We are all used to receiving phishing emails. Implementing a simple technology called DMARC would go a long way to solving the problem.
At the UK launch of Verizon’s 2018 Data Breach Investigations Report (DBIR), we learned that phishing attacks delivered by email continue to be a major problem for organisations. According to the report: “Phishing and pretexting represent 98% of social incidents and 93% of breaches. Email continues to be the most common vector (96%)”.
Phishing emails are obviously still getting through in large numbers. And sadly around 4% of email recipients will still click on a link in a fraudulent email.
So what is to be done? One answer is Domain-based Authentication, Reporting and Conformance (DMARC). And at the launch event of Verizon’s DBIR, in London's Mansion House, Philip Reitinger, CEO of the Global Cyber Alliance, made a plea for the increased use of this relatively simple way of protecting email from the scammers.
Also of interest: About the Verizon Data Breach Investigations Report
Cyber security for email
Simply put, DMARC is a method of filtering out suspicious emails. One of the problems with email is that it is very easy to “spoof” email addresses. That email you get that appears to be from Fred@MegaCorp.com may in fact be from a fraudster who has simply used a MegaCorp.com email address as the "from" address on the email you have received. So you don’t know who the email is really from even if you check the sender address.
However, if you have DMARC set up correctly, your email system will match the “sender” email with the actual address it is coming from. If something looks dodgy, then the email can be rejected or quarantined, depending on your settings.
DMARC builds on two other commonly used email protection systems: Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). DMARC enables your email system to indicate that your emails are protected by SPF and/or DKIM, and tells the email system of the recipient what to do if the email does not pass either SPF or DKIM authentication (e.g. reject it).
This means that your reputation is protected from incidents such as a customer receiving an email that appears to be from you, which contains some malware in an attachment.
Also of interest: Footballers fall victim to email scam
A simple description of how DMARC works is shown in the image below.
(Image adapted from the Global Cyber Alliance's very helpful overview of DMARC.)
I already use SPF: why bother with DMARC?
Many organisations use SPF to protect their emails. But rather fewer use DMARC. The Global Cyber Alliance explains the problem this way: “The main reason is that SPF and DKIM on their own contain various weaknesses. However, when both are combined with DMARC, both protocols are enhanced and more secure.”
And one important way that security is enhanced is through DMARC’s generation of reports, which SPF doesn’t do. Those reports are key to plugging holes in security.
Also of interest: Global Cyber Alliance launched
Is your email cybersafe?
Using DMARC won’t protect you from all cyber security risks. It won’t even protect you from all email-borne risks. But it will make a big difference to your overall security profile.
Is your organisation using this protection? It’s easy to find out. Go to https://dmarcguide.globalcyberalliance.org/#/ and type in an email address used by your organisation. If it turns out that your organisation isn’t using DMARC then a conversation with people in your IT department will be in order.
Remember though: you need to protect all your email addresses from the fraudsters: it isn’t sufficient simply to protect the top level domain (firstname.lastname@example.org), or the one you use most frequently. Any email address that uses subdomains (email@example.com) or additional domains, whether or not they are actively used for email (firstname.lastname@example.org) needs protection.
Image under licence from iStockPhoto.com, copyright Rawpixel