Email Fraudsters have been spoofing emails and targeting their victims. Read on to know how to mitigate email spoofing by using DMARC…
Even though the email provider knows that the incoming email is a spoof email, they still allow it. This email is delivered either in the inbox or in the bulk/junk folder. In the current COVID-19 situation, the number of spoof emails sent has increased substantially. Many people are falling victim and are losing their previous earnings. Losses due to compromise of the email system or user are high — according to a report from the FBI, the amount lost to CEO Email Scams is approximately $2.3 billion. The email is the most common vector in over 90% cyber-attacks across the world.
Email spoofing is a method where the sender makes it appear that the message originated from someone or somewhere reliable and not from the actual source. It is a popular method used in phishing and spam campaigns because unsuspecting people will open the emails thinking that it has come from a known or reliable source.
Email providers can stop spoof emails impersonating them from reaching their customer’s inbox or junk/bulk folder by enabling DMARC.
Preventing Email Spoofing
Modern email authentication uses a combination of three methods: SPF, DKIM, and DMARC. These methods help ensure that a message came from a sender shown in the From header. By deploying DMARC, email senders can prevent spoofed spam and phishing emails from reaching their email subscribers and customers, protect their brand and the subscribers’ personal data.
To fight email spoofing, a group of leading organisations came together to collaborate on a method to combat email spoofing at internet-scale. The founding contributors included the following
Receivers: AOL, Comcast, Gmail, Hotmail, Netease, Yahoo! Mail.
Senders: American Greetings, Bank of America, Facebook, Fidelity, JPMorgan Chase & Co., LinkedIn, PayPal
Intermediaries & Vendors: Agari, Cloudmark, ReturnPath, Trusted Domain Project
The primary mission was two-fold:
1. Enable senders to publish easily discoverable policies on unauthenticated email
2. Enable receivers to provide authentication reporting to senders so that they can improve and monitor their authentication infrastructure
The common goal for the group was to develop an operational specification, with the desire that it would be able to achieve formal standards status. The result was the creation of an email authentication protocol — domain-based message authentication, reporting, and conformance, commonly referred to as DMARC.
Email Authentication Protocols
The authentication protocols enable the elimination of email spoofing and the integrity of the email, and its sender is established. To achieve this, DMARC and the following components should be configured.
DMARC builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor the protection of the domain from fraudulent email.
Domain Keys Identified Mail (DKIM) is an email authentication technique that allows the receiver to check that an email was indeed sent and authorised by the owner of that domain. This is done by giving the email a digital signature.
Sender Policy Framework (SPF) is an email-authentication technique which is used to prevent spammers from sending messages on behalf of your domain. With SPF, an organisation can publish authorised mail servers.