informa
/
Application Security
Commentary

How To Reduce Spam & Phishing With DMARC

Providers of more than 3 billion email boxes have taken up a new Internet protocol to help put trust back into electronic messaging.

While email is a mission-critical communication channel for most companies, it has also become an untrusted one. Thanks to spam and phishing scams, users are taught to be wary of incoming messages. This lack of trust impacts a company’s ability to effectively communicate, market, and sell to customers via email. DMARC (Domain Message Authentication Reporting and Conformance) stands to change all that.

Providers of more than 3 billion email boxes have taken up DMARC to help put trust back into email. DMARC is an Internet protocol specification that is going through the IETF standardization process. It provides visibility into email flows, and can tell receiving servers to delete spoofed messages immediately upon receipt, thus ensuring that only legitimate emails are delivered to inboxes.

Nearly every company with a domain name should consider leveraging DMARC to help reduce spam and prevent phishing attacks. Here’s how.

Getting started with DMARC is easy. Any email sender and receiver can use the DMARC rails provided by the global community. Free use of the rails provides access to the critical, raw reporting data that helps you see who is sending email and who is spoofing your brand.

To start, we recommend deploying DMARC in monitoring mode. This is how nearly 100 percent of DMARC deployments on the sender side begin. As an email sender in monitoring mode, you advertise to the Internet that you want all DMARC-compliant email receivers (such as Google, Yahoo, Hotmail, and thousands more) to send you reports on who is sending email reportedly from your domain. That’s all there is to it. No emails are flagged, blocked, rejected, or quarantined.

After you are comfortable with the data collected in monitoring mode and you know that legitimate traffic is passing authentication checks, we recommend that you change your policy to quarantine mode. In quarantine mode, suspicious messages are put aside for review. This allows you to identify all internal and authorized email servers and ensure they are configured properly.

Once you have confidence that no legitimate email is mistakenly quarantined, then you can move to a reject policy. In reject mode, spam and phishing messages are deleted before they reach their destination. It is impossible for spoofed email to be delivered to DMARC-protected email servers. This solidifies the trust relationship between domain-based email sent by you and received by DMARC-protected mailboxes.

As a final step, DMARC should be leveraged as part of a greater threat detection and mitigation strategy. DMARC provides valuable reporting information about the amount and structure of phishing attacks against a customer population. This data can be used to improve visibility into attacks, decrease takedown times and reduce losses related to account takeover. As a result, DMARC helps improve fraud intelligence around targeted attacks on your brand.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5