“Is it ok if I send an email from your email address?”
That’s always a surefire way I can grab someone’s attention in a meeting.
Some people don’t think it’s possible and are rather surprised when it is. However, most people with a technical background, who know how the SMTP email protocol works, know that not only is it possible, but it’s been possible since the creation of email.
I don’t think the forefathers of email ever foresaw how widely used email would become. They saw it as a messaging solution among individuals within a few trusted networks, such as universities.
Today we use email for a lot of our communications, especially between separate organisations. The open nature and widespread adoption of email makes it the simplest way to communicate, whilst messaging solutions like Slack and the collaboration features found in most modern applications may replace email to some extent they are far from replacing it completely.
So wouldn’t you want to know if something was wrong with this vital communication channel?
This I suppose, is the ostrich behaviour I refer to in the title of this blog.
Some people would rather not know if their email is open to impersonation, because then it becomes a problem they need to fix.
But email impersonation is a very common problem. In fact, when organisations first start their DMARC journey with us we find that most are experiencing some level of email impersonation, anything like 20 to 30% of emails being sent from a domain can be illegitimate traffic. Worryingly some of these emails are straight-up spam which risks putting your domain in a black list or direct spoofing attacks to you or your business network.
Instead, I encourage the people I speak to, to be more meerkat.
With a solution like the DMARC open protocol you can keep a constant watch out for these impersonation attacks. DMARC allows the receiver to validate if an email is legitimate or not. For every validation, legitimate or not, a report is generated which allows you to see the level of impersonation that your email domain is being subjected to.
However the most powerful aspect of DMARC is the fact that it can stop these spoof emails entirely. By setting a p=reject DMARC policy an organisation that owns the spoofed email account can instruct any receiver, in real time, to block and bin the fake email.
So, if our paths cross in the future, and I ask you, “Is it ok if I send an email from your email address?” Say yes, as it might be the most useful fake email you’ll ever receive!
Awareness is the first step to solving the problem so if you’re more meerkat than ostrich and are interesting in learning about how secure your email really is, drop us a line at firstname.lastname@example.org and we’ll be in touch!