“Is it ok if I send an email from your email address?”
That’s always a surefire way I can grab someone’s attention in a meeting.
Some people don’t think it’s possible and are rather surprised when it is. However, most people with a technical background, who know how the SMTP email protocol works, know that not only is it possible, but it’s been possible since the creation of email.
Email has come a long way
We doubt the forefathers of email ever foresaw how widely used email would become. They saw it as a messaging solution among individuals within a few trusted networks, such as universities.
Today we use email for so much of our communication, especially between separate organizations. The open nature and widespread adoption of email make it the simplest way to communicate, whilst messaging solutions like Slack and the collaboration features found in most modern applications may replace email to some extent they are far from replacing it completely.
So wouldn’t you want to know if something was wrong with this vital communication channel?
Don’t bury your head in the sand
A lot of people would rather not know if their email domain is open to exact impersonation (spoofing), because then it becomes a problem they need to fix.
But exact impersonation is a very common problem. In fact, when organizations first start their DMARC journey with OnDMARC, we find that most are experiencing some level of impersonation, with anything from 20 to 30% of their emails being sent from an illegitimate.
Worryingly some of these emails are straight-up spam, so this risks putting your domain on a black list or worse could enable direct spoofing attacks to you or your business network.
Be more meerkat with DMARC!
The DMARC authentication protocol lets you keep a constant watch out for these impersonation attacks. DMARC allows the receiver to validate if an email is legitimate or not. For every validation, legitimate or not, a report is generated which allows you to see the level of impersonation that your email domain is being subjected to.
However, the most powerful aspect of DMARC is the fact that it can stop these spoof emails entirely. Your DMARC policy is essentially the instruction you give to receiving servers, telling them what to do with your email. By adopting a strong DMARC policy of p=reject, you’re actively telling receiving servers to reject any emails that aren’t coming from a legitimate sender, and your domain can’t be impersonated for phishing and spam.
Check your DMARC setup today
Awareness is the first step to solving the email spoofing problem. So why not check the current SPF, DKIM, and DMARC setup of your domain with our free investigate tool? It’s quick and easy to use.
