In our blog last month, we explained the origins of DMARC (Domain-based Message Authentication, Reporting and Conformance) and highlighted the reasons as to why Charterhouse recommend every organisation to enforce a ‘p=reject’ policy, a recommendation shared by the NCSC (National Cyber Security Centre).
This blog details why DMARC has become an integral layer of defence and a powerful tool to protect brand reputation, and how a DMARC solution empowers organisations to move to DMARC compliance and a DMARC reject policy faster, and with more confidence.
What is the reason for DMARC compliance increasing so rapidly?
Phishing emails are continuing to become more advanced as malicious actors discover new ways in which to bypass organisations’ defences. No longer are we dealing with phishing emails predominantly containing malicious payloads, such as links or attachments, but instead are seeing a huge increase in email spoofing and impersonation attacks, as attackers aim to exploit human weaknesses.
Market-leading Secure Email Gateways (SEG) are pretty good at analysing and combining indicators of compromise to block spoof emails coming through the gateway, but your perimeter is where that protection ends.
We need to shift the view to a different perspective – threats outside your SEG’s perimeter.
In almost every Cyber Security Review we complete, ‘Reputational Damage’ is identified as the biggest concern to an organisation in the event of a breach. If someone is spoofing your domain and successfully breaches your customers and/or partners as a result, it is quite clear who they are likely to blame.
Sending a fraudulent email from a legitimate domain has become one of the main techniques used by cyber criminals, to trick users into divulging sensitive information or wiring money to fraudulent accounts. This kind of brand abuse tarnishes reputation and often leads to direct losses for your organisation, customers and partners.
DMARC protocols can help to prevent this specific type of attack by allowing the outgoing mail server to notify recipients mail server that their messages are protected by SPF (Sender Policy Framework) and/or DKIM (DomainKeys Identified Mail) authentication and providing instructions for what to do if an email passes neither one of those authentication methods.
Essentially, DMARC takes the guesswork out of the way that receivers handle failed messages, minimising the recipient’s exposure to potentially fraudulent email, and helping to protect the sender’s domain from being used fraudulently.
Working toward a ‘p=reject’ DMARC enforcement policy is therefore an integral layer in your security stack, however, it can be difficult and incredibly time-consuming to enforce without the correct tools, specifically, a DMARC solution.
DMARC solutions can provide help through features such as:
- SaaS (Software as a Service) capabilities to manage complex DMARC deployments
- 360° visibility and governance across all email channels
- Self-service email intelligence tools to implement DMARC policies on the gateway
- Alerts, reports and charts to help achieve enforcement and monitor ongoing performance
- SPF Compression available to resolve lookup limit issues
With continually improving technologies available, DMARC solutions no longer require ongoing professional services to be successful, and instead are designed for simple and effective self-service to reduce the time, effort and cost of stopping domain-spoofing attacks.
If you are interested in finding out more about DMARC and how it can strengthen your organisation’s security posture, speak to the team.