Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
How To Reduce Spam & Phishing With DMARC
Newest First  |  Oldest First  |  Threaded View
SagrikP543
SagrikP543,
User Rank: Apprentice
12/1/2016 | 5:24:29 AM
Create DAMRC record to stop phishing
DMARC is a great way to prevent spammers from using your domain to send email without your permission. It improves mail authentication infrastructure. DMARC allows setting rules to reject or quarantine (SPAM/junk folder) emails from sources you don't know. 
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
3/3/2015 | 10:15:07 AM
Re: DMARC is not going to stop phishing
Attackers will adapt to any countermeasure, but they will have to absorb new costs, take on new risks and settle for smaller returns.

That sounds like an effective countermeasure for the defenders, to me. Anything that makes it harder for attackers is a step in the right direction. 
dingevaldson
dingevaldson,
User Rank: Apprentice
3/1/2015 | 3:17:48 PM
Re: DMARC is not going to stop phishing
@MrSmith01--that may be the case because Target has published a DMARC policy.  As more and more brands do so, and move that policy from monitor mode to reject, more and more attackers will be forced to use sister/cousin domains to launch attacks. I argue in the article that this is a good thing. DMARC must be used in conjunction with domain monitoring, internet-wide brand monitoring and proactive phishing detection. When implemented correctly, the combination of these technologies decreases the life-span of attacks, decreases the odds of credential theft and in the end makes attacks less profitable.

What DMARC will do is remove the attacker's option of launching attacks that are highly effective (will fool a substantial amount of recipients) and very inexpensive (email spoofing). It is useful to view this problem through an economic lens, because in the end, it is the most relevent view. Attackers will adapt to any countermeasure, but they will have to absorb new costs, take on new risks and settle for smaller returns.
MrSmith01
MrSmith01,
User Rank: Apprentice
2/27/2015 | 11:51:52 PM
Re: DMARC is not going to stop phishing
Except what if the email is from [email protected] or one of a hundred other variations an attacker could set up?  Heck, I just saw a legitimate email for Target that used the domain mail-target.com.  You see, domain names don't mean jack to typical users and are even non-trivial to sort out for more technical users.  So, authenticating the domain in the from address is far less useful than you might think.  Also, many of the phishing messages I see already don't get fancy with the from address, because they don't need to.  This does make phishing a little harder, so it's good.  I do not expect it to reduce phishing in any meaningful way though, because the same douchebags that were sending messages with spoofed from addresses last week, will simply send the same exact message without spoofing the from address this week.
TerryB
TerryB,
User Rank: Ninja
2/27/2015 | 1:47:36 PM
Re: DMARC is not going to stop phishing
Not sure I get what you mean. If someone using [email protected] and asking person to give me their logon credentials so I can troubleshoot something, seems like this would work fine.

If your point is someone will just hack into my computer and use my email to send this, then I get your point not much help. But I suspect more people are spoofing from other mail domains than actually hacking and remote controlling a machine inside mail domain.

I do agree with your conclusion the bad guys will adjust, they always seem to. But at least we would raise the bar a little, assuming cost of this new DMARC is neglible.
Whoopty
Whoopty,
User Rank: Ninja
2/27/2015 | 12:26:56 PM
Interesting but...
Sounds interesting and will be something I bring up with my bosses next time we have a chat about email security. However I wonder if it's not quite the holy grail it's being made out to be? I'm sure that a few changes of techniques could easily circumvent some aspects of this. 
dingevaldson
dingevaldson,
User Rank: Apprentice
2/27/2015 | 12:21:37 PM
Re: DMARC is not going to stop phishing
@MrSmith01--you bring up two points that I will address separately:

1. That DMARC is not going to stop phishing.

This is absolutely true and something that I say frequently. As an anti-fraud company, it is dangerous to say that any control will stop any threat because any measure is met with a countermeasure by attackers. The point I was making in the article is that it in the email sender's best interest for numerous reasons to deploy DMARC policies on their domains to permantely remove the possibility of specific types of spoofed email from being delivered the majority of global mailboxes. This will not stop phishing, but it will do more than any other technique to stop the most effective types of phishing attacks.

2. That many or most phishers don't bother to spoof the sender's domain.

This is more or less true, but I have a different view on this.  Most of the phishing attacks that my company detects and takes down are from hacked wordpress servers.  Most of these phishing attacks are poorly constructed and easy to identify.  More of the attacks are automatically generated and run by phishkits.  This is a high-volume game where attackers make a small but reliable return on their investment. However, the most effective phishing attacks (in terms of successful account takeover) are more effective, more targeted, better constructed. These attacks do often rely on domain spoofing or use of similar domains because victims still rely on the domainname displayed in their email client as a psuedo-authentication factor, even though it was never designed as such.

One point that will try to make and one that I have made in other articles about DMARC, is that online fraud mitigation and programtic risk reduction some something as complex as a massive, distributed end-user population is a long-game, it's a game of inches. Positioning DMARC as a tool to leverage against adversaries is not overselling, it is simple pragmatism. Closing the front door to attackers thereby forcing them to try to get in through the window is a "win" in this context. Anytime we can force our attackers to consume complexity that we force upon them, then we are moving in the right direction.  For all of these reasons, DMARC is one of the best tools available to move things forward, and I didn't even get a chance to discuss the huge benefit from DMARC reporting!  
MrSmith01
MrSmith01,
User Rank: Apprentice
2/26/2015 | 8:06:19 PM
DMARC is not going to stop phishing
"...thus ensuring that only legitimate emails are delivered to inboxes."

DMARC does not ensure that only legitimate emails are delivered, and it does little to reduce phishing attacks generally. It forces perpetrators to change their tactics, which has value for sure, but let's not over sell it. Many, perhaps most, of the spam and phishing attacks I see personally and professionally don't even bother spoofing the sender addresses.  Just take a look at your own Junk folder.


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Everything You Need to Know About DNS Attacks
It's important to understand DNS, potential attacks against it, and the tools and techniques required to defend DNS infrastructure. This report answers all the questions you were afraid to ask. Domain Name Service (DNS) is a critical part of any organization's digital infrastructure, but it's also one of the least understood. DNS is designed to be invisible to business professionals, IT stakeholders, and many security professionals, but DNS's threat surface is large and widely targeted. Attackers are causing a great deal of damage with an array of attacks such as denial of service, DNS cache poisoning, DNS hijackin, DNS tunneling, and DNS dangling. They are using DNS infrastructure to take control of inbound and outbound communications and preventing users from accessing the applications they are looking for. To stop attacks on DNS, security teams need to shore up the organization's security hygiene around DNS infrastructure, implement controls such as DNSSEC, and monitor DNS traffic
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-33196
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences. Cross site scripting (XSS) can be triggered by review volumes. This issue has been fixed in version 4.4.7.
CVE-2023-33185
PUBLISHED: 2023-05-26
Django-SES is a drop-in mail backend for Django. The django_ses library implements a mail backend for Django using AWS Simple Email Service. The library exports the `SESEventWebhookView class` intended to receive signed requests from AWS to handle email bounces, subscriptions, etc. These requests ar...
CVE-2023-33187
PUBLISHED: 2023-05-26
Highlight is an open source, full-stack monitoring platform. Highlight may record passwords on customer deployments when a password html input is switched to `type="text"` via a javascript "Show Password" button. This differs from the expected behavior which always obfuscates `ty...
CVE-2023-33194
PUBLISHED: 2023-05-26
Craft is a CMS for creating custom digital experiences on the web.The platform does not filter input and encode output in Quick Post validation error message, which can deliver an XSS payload. Old CVE fixed the XSS in label HTML but didn’t fix it when clicking save. This issue was...
CVE-2023-2879
PUBLISHED: 2023-05-26
GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file