Protecting your organization from SubdoMailing: Insights from industry experts

In early 2024, a new and alarming threat emerged in the realm of DNS security: SubdoMailing. This vulnerability has exposed significant weaknesses in DNS hygiene, allowing malicious actors to launch phishing campaigns, distribute malware, and tarnish brand reputations by circumventing existing email security measures like DMARC. 

Recognizing the gravity of this issue, Red Sift teamed up with industry leaders Spamhaus and Markmonitor to share strategies on identifying and mitigating these risks. Watch the live session on demand here:

Understanding SubdoMailing and DNS Vulnerabilities

During the live discussion, the panel of experts delved into the specifics of SubdoMailing and its implications. The session kicked off with Red Sift’s Billy McDiarmid and Faisal Misle emphasizing the urgency of addressing this vulnerability and the importance of understanding the nature of SubdoMailing to effectively safeguard DNS systems.

Prudence Malinki, Head of Industry Relations at Markmonitor, explained that SubdoMailing exploits weak DNS configurations, allowing attackers to create malicious subdomains under legitimate domains. These subdomains can then be used to send deceptive emails that bypass DMARC checks, making them appear authentic to unsuspecting recipients. This technique undermines trust and opens the door to various cyber threats.

Strategies for Proactive DNS Protection

Carel Bitter, Head of Data at Spamhaus, provided insights into proactive measures organizations can take to defend against these threats and emphasized the importance of maintaining robust DNS hygiene. This involves regularly auditing DNS records, ensuring that all subdomains are accounted for and properly configured, and implementing stringent access controls.

One of the key strategies discussed was the importance of using DNS Security Extensions (DNSSEC) to protect the integrity of DNS queries. DNSSEC helps prevent attackers from manipulating DNS responses, thereby ensuring that users are directed to legitimate websites. Bitter also recommended the use of threat intelligence services to stay informed about emerging threats and to quickly respond to potential vulnerabilities.

Steps for Maintaining Robust DNS Hygiene

To maintain a strong defense against SubdoMailing, the panelists outlined several essential steps:

  1. Regular Audits: Conduct regular audits of DNS records to identify and rectify any discrepancies. Ensure that all subdomains are properly listed and secured.
  2. DNSSEC Implementation: Deploy DNSSEC to safeguard the integrity of DNS responses. This adds an extra layer of security by verifying the authenticity of DNS data.
  3. Access Controls: Implement strict access controls to limit who can create or modify DNS records. This reduces the risk of unauthorized changes that could introduce vulnerabilities.
  4. Threat Intelligence: Utilize threat intelligence services to stay updated on new and evolving threats. This enables a proactive approach to DNS security, allowing for swift action when risks are identified.
  5. Collaborative Efforts: Engage with industry groups and security organizations to share information and best practices. Collaborative efforts can enhance overall security posture and provide early warnings about potential threats.

How Red Sift can help

To check your configuration for any SubdoMailers (compromised SPF includes), use Red Sift’s free Investigate tool and get results for your email-sending service in less than 30 seconds.

If your organization needs ongoing protection from domain takeover attacks, Red Sift recently introduced DNS Guardian – a new feature in Red Sift OnDMARC that ensures brands are protected from SubdoMailing attacks, dangling DNS, and CNAME takeovers by continuously monitoring domains for misconfigurations. Get a demo here

PUBLISHED BY

Rebecca Warren

2 Aug. 2024

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DMARC

400,000 DMARC boost after Microsoft’s high-volume sender update

Jack Lilley

Microsoft’s decision to join Google and Yahoo in enforcing stricter rules for high-volume senders has triggered an immediate response across the internet. In the last 30 days alone, 406,042 new domains have deployed Domain‑based Message Authentication, Reporting & Conformance (DMARC), pushing the global total to 10.9 million. While not all domains will be exclusive Outlook users,…

Read more
DMARC

Red Sift partners with Gradian to strengthen email security through OnDMARC

Jack Lilley

Today Red Sift launches a new partnership with Gradian, a leading data protection provider, to offer its award-winning applications, including Red Sift OnDMARC, to new and existing customers. Established through Red Sift’s relationship with UK distributor E92plus, the two companies look to strengthen defences against phishing and Business Email Compromise (BEC) attacks. Allowing organisations…

Read more
Cybersecurity

DMARCbis: What are the changes and how to be ready

Jack Lilley

Executive Summary: DMARCbis, also known as DMARC 2.0, is the forthcoming update to the DMARC email authentication protocol, designed to address limitations and ambiguities in the original standard, with an expectation to be finalized and published in 2025. The update introduces clearer guidelines, a new method for determining organizational domains, and streamlined record management.…

Read more
Certificates

TLS certificates are changing: What you need to know

Jack Lilley

Executive summary: TLS certificates are about to get significantly shorter-lived. Starting 15 March 2026, newly issued public-trust certificates will max out at 200 days—and just three years later, that lifespan drops to 47 days. Backed by Google, Apple, and Mozilla, this shift aims to make the web safer through fresher data, faster failover, and…

Read more