How to be more meerkat about your email security

“Is it ok if I send an email from your email address?”

That’s always a surefire way I can grab someone’s attention in a meeting.

Some people don’t think it’s possible and are rather surprised when it is. However, most people with a technical background, who know how the SMTP email protocol works, know that not only is it possible, but it’s been possible since the creation of email.

Email has come a long way

We doubt the forefathers of email ever foresaw how widely used email would become. They saw it as a messaging solution among individuals within a few trusted networks, such as universities.

Today we use email for so much of our communication, especially between separate organizations. The open nature and widespread adoption of email make it the simplest way to communicate, whilst messaging solutions like Slack and the collaboration features found in most modern applications may replace email to some extent they are far from replacing it completely.

So wouldn’t you want to know if something was wrong with this vital communication channel?

Don’t bury your head in the sand

Don’t bury your head in the sand…

A lot of people would rather not know if their email domain is open to exact impersonation (spoofing), because then it becomes a problem they need to fix.  

But exact impersonation is a very common problem. In fact, when organizations first start their DMARC journey with OnDMARC, we find that most are experiencing some level of impersonation, with anything from 20 to 30% of their emails being sent from an illegitimate.

Worryingly some of these emails are straight-up spam, so this risks putting your domain on a black list or worse could enable direct spoofing attacks to you or your business network.

Be more meerkat with DMARC!

Always be on the look out! Photo by Lance Anderson on Unsplash

The DMARC authentication protocol lets you keep a constant watch out for these impersonation attacks. DMARC allows the receiver to validate if an email is legitimate or not. For every validation, legitimate or not, a report is generated which allows you to see the level of impersonation that your email domain is being subjected to.

However, the most powerful aspect of DMARC is the fact that it can stop these spoof emails entirely. Your DMARC policy is essentially the instruction you give to receiving servers, telling them what to do with your email. By adopting a strong DMARC policy of p=reject, you’re actively telling receiving servers to reject any emails that aren’t coming from a legitimate sender, and your domain can’t be impersonated for phishing and spam.

Check your DMARC setup today

Awareness is the first step to solving the email spoofing problem. So why not check the current SPF, DKIM, and DMARC setup of your domain with our free investigate tool? It’s quick and easy to use.

check email dmarc setup

PUBLISHED BY

Red Sift

12 Aug. 2018

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more
Cybersecurity

Resilience Rising | Episode 3 with Kevin White

Red Sift

In this episode of Resilience Rising, Sean Costigan, Managing Director of Resilience Strategy at Red Sift, and Kevin White, Senior Operation Consultant with Enhanced Information Solutions, explore the critical intersection of wastewater management and cybersecurity.  The two highlight the health and operational impacts of cyber threats on water utilities, emphasizing the vulnerabilities due to…

Read more
Certificates

Your guide to PCI DSS 4.0 Cryptographic Requirements

Rebecca Warren

The Payment Card Industry Data Security Standard (PCI DSS) is a globally recognized framework designed to protect cardholder data during processing, storage, and transmission by merchants and service providers. PCI DSS outlines a set of stringent security controls that organizations handling payment card information must implement to mitigate the risk of data breaches and…

Read more
Certificates

How to build an inventory of certificates for PCI DSS 4.0 Requirement…

Rebecca Warren

We talk to organizations daily that are preparing for PCI DSS 4.0 requirements. March 31, 2025 marks the end of the transition period, and on this date, businesses must be fully compliant with PCI DSS v4.0.1.  One of the ways PCI 4.0.1 varies from PCI 3.2 is an updated Requirement 4, which covers encrypting…

Read more
DMARC

Getting started with the OnDMARC API

Nadim Lahoud

The OnDMARC API is great for performing bulk or repetitive tasks that need to be performed quickly, often and without error – and you don’t need to be a developer or even know how to code to use it. Here, I will walk you through how to perform the common task of updating the…

Read more