How to be more meerkat about your email security

“Is it ok if I send an email from your email address?”

That’s always a surefire way I can grab someone’s attention in a meeting.

Some people don’t think it’s possible and are rather surprised when it is. However, most people with a technical background, who know how the SMTP email protocol works, know that not only is it possible, but it’s been possible since the creation of email.

Email has come a long way

We doubt the forefathers of email ever foresaw how widely used email would become. They saw it as a messaging solution among individuals within a few trusted networks, such as universities.

Today we use email for so much of our communication, especially between separate organizations. The open nature and widespread adoption of email make it the simplest way to communicate, whilst messaging solutions like Slack and the collaboration features found in most modern applications may replace email to some extent they are far from replacing it completely.

So wouldn’t you want to know if something was wrong with this vital communication channel?

Don’t bury your head in the sand

Don’t bury your head in the sand…

A lot of people would rather not know if their email domain is open to exact impersonation (spoofing), because then it becomes a problem they need to fix.  

But exact impersonation is a very common problem. In fact, when organizations first start their DMARC journey with OnDMARC, we find that most are experiencing some level of impersonation, with anything from 20 to 30% of their emails being sent from an illegitimate.

Worryingly some of these emails are straight-up spam, so this risks putting your domain on a black list or worse could enable direct spoofing attacks to you or your business network.

Be more meerkat with DMARC!

Always be on the look out! Photo by Lance Anderson on Unsplash

The DMARC authentication protocol lets you keep a constant watch out for these impersonation attacks. DMARC allows the receiver to validate if an email is legitimate or not. For every validation, legitimate or not, a report is generated which allows you to see the level of impersonation that your email domain is being subjected to.

However, the most powerful aspect of DMARC is the fact that it can stop these spoof emails entirely. Your DMARC policy is essentially the instruction you give to receiving servers, telling them what to do with your email. By adopting a strong DMARC policy of p=reject, you’re actively telling receiving servers to reject any emails that aren’t coming from a legitimate sender, and your domain can’t be impersonated for phishing and spam.

Check your DMARC setup today

Awareness is the first step to solving the email spoofing problem. So why not check the current SPF, DKIM, and DMARC setup of your domain with our free investigate tool? It’s quick and easy to use.

check email dmarc setup

PUBLISHED BY

Red Sift

12 Aug. 2018

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Email

The best tools to protect yourself from SubdoMailing

Francesca Rünger-Field

In late February 2024, ‘SubdoMailing’ became a trending search term overnight. Research by Guardio Labs uncovered a massive-scale phishing campaign that had been going on since at least 2022. At the time of reporting, the campaign had sent 5 million emails a day from more than 8,000 compromised domains and 13,000 subdomains with several…

Read more
Product Release

Red Sift’s Spring 2024 Quarterly Product Release

Francesca Rünger-Field

This early into 2024, the cybersecurity space is already buzzing with activity. Emerging standards, such as Google and Yahoo’s bulk sender requirements, mark a new era of compliance for businesses reliant on email communication. At the same time, the prevalence of sophisticated cyber threats, such as the SubdoMailing campaign, emphasizes the continual hurdles posed…

Read more
Email

Navigating the “SubdoMailing” attack: How Red Sift proactively identified and remediated a…

Rebecca Warren

In the world of cybersecurity, a new threat has emerged. Known as “SubdoMailing,” this new attack cunningly bypasses some of the safeguards that DMARC sets up to protect email integrity.  In this blog we will focus on how the strategic investments we have made at Red Sift allowed us to discover and protect against…

Read more
Email

Where are we now? One month of Google and Yahoo’s new requirements…

Rebecca Warren

As of March 1, 2024, we are one month into Google and Yahoo’s new requirements for bulk senders. Before these requirements went live, we used Red Sift’s BIMI Radar to understand global readiness, and the picture wasn’t pretty.  At the end of January 2024, one-third of global enterprises were bound to fail the new…

Read more