• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Red Sift Blog

Red Sift Blog
  • redsift.com
  • Featured
  • Who are we?
  • Get in touch
You are here: Home / Email / Making sense of email security and DMARC

Making sense of email security and DMARC

by Red Sift
March 9, 2017August 15, 2022Filed under:
  • BEC
  • DMARC
  • Email

Why is everyone making such a fuss about DMARC and its importance for email security? In short, because it’s easy for cybercriminals to send emails pretending to be you, and DMARC is the only protocol that can stop this.

If your domain isn’t DMARC protected, then your business is highly vulnerable to Business Email Compromise (BEC). By easily spoofing your company’s domain, a cybercriminal can send phishing emails pretending to be your CEO, and gain access to money, data, and/or credentials by tricking employees into divulging these.

For example, this bad actor posing as the CEO might ask accounts, or even the CFO, to make a transfer of funds. Because the email comes from a legitimate email address, the recipient is unlikely to question it, and might even act on it without thinking. And just like that, your business is compromised.

This is just one example of the types of BEC attack companies that aren’t DMARC protected regularly face. Some more examples are here: Another homebuyer loses £67k as solicitors fail to warn of email fraud, NHS trust cyber attack, How Hillary’s emails may have lost her the election, and stealing from Tesla.

An example of how an unprotected domain can be used for a phishing attack

How important is email for businesses?

Email is a widely-used communication tool, both B2B and B2C, and it’s surprisingly vulnerable to impersonation attacks. This means it poses a significant threat to both organizations and individuals (that’s right, hackers can spoof your domain to phish your customers too).

So why don’t more businesses adopt DMARC? Well because they either feel that they would not be a worthwhile target, they believe it’s too difficult, or because they simply assume that their mailbox provider is protecting them. You can easily identify how well protected your domain is by using the free OnDMARC domain checker.

Red Sift conducted a study and analyzed 3,004 government domains and 71,000 charity domains. The results showed that only 6.4% of government domains and 1% of charity domains were DMARC enabled. The NCSC has now required that all government bodies implement DMARC on all government domains.

My domain mail is managed by G Suite or Office 365, why am I not protected?

DMARC configuration is the responsibility of the domain owner, not the email provider. A typical business will send emails from their domain name via several email providers, i.e.: human emails from G Suite, marketing campaigns via MailChimp, CRM emails via SendGrid, etc. In order to have your domain protected by DMARC, you need to make sure that all these different email sources are correctly configured. That’s the reason why email providers cannot offer automatic DMARC protection to their users.

My personal account is with Gmail or Yahoo, am I protected?

Yahoo was one of the first providers to protect their consumer email accounts with DMARC therefore personal accounts using their services are protected. At the time of writing this post, Gmail has its DMARC record in reporting-only mode therefore users are not yet protected however some media sources report that they are planning to enable enforcement soon. If you own your own domain, you can use and implement DMARC irrespective of who your mail provider is. DMARC was actually created by Google, AOL, Yahoo, and a few others who came together in 2011 to collaborate on a method of combating fraudulent email at internet scale.

How does DMARC work with SPF and DKIM?

DMARC stands for, Domain-based Message Authentication, Reporting & Conformance. DMARC ensures that emails are authenticated properly and allows senders to define how email recipients deal with unauthenticated emails. This blocks malicious emails and increases the deliverability of authorized emails. The way that DMARC does this is by using SPF and DKIM, two foundational technologies that help secure different aspects of email. The problem with only using only SPF and DKIM is that they do not work together or enforce a policy.

DMARC uses the validation results from both SPF and DKIM to provide a more comprehensive validation. SPF verifies if an email was sent from an authorized IP address whereas DKIM verifies if an email has been signed by the same domain it was sent from or from a domain authorized to send on behalf of that domain. They both produce what is known as authentication identifiers that DMARC uses to authenticate emails and set rules about how receiving servers should treat emails that fail authentication checks.

How SPF and DKIM work

Why is Red Sift’s OnDMARC the best choice for DMARC protection?

OnDMARC guides you through a step-by-step process of implementing and maintaining DMARC. Let’s take a more in-depth look at DMARC and where OnDMARC comes in.

How DMARC works with SPF and DKIM

1a and 1b — An authorized message is sent or an unauthorized message attempt is initiated to the receiver’s email server.

2 — The receiver’s server then checks the sender’s DNS for DMARC, SPF and DKIM records.

3 — The receiving server then verifies the incoming message against SPF and DKIM and if either SPF or DKIM validation passes it sends the message onto the recipient.

4 — If the validation fails, based on the DMARC policy configured it will either send the message to a spam folder or completely reject it and the end-user will never see the failed message.

5 — At least once a day, all email servers that received messages from your domain will submit a report to OnDMARC containing information about the origin and number of messages that passed and failed validation.

OnDMARC uses these reports to analyze a domain’s traffic in order to suggest the appropriate actions for implementing and maintaining a secure DMARC policy for the domain. OnDMARC will allow you to see exactly what is happening on your domain so you can easily identify authorized and unauthorized traffic.

OnDMARC DMARC Compliance Reports showing the volume of emails each day that pass and fail DMARC validation.

Why choose OnDMARC?

And that’s it! The basics of how DMARC, SPF, and DKIM work to protect domains! We hope that you’ve been able to follow all that but the truth is that you only need to know the very basics as OnDMARC takes care of all the complicated stuff for you.

free trial red sift

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Tagged:
  • Cybersecurity
  • Email
  • Phishing
  • Security
  • Technology

Post navigation

Previous Post The science of our fundraising
Next Post 5 reasons why marketers need DMARC

Primary Sidebar

Subscribe to our blog and be the first to get updates!

Categories

  • AI
  • BEC
  • BIMI
  • Brand Protection
  • Coronavirus
  • Cybersecurity
  • Deliverability
  • DMARC
  • DORA
  • Email
  • Finance
  • Labs
  • News
  • OnINBOX
  • Partner Program
  • Red Sift Tools
  • Work at Red Sift
  • May 2023
  • April 2023
  • March 2023
  • February 2023
  • January 2023
  • December 2022
  • November 2022
  • October 2022
  • September 2022
  • August 2022
  • July 2022
  • June 2022
  • May 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • December 2021
  • November 2021
  • October 2021
  • September 2021
  • August 2021
  • July 2021
  • June 2021
  • May 2021
  • April 2021
  • March 2021
  • February 2021
  • January 2021
  • December 2020
  • November 2020
  • October 2020
  • September 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • October 2018
  • September 2018
  • August 2018
  • July 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • October 2016

Copyright © 2023 · Red Sift