It's true - not enough organizations utilize DMARC, SPF, and DKIM, global anti-domain-spoofing standards, which could significantly cut down on phishing attacks. But before you implement these protection standards, what are they and how can you effectively use them?
What Is DMARC?
Domain-based Message Authentication Reporting and Conformance (DMARC) is an email authentication, policy, and reporting protocol. It builds on the widely deployed Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) protocols. All three help you protect YOUR domain against spoofing by bad people to others.
For DMARC, the sender can indicate whether they use SPF and/or DKIM, which the receiver can verify and rely on, and how a receiver should treat failed messages. DMARC reports are generated as aggregate or forensic, and when enabled will be sent to you at least daily from big ISPs and emailers.
Aggregate and Forensic Reports
To ensure that the setup was correctly done, it's important to create DMARC reports - Aggregate and Forensic. Aggregate reports are sent daily about daily cumulative results relating to your DMARC’d domains from participating DMARC receivers who get emails claiming to be from your domains, and Forensic reports are diagnostic info sent for each failed email, text-based in an email. When the report is enabled it will be sent to you at least daily reports from big ISPs and emailers. There are many services and tools around the Internet to help you parse and more easily read them, including the DMARC Analyzer, RdDMARC, and DMARC Reports Parser.
The SPF is designed to prevent sender email address domain spoofing by receiver verifying the IP address of the mail server the email arrived from matches a list of allowed IP addresses designated by domains admins. The DKIM is designed to prevent sender email address domain spoofing by receiver verifying the digital signature of the mail server domain sent with each email.
For general setup, the sender creates the DNS record and installs key pair and enables DKIM on email server. The receiver then enables verification and response. Law, regulation, and standards have begun to push DMARC adoption. In Australia DMARC is not required by law, but it is recommended in the Australian government's "Malicious Email Mitigation Strategies" guide. Other countries have varying degrees of DMARC regulations. The US Department of Homeland Security, for example, requires such authentication in all civilian Federal agencies.
DMARC Adoption in North America
According to the 2020 DMARC Adoption Report Banking Sector, over 67% of North America does not have DMARC configured at all. Without DMARC, organizations are susceptible to spoofing, used as part of phishing attacks. This puts the pressure on users receiving these kinds of emails to be able to tell the real from the spoofed.
Although this layer of defense can work, it is not 100% effective for the bad guys to not infiltrate your network. The bad guys also use DMARC, misconfiguration can occur, and look-alike domains can be created to be used against you. There are even vulnerabilities such as Mailsploit that cybercriminals to send emails with spoofed identities that both users and email servers have a hard time detecting as fakes. Even worse, emails addresses encoded via the Mailsploit method will not look suspicious to modern email servers running anti-spoofing protocols like DMARC.
How to Prevent 81% of Phishing Attacks from Sailing Right Into Your Inbox with DMARC On-Demand Webinar
Roger Grimes, KnowBe4’s Data-Driven Defense Evangelist, will teach you how to enable DMARC, SPF, DKIM the right way! Then, you'll learn the six reasons why phishing still might get through to your inbox and what you can do to maximize your defenses.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/dmarc-spf-dkim-webinar