This blog is part one of three in our blog series on DMARC.
We've all received an email that looks like it's from an employee or client, but upon further inspection, the email domain just doesn't look right. If you're a business owner, it's vital that your employees and clients receive legitimate emails from your email domain. That's where DMARC can help.
Domain-Based Message Authentification Reporting and Conformance, commonly known as DMARC, prevent your company's email domain from being used for email spoofing, phishing scams and other cybercrimes.
The email validation protocol was first published in 2012 by leading email organisations and is now supported by 70% of major ISPs (including Google and Microsoft). More and more companies have been adopting DMARC over the past few years; however, many businesses are yet to understand the importance of DMARC and feel it is a complex standard to adopt.
In this 3-part series, I will be exploring everything you need to know about DMARC, including what it is, how it works and why it should be at the forefront of the fight against email fraud.
How is DMARC related to SPF and DKIM?
DMARC is built on the backbone of existing email authentication standards, Sender Policy Framework (SPF) and Domain Keys Identified Email (DKIM). To fully understand DMARC, it is important to know how the three inter-related and complement each other.
SPF allows businesses to specify who can send emails from their domain. The IP addresses of authorised senders are listed in a DNS record; if the IP address sending an email on behalf of the business isn't listed in that SPF record, the email fails authentication.
DKIM allows the receiver to check that an email from a specific domain was really authorised by the owner of the domain. Verification is done through cryptographic authentication using the digital signature of the email. The signature ensures the content of the email has not been modified since the time the digital signature was attached and remains trusted.
What is DMARC?
Businesses and their clients are being harmed by malicious emails sent on their behalf. Initially, the email authentication techniques SPF and SKIM helped protect against these activities; however, cybercriminals are becoming more vigilant and bypassing these security measures.
Domain Messaging Authentication Reporting and Conformance, or DMARC, ensures that your domain and email channels are fully secure. DMARC leverages SPF and DKIM protocols and adds an important function, reporting and consistency.
Essentially, the DMARC policy allows business to specify how emails that are not authenticated using SPF and DKIM are handled (e.g. opted into the junk folder or blocked altogether).
DMARC is published alongside DNS records, which, when created, gives organisations insight into their email domains. The report includes the application which is sending the email, IP Address and the volume of email sent. DMARC provides insight into the email channel and can also mitigate phishing attacks, malware-based attacks, brand abuse, and scams. It also provides help in avoiding business email compromise.
Here is a sample DMARC report analysed:
Why is DMARC important?
Email is the most widely used communication channel for businesses. It's inexpensive, scalable and most importantly, effective in driving leads and revenue. Consequently, it is a focus target for cybercriminals, with email being the root cause of 95% of cyber security incidents.
Ultimately, DMARC allows businesses full visibility into their email channels. Based on this insight, businesses can instruct email receivers on how to handle mail that does not pass authentication and block phishing and spoofing emails before they reach their intended target. For customers and employees, it empowers them to distinguish between legitimate and malicious senders.
In this blog, I've outlined the basics of DMARC, including the backbones of what the protocol is built on; keep an eye out for our next blog in the series for a closer look into how DMARC works.
If you liked this article, you may also like:
Red Teaming: getting down to basics
Red Teaming and the origins of anonymous hacking
What do you do after a data breach