DMARC, the Solution for your Phishing Problems
by Benjamin B. EmailAuthPhishing
attacks are a significant threat to any company. It may significantly harm the
brand and reputation, as well as cause clients to lose faith and leave. The
attackers can spam or phish using your brand logo and emails that look exactly
like yours. Even you won't be able to tell the difference between a fake email
and one received from your servers. SPF has been already discussed in terms of
how it validates the outgoing mail server. Another DKIM technology is used for
email signatures. Both are used by Domain-based Message Authentication (DMARC)
to support popular actions. Double protection to reduce the risk of phishing
and a monitoring system to help with the management.
Why SPF and DKIM are not enough?
The the objective of SPF - Sender Policy Framework is to validate the senders' servers.
The receivers look up the IP address in the SPF
record. It should be the same as the IP address of the sender's domain.
An issue with the SPF record is that it only applies to the domains' return paths,
not to the domain that appears in the "From" field on the user
interface. DMARC corrects this issue by aligning, or matching, the visible
“From” and the SPF-authenticated server.
DomainKeys
Identified Mail (DKIM) is an acronym for DomainKeys Identified Mail. DKIM can
be used by the owner to sign the emails that it sends. In the header of the
emails, there will be extra data (encrypted) that can be confirmed using DNS.
This technology isn't perfect either. Many businesses fail to rotate the key,
which may be a major issue. Another issue that DMARC addresses is this. It
comes with rotating keys.
DMARC
DMARC is a protocol for authentication, policy, and reporting. It uses both SPF and DKIM, as well as connection to the “From” domain name, procedures for processing incoming email in the event of failure, and, most importantly, a sender report. The sender will be able to see whether there is an issue and take action as a result.
The primary goal of DMARC is to prevent direct domain spoofing. If an attacker
attempts to send email from an address that is not authorized, DMARC will
identify and prohibit it.
How does DMARC works?
We've
already mentioned that DMARC uses policies. They are set by the administrator,
who defines the email authentication processes and what the receiving email
server should do if an email violates a policy.
When
the receiving email server gets a new email, it makes a DNS lookup to check the
DMARC. It will look for:
·
If the DKIM
signature is valid.
·
The IP address of
the sender, if is one of the allowed by him (SPF record).
·
If the header
shows proper “domain alignment”.
With
all of the above in consideration, the server DMARC policy to accept, reject or
flag the email.
In
the end, the server will send a message to the sender with a report.
Benefits for the sender of the email
· Shows that the
email uses authentication – SPF and DKIM.
·
Receives a
feedback about the sent email.
·
Policy for failed
email.
Benefits for the receiver of the email
·
Provide
authentication for the incoming emails
·
Evaluating the
SPF and DKIM
·
See what the
sender prefer – policy
·
Returns feedback
to the sender
Conclusion about DMARC
DMARC
can significantly reduce the number of spam and fraud emails. It isn't
completely bulletproof, but it provides far more protection than the other two
options - SPF and DKIM. It's also nice to have reporting.
Sponsor Ads
Created on Aug 18th 2021 06:14. Viewed 214 times.