Email - from its humble beginnings in 1971, to a tool relied on by the world as we know it - is a simple mechanism with complex applications.
There are many things we do today that rely on SMTP (Simple Mail Transfer Protocol), whether it be your day to day tasks at work, or arranging many aspects of your personal life. Your email address is unique to you, and you've likely used it for many years - but over time the technology behind it has evolved. Originally there was no mechanism built into SMTP to protect the recipient, and guarantee that the sender is who they say they are. thus, SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) were introduced.
Both of these techniques provide a method for the recipient's email environment to validate the sender. SPF does it by looking at the list of authorised IP addresses within a company’s DNS (Domain Name System), and compares this to the email. The DKIM method affixes a digital signature to the email when it is sent, which can be validated via the public key stored in the senders DNS.
Both of these methods have their limitations, and are best used together. This is where DMARC (Domain-based Message Authentication, Reporting and Conformance) comes in, allowing the owner of a domain to publish a policy in their DNS records to specify which mechanism (DKIM, SPF or both) is used when sending emails, and how to check the from field presented to end users and how errors are handled.
In layman’s terms, DMARC gives full visibility of all sources that send emails on behalf of a domain, and by authenticating legitimate sources, organisations can stop unauthorised use of their domains using an enforcement policy. The National Cyber Security Centre (NCSC) strongly advises working towards a strong DMARC policy.
A “strong DMARC policy” is achieved through using a reject policy, something we recommend every organisation should implement as quickly as possible.
Why enforce a reject policy?
Organisational domains are being used without authorisation to send malicious emails. When the DMARC policy is enforced to “p=reject”, organisations can protect against:
- Phishing of their customers, suppliers and other third-parties
- Brand abuse and scams
- Malware and ransomware attacks
- Spear-phishing and impersonation attacks (including CEO fraud)
How can we help?
We work with organisations to provide full visibility and governance across all email channels, and help them to achieve fast and simple enforcement of DMARC policies. If you would like to find out how, get in touch with one of our experts.