Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail.

Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover, in which bad actors were able to send spam on behalf of legitimate brands through subdomain hijacking (for all the details on the attack, go here). 

After our own research discovered that SubdoMailing is much more widespread than originally believed, we felt compelled to take action to ensure our customers are protected.

That’s why we are thrilled to introduce DNS Guardian – a new feature in Red Sift OnDMARC. DNS Guardian continuously monitors your domains for misconfigurations to stop domain takeovers – including SubdoMailing. 

In this blog post, we will share why we are introducing these changes, what problems these changes solve for our customers, and how our customers can get access to DNS Guardian. You can also get all the details in our on-demand live session from June 27.

Addressing the gap between DNS and DMARC

Before getting into the details of DNS Guardian, it is important to understand the overlap between domains, subdomains, DNS and DMARC. 

This is a very high-level overview. If you are looking to better understand these concepts, check out our blog

What’s DNS?

DNS (Domain Name System) is like the phone book of the internet. It translates domain names (like www.example.com) into IP addresses that computers use to locate each other. If DNS records are not well-maintained, they can become an easy target for hackers to gain control of a domain they do not own. 

What’s DMARC?

DMARC (Domain-based Message Authentication, Reporting & Conformance) is a protocol that helps prevent email spoofing. DMARC uses DNS records to verify emails. It checks DNS entries to see if a given domain is allowed to send emails on your behalf (through SPF) and if it’s been tampered with (through DKIM).

Confused about the nuances of DMARC? Check out our email security guide.

The overlap of DNS and DMARC

In the SubdoMailing attack, hackers exploited gaps in DNS setups to bypass DMARC protections. Here’s how it can happen:

  1. Identify Weaknesses: Bad actors look for DNS records that are not properly configured or maintained. This can include DNS that points to domains that are expired that the bad actor can re-register or DNS records that have outdated items included in the SPF. 
  2. Exploit the Weakness: Using these weaknesses, bad actors can spoof emails from legitimate domains. 
  3. Bypass DMARC: Poor DNS hygiene can make it easier for these fake emails to slip through DMARC checks, reaching unsuspecting victims.

SubdoMailing has proven that this threat is no longer hypothetical. Your DMARC is only as strong as your DNS hygiene. Keeping your DNS records accurate and covering all subdomains ensures that DMARC can do its job properly, protecting your brand from impersonation in the inbox. 

Said another way, if you aren’t maintaining your DNS, there is no guarantee that your DMARC policy is working as expected. 

If you want to learn more about the overlap between DNS and DMARC, check out our blog.

What’s DNS Guardian and how can it help my team?

DNS Guardian bridges the gap between DNS and DMARC to make sure brands are protected from takeover attacks and impersonation in the inbox. With DNS Guardian, email and security teams can stop ongoing attacks, protect revenue, mitigate fines, and empower overworked security teams.

Best of all, DNS Guardian takes the manual work out of DNS monitoring.

Sometimes seeing is believing. Watch our Red Sift OnDMARC Product Manager, Reid Cockrell, walk through DNS Guardian in less than three minutes.

 

What makes DNS Guardian different? 

Through Red Sift ASM and our deep expertise in DNS, Red Sift is the only DMARC provider that is able to surface the level of domain detail required to prevent takeover attacks like SubdoMailing. 

Here is how:

  • Subdomain Discovery: Utilize advanced discovery techniques from Red Sift ASM to identify all subdomains associated with a given domain.
  • Dangling DNS Detection: Identify subdomains with misconfigured or orphaned DNS records that are susceptible to being taken over by malicious actors.
  • Bad Actor Identification: Detect subdomains already controlled by bad actors through CNAME takeover or legitimate CNAME delegation with poisoned SPF records.
  • Risk Assessment: Analyze the severity and impact of identified vulnerabilities and security threats.
  • Actionable Insights: Provide actionable recommendations and remediation steps to address identified risks and strengthen domain security.

How do I try DNS Guardian? 

OnDMARC Premier with DNS Guardian will be available from Red Sift as well as through Cisco as Domain Protection Premier. For existing Red Sift ASM and Red Sift OnDMARC customers, DNS Guardian will be enabled automatically. Stay tuned for updates for Red Sift OnDMARC for MSPS. 

If you are interested in trying DNS Guardian, get in touch. We can’t wait to help you get control of your domain health. 

On the fence? Sign up to watch our on-demand live session to see how DNS Guardian can help your team identify and stop domain takeovers that lead to spam.

PUBLISHED BY

Rahul Powar

25 Jun. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
Cybersecurity

Collaborative cybersecurity: The building blocks to a safer internet

Rahul Powar

Ciaran Martin, former CEO of the UK National Cyber Security Centre, and Rahul Powar, CEO of Red Sift The internet’s foundational promise is one of connection, opportunity, and innovation. But as technological innovation grows, so do the risks. The challenge is clear: how do we create a fundamentally safer internet while empowering organisations of…

Read more
Cybersecurity

Securing crypto with Andrei Terentiev

Sean Costigan

In a new episode of Resilience Rising, host Sean Costigan speaks to Andrei Terentiev, Chief Technology Officer (CTO) of Bitcoin.com. The discussion dives into the relationship between cryptocurrency and cybersecurity, with valuable insights into the challenges and strategies for safeguarding digital assets. Navigating the intersection of cryptocurrency and cybersecurity Andrei shares his journey from…

Read more
DMARC

2.3 million organizations embrace DMARC compliance

Jack Lilley

It has been one year since Google and Yahoo implemented stricter requirements for bulk email senders. Eleven months ago, Red Sift shared an update based on data from BIMI Radar, which revealed a concerning global readiness picture. Now, with a full year behind us, it’s time to evaluate the progress organizations have made in…

Read more
BIMI

VMC and CMC updates: 5 key takeaways

Jack Lilley

Verified Mark Certificates (VMCs) and Common Mark Certificates (CMCs) continue to evolve, and staying up to date is crucial for organizations looking to authenticate their logos and enhance brand trust in email communication, this includes adhering to version 1.7 of the Minimum Security Requirements.  In this blog, we break down the 5 key changes…

Read more