What is DMARC?
What is DMARC?
STOP HACKERS FROM SENDING EMAILS USING YOUR DOMAIN!
Everything you need to know about DMARC!
DMARC is short for Domain Based Message Authentication, Reporting and Conformance.
DMARC is an email authentication protocol that leverages SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) to determine whether an email is authentic or not. DMARC puts the power in the hands of the domain owners to govern how non-genuine emails are treated – Are they to be reported only? or quarantined or rejected altogether.
For DMARC to work, it is essential to have a DMARC record published in the DNS records of the domain. DMARC protects against the 2 biggest threats in email security, i.e Spoofing and Phishing.
As the owner of a brand or a domain one can finally get control over which senders are legitimate, or allowed to send email on their behalf. This includes bulk sources or third parties who are permitted to send email using a domain.
Why is this important?
SMTP protocol has had a flaw since its inception i.e in the 1980s, where no specific mechanism was created to authenticate emails.
DMARC protects a domain from being used in a variety of attacks like BEC (Business Email Compromise) attacks, phishing emails, email scams and other cyber threat activities.
DMARC puts trust back into email.
Until a domain is protected by Email Authentication protocols like DMARC (and SPF and DKIM), anyone can send email from that domain.
To ensure that no one can send email from ‘you’, except ‘you’ – it is imperative to deploy Email Authentication protocols.
Gartner listed DMARC among the top 10 security projects.
DMARC combines the widely used SPF and DKIM protocols to ensure that an email’s “From: ” field is authentic and if not, via DMARC it can be reported, quarantined or rejected.
Why DMARC?
Email continues to be the most used digital asset for any organisation. It is the most important channel of communication for B2B as well as B2C communication.
Despite multiple attempts to secure email as a channel, email based attacks account for over 90% of all cyber breaches.
Email Authentication protocols (i.e DMARC, SPF, DKIM and BIMI) can bring confidence to recipients – they can be certain that the sender is indeed who they claim to be. Without authentication, it is impossible to determine if the sender was genuine or a hacker attempting to fool the recipient.
DMARC provides complete insight into Email as a channel and answers some of these important questions:
Who sent emails on your behalf?
How many were genuine?
How many were spoofing attempts?
Who sent them (Which IP)?
Is your Email properly configured?
Are SPF and DKIM aligned properly?
Who are we sending emails to?
Where are the attackers located?
Who are our Shadow IT providers?
…among many other important questions.
DMARC is considered to be basic cyber hygiene.
If you don’t have DMARC – you are telling hackers that your security posture is poor, and this attracts hackers to your digital assets. If you have not done DMARC, then your DNS itself is revealing weaknesses in your security posture. DMARC is an important parameter in your Cyber Security Rating.
EmailAuth provides you a single platform to manage DMARC and fulfils all your Email Authentication requirements. With our managed services, you don’t need a PhD in DMARC, our easy to use platform, as well as our team works like an extension of your email administration and your security teams ensuring that you don’t need internal talent in this area.
READ MORE
History of DMARC
Founded in 2012, DMARC standard was published to prevent email abuse that was not being taken care by SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) standards that had been in practice since 15 years. It was created by industry leaders like PayPal, Google, Microsoft and Yahoo.
DMARC works on the basis of SPF and DKIM and is originally developed as an email security protocol at the DNS level. Current DMARC adoption rate globally is low but its importance has led almost all governing authorities to make its implementation compulsory for member organisations. DMARC serves as a tool to prevent spoofing and increase email deliverability to gain the maximum ROI from an organisation’s most critical asset: Email.
How Does DMARC Help?
GLOBAL STATISTICS JUSTIFYING THE NEED FOR EMAIL AUTHENTICATION
Phishing attacks have risen by 350% during the COVID-19 Pandemic!
$600 million every year is scammed by Phishing attacks!
Globally 1 in 3 companies have been victims of CEO Fraud Email Scams!
DMARC has been adopted by the biggest email senders and email receivers globally. This includes Yahoo!, Google, and Microsoft, covering 85% of the consumer inboxes in the world.
The most important reason why DMARC should be used is that it gives an organisation full control on how their domain is being used. The organisation can also instruct the receivers on what actions should be taken if the incoming email is not legitimate and report the incident back to the organisation for further analysis.
It saves consumers from the trouble of identifying whether an email is legitimate or a spam. Sometimes it may happen that regardless of all the knowledge of email spoofing a receiver might fall into the trap. DMARC makes sure that this does not happen.
- Protection against phishing on your customers using your domains.
- Protection against Brand Abuse and targeted scams.
- Protection against ever rising Malware and Ransomware Attacks.
- Protection against Spear Phishing and CEO Frauds.
DMARC Architecture
Image Credit: Global Cyber Alliance
There have been other protocols and frameworks that focus on security of an email while in transit (S/MIME Encryption, SSL/TLS Handshakes & Digital Certificates etc.), but these, along with originally used SPF and DKIM protocols on the DNS, were not enough to stop someone from phishing with your domain!
What kind of reports are sent back if you implement DMARC?
- Sent on a daily basis.
- Includes all IP addresses that were used to send emails using your domain.
- Includes SPF and DKIM status with details.
- Provides an overview of all email traffic.
- Real Time Reports.
- Only sent for DMARC failed emails.
- May contain Subject and Actual content of email.
- Includes original message headers.
AVOID THESE MISTAKES
Common misconceptions about DMARC!
DMARC’s “p=reject” policy enforces the recipient server to reject the email delivery to inbox of the recipients if it is failing DMARC. Implementing this without proper intelligence and whitelisting can result in your emails not getting delivered and eventually not obtaining any result out of your campaigns. Get in touch with our team immediately if you’re currently facing any difficulty in your email deliverability!
DMARC only governs the outbound channel of your email, i.e. it only concerns with legitimate senders of the email that can use your domain. Having a DMARC on your domain does not tackle incoming phishing attacks, it only stops hackers using your domain to send emails anywhere.
Yes, ability of your domain to be spoofed is not tackled by your domain just having a DMARC record. It depends on the policy of enforcement your DMARC is on. Organisations often put a DMARC record just to comply with certain authorities or governments, however, this does not make your domain safe from hackers.