Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail.

Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover, in which bad actors were able to send spam on behalf of legitimate brands through subdomain hijacking (for all the details on the attack, go here). 

After our own research discovered that SubdoMailing is much more widespread than originally believed, we felt compelled to take action to ensure our customers are protected.

That’s why we are thrilled to introduce DNS Guardian – a new feature in Red Sift OnDMARC. DNS Guardian continuously monitors your domains for misconfigurations to stop domain takeovers – including SubdoMailing. 

In this blog post, we will share why we are introducing these changes, what problems these changes solve for our customers, and how our customers can get access to DNS Guardian. You can also get all the details in our on-demand live session from June 27.

Addressing the gap between DNS and DMARC

Before getting into the details of DNS Guardian, it is important to understand the overlap between domains, subdomains, DNS and DMARC. 

This is a very high-level overview. If you are looking to better understand these concepts, check out our blog

What’s DNS?

DNS (Domain Name System) is like the phone book of the internet. It translates domain names (like www.example.com) into IP addresses that computers use to locate each other. If DNS records are not well-maintained, they can become an easy target for hackers to gain control of a domain they do not own. 

What’s DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a protocol that helps prevent email spoofing. DMARC uses DNS records to verify emails. It checks DNS entries to see if a given domain is allowed to send emails on your behalf (through SPF) and if it’s been tampered with (through DKIM).

Confused about the nuances of DMARC? Check out our email security guide.

The overlap of DNS and DMARC

In the SubdoMailing attack, hackers exploited gaps in DNS setups to bypass DMARC protections. Here’s how it can happen:

  1. Identify Weaknesses: Bad actors look for DNS records that are not properly configured or maintained. This can include DNS that points to domains that are expired that the bad actor can re-register or DNS records that have outdated items included in the SPF. 
  2. Exploit the Weakness: Using these weaknesses, bad actors can spoof emails from legitimate domains. 
  3. Bypass DMARC: Poor DNS hygiene can make it easier for these fake emails to slip through DMARC checks, reaching unsuspecting victims.

SubdoMailing has proven that this threat is no longer hypothetical. Your DMARC is only as strong as your DNS hygiene. Keeping your DNS records accurate and covering all subdomains ensures that DMARC can do its job properly, protecting your brand from impersonation in the inbox. 

Said another way, if you aren’t maintaining your DNS, there is no guarantee that your DMARC policy is working as expected. 

If you want to learn more about the overlap between DNS and DMARC, check out our blog.

What’s DNS Guardian and how can it help my team?

DNS Guardian bridges the gap between DNS and DMARC to make sure brands are protected from takeover attacks and impersonation in the inbox. With DNS Guardian, email and security teams can stop ongoing attacks, protect revenue, mitigate fines, and empower overworked security teams.

Best of all, DNS Guardian takes the manual work out of DNS monitoring.

Sometimes seeing is believing. Watch our Red Sift OnDMARC Product Manager, Reid Cockrell, walk through DNS Guardian in less than three minutes.

 

What makes DNS Guardian different? 

Through Red Sift ASM and our deep expertise in DNS, Red Sift is the only DMARC provider that is able to surface the level of domain detail required to prevent takeover attacks like SubdoMailing. 

Here is how:

  • Subdomain Discovery: Utilize advanced discovery techniques from Red Sift ASM to identify all subdomains associated with a given domain.
  • Dangling DNS Detection: Identify subdomains with misconfigured or orphaned DNS records that are susceptible to being taken over by malicious actors.
  • Bad Actor Identification: Detect subdomains already controlled by bad actors through CNAME takeover or legitimate CNAME delegation with poisoned SPF records.
  • Risk Assessment: Analyze the severity and impact of identified vulnerabilities and security threats.
  • Actionable Insights: Provide actionable recommendations and remediation steps to address identified risks and strengthen domain security.

How do I try DNS Guardian? 

OnDMARC Premier with DNS Guardian will be available from Red Sift as well as through Cisco as Domain Protection Premier. For existing Red Sift ASM and Red Sift OnDMARC customers, DNS Guardian will be enabled automatically. Stay tuned for updates for Red Sift OnDMARC for MSPS. 

If you are interested in trying DNS Guardian, get in touch. We can’t wait to help you get control of your domain health. 

On the fence? Sign up to watch our on-demand live session to see how DNS Guardian can help your team identify and stop domain takeovers that lead to spam.

PUBLISHED BY

Rahul Powar

25 Jun. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
News

Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more
Security

Navigating the Information Security Landscape: ISO 27001 vs. SOC 2

Red Sift

As cyber threats evolve, so do the standards and frameworks designed to combat them. Two of the most recognized standards in information security are ISO 27001 and SOC 2. What sets them apart, and which one is right for your organization? Let’s delve into the key differences. Purpose and Scope: Global Framework vs. Client-Centric…

Read more
News

G2 Summer 2024 Report: Red Sift OnDMARC’s Winning Streak Continues

Francesca Rünger-Field

We’re delighted to announce that Red Sift OnDMARC has again been named a Leader in G2’s DMARC category for Summer 2024. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift appeared in 11 reports – 5 new ones since Spring 2024! – earning 5 badges: A few…

Read more
News

Google will no longer trust Entrust certificates from October 2024

Red Sift

Tl;dr: Google has announced that as of October 31, 2024, Chrome will no longer trust certificates signed by Entrust root certificates. While there is no immediate impact on existing certificates or those issued before 31st October 2024, organizations should start reviewing their estate now. On Thursday 27th June 2024, Google announced that it had…

Read more
News

Understanding the polyfill.io domain attack

Francesca Rünger-Field

tl;dr: The recent compromise of the polyfill.io domain has triggered a broad-reaching web supply chain attack, impacting over 100,000 websites across various sectors including finance, healthcare, non-profits, academia, and more. To ensure the security of your website, we strongly advise you immediately remove any reference to polyfill.io. Latest update: 27th June 2024 Sansec, a…

Read more