Pains of DMARC adoption
19 August, 2019
What is phishing and why is it dangerous to you?
Have you ever heard about the “Grandson scam”? It’s a way of fooling older adults by calling them and pretending to be their grandchild or the grandchild’s best friend, asking for the money transfer for some made-up emergency. Of course, I don’t have to mention disappearing forever after the transfer.
This is a kind of “social” phishing. Email phishing is based on a similar rule; most often the goal of a “phisher” is to disguise as a well reputable company (eg. eBay, Amazon, etc.) with a call to action, to gain access to your fragile personal information - password, card numbers and so on…
This data is often used not only to get access to spoofed (“phished”) entities but also to other sources; this is due to the fact that many internet users are basing all of their online accounts on the same password. You’ve been warned.
The more sophisticated and crafted type of phishing is so-called spear-phishing - this is a spoofed message targeting an individual user or organization, customizing the phish message thoroughly for the recipient - using their personal details like name, interests, and others.
How is this dangerous for you and your business? First of all, it is important to focus on the safety of your users/recipients. If a malicious actor is attempting to spoof your brand, domain, or logo, he will target your recipients who, believing it is a message directly from you, might give away crucial data. Such data leak might end in being used against them, potentially costing them money and/or causing other types of harm. This alone is a very good reason to protect yourself and your users against such malicious activity.
The other very important factor is your brand’s reputation. Not only a phishing attack can cause harm to the reputation of your domain, but also can easily ruin the trust in your brand; especially if the perception of the attack being your fault maintains. The first one might be observable with numbers when carefully monitoring deliverability tools, and the second one might be more subtle, but in the end, reflected in the business/revenue calculations.
So what are the protection measures you can take? First of all - authentication. Make sure you authenticate your traffic properly with both SPF and DKIM. To put it very simply - the first one based on the public records authenticates the legitimacy of the source of the message, while the second one, based on the private and public keys pair, checks if the message signed by the sender has been tampered with.
Building on those two, we have a DMARC protocol. This is a method of monitoring and instructing recipients on how to handle the messages coming from your domain (claiming to be your brand) if both of said authenticators fail. A cherry on top of the proper authentication, DMARC gives you the ability to thoroughly follow the traffic using your domain, as well as instructs the mailbox providers to "quarantine" or even "reject" the messages without proper proof, that it's actually coming from you (authentication).
At Mailkit, we'll be instructing you step by step on how to set up all the necessary DNS records to get things going. You can also delegate your domain directly to us so we can handle most of the stuff for you. We also offer thorough monitoring and advice on DMARC and all related factors.
