In this interview with Help Net Security, Alexander Garcia-Tobar, CEO Bali MailExplain the importance of implementation DMARC, Because email is still heavily used by cybercriminals to infiltrate and attack organizations.
Email is one of the most common attack tools used by cyber criminals. Why do you think so?
Email Is the leading communication platform used by billions of people every day. However, because it does not have a built-in authentication mechanism, anyone can claim to be a trusted individual or company, which does not mitigate fraud or misuse. Compared to other transaction markets such as credit cards and HTTPS (e-commerce), all transactions require authentication.
Another example includes a ransomware attack. They are not new and the money at stake has grown dramatically. Cybercriminals have access to the same technology developed to thwart them — and they are expanding their reach to a wider range of targets. As more companies connect their systems and continue to add access points, they are more likely to be the target of hackers.
That said, email remains a major source of cybercrime and is involved in more than 90% of all cyberattacks, and pandemics provide a new perspective on these attacks. Since the launch of COVID-19, Email Security Providers (ESPs) have Pandemic-themed phishing attack Use insecure computer hardware and networks to leverage people who are accustomed to working from home in a distracted environment. Meanwhile, the average phishing campaign lasts only 12 minutes, according to Google, which reports that phishers can easily deploy attacks and block 100 million phishing emails per day.
By implementing valid email verification, businesses protect themselves and their customers from privacy breaches. Without it, emails will be sent without permission, fines will be imposed, sensitive information will be obtained, and reputation will be damaged. This wave is just the starting point. Companies need to step up because the risk of going unforced only gets worse.
Why is it important to achieve DMARC enforcement?
According to many studies, 90% of cyber attacks start with phishing campaigns. Ignoring this incredible danger by failing to implement some form of email authentication makes businesses vulnerable to financial and reputational damage. Email authentication is essential, especially since 89% of cybercriminal email attacks pretend to be someone else. Implementing DMARC eliminates the most common attack vector, phishing emails, and adds another layer of protection.
DMARC enforcement allows domain owners to identify and reject unauthenticated, unauthorized, and fraudulent email. This enforcement prevents malicious email from reaching its intended target and protects the organization from direct domain spoofing, email phishing, and spoofing attacks.
Due to the very high rate of data breaches and cyberattacks caused by email, including corporate DMARC enforcement has become a best practice for business practices and even a compliance issue. GRC process. By implementing strong security measures against fraudulent email, organizations can benefit from simplified delivery and increased brand credibility and reputation. Visibility and transparency also benefit domain owners if they can easily see how the domain is being used.
Can you explain the technology behind DMARC and how it protects against phishing and spoofing?
DMARC is a Domain Name System (DNS) -based authentication standard that exposes users who are allowed to send email. It also provides email gateways around the world to send reports to domain owners and review authentication / authorization policies. DMARC gives domain owners complete control over the use of email domains, both internally and externally. In other words, it prevents criminals from internally sending fake emails to your employees claiming to be your executives / employees. It also prevents brand / domain abuse outside the enterprise. For example, a criminal sends an email to a customer.
DMARC combines two existing standards, the Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM), to provide a feedback mechanism that did not exist before. Both SPF and DKIM indicate the source of the email and are compared to the published DMARC policy to understand whether the gateway allows or denies the passage of the email.
DMARC requires at least one mail domain because it is based on DKIM and SPF results. The DMARC record refers to a DNS text entry that identifies your organization’s email domain policy when domain owners determine whether DKIM or SPF succeeded or failed. When an email is sent, the DMARC record tells the server to send an extensible markup language report to the report email address on the record.
Sending DMARC-authenticated, verified emails provides brands and individuals with another layer of security and protection against potential phishing attacks. DMARC provides operators with a quick and easy way to identify legitimate and genuine email by replacing the “malicious” email security model with the “appropriate filter” email model.
DMARC in-house or as a service: Why is one better than the other?
One of the biggest myths out there is that DMARC is easy. But in reality, it’s difficult. Only about 15% of all companies, including those working with vendors, have achieved enforcement. However, with the right approach, clients can achieve enforcement with a success rate of over 95% without blocking the right email.
It is dangerous if DMARC is not done correctly. DMARC depends on how well you have built your policy. Setting the correct policy depends on your ability to interpret XML reports and connect them correctly and accurately to third-party services.
In addition to setting policies, you need a deeper understanding of older DKIM and SPF standards. For example, SPF has a 10 lookup limit, which is easily reached and breaks authentication.
The external vendor on the right simplifies setup, configuration, and maintenance of ongoing DMARC certification. Regardless of the option you choose, the most important part is to gain a better understanding of how the standard works and understand why you need DKIM or SPF. You should promise to keep up with the necessary maintenance, such as keeping your server address up-to-date and updating your DKIM encryption key on a regular basis.
How does your organization implement DMARC?
Before implementing DMARC, you need to do some preliminary work:
- Collects all approved email domains for your organization, including external domains (email domains that send email on behalf of your organization).
- Warn the service provider (or contact person) responsible for your DNS infrastructure to send text records to your DNS records.
- In particular, create an email address to receive DMARC reports. You can determine the frequency of emails — most people prefer aggregated emails once a day.
After completing the preparatory steps, create the first DMARC record (the record connected to the parent domain) to prepare it for deployment. When you set it up, you specify the email address to which you want to send the daily report.
Implementation of DMARC to eliminate phishing emails
https://www.helpnetsecurity.com/2021/10/28/implementing-dmarc/ Implementation of DMARC to eliminate phishing emails