARC, it starts with a very simple first step: create a DMARC record in DNS and shine a light onto your entire email ecosystem.